Update router config

2022-07-30 01:17:45 -07:00 · 2022-07-30 01:17:45 -07:00 · ca06f3d7e7
commit ca06f3d7e7
parent f7a4d57cd0
2 changed files with 220 additions and 0 deletions
--- a/router/config/config.boot
+++ b/router/config/config.boot
@ -262,6 +262,14 @@ service {
                start 192.168.1.100 {
                    stop 192.168.1.254
                }
+                static-mapping U6-Lite {
+                    ip-address 192.168.1.3
+                    mac-address 78:45:58:67:87:14
+                }
+                static-mapping UAP-AC-LR {
+                    ip-address 192.168.1.2
+                    mac-address 18:e8:29:50:f7:5b
+                }
                static-mapping joey-nas {
                    ip-address 192.168.1.10
                    mac-address 40:8d:5c:52:41:89
@ -274,6 +282,10 @@ service {
                    ip-address 192.168.1.23
                    mac-address 24:4b:fe:8b:f3:b0
                }
+                static-mapping joeyPrinter {
+                    ip-address 192.168.1.60
+                    mac-address 9c:32:ce:7c:f8:25
+                }
                static-mapping pihole {
                    ip-address 192.168.1.22
                    mac-address b8:27:eb:3c:8e:bb
--- a/router/config/config.boot-commands
+++ b/router/config/config.boot-commands
@ -0,0 +1,208 @@
+set firewall all-ping enable
+set firewall broadcast-ping disable
+set firewall ipv6-receive-redirects disable
+set firewall ipv6-src-route disable
+set firewall ip-src-route disable
+set firewall log-martians enable
+set firewall name WAN_IN default-action drop
+set firewall name WAN_IN description 'WAN to internal'
+set firewall name WAN_IN rule 10 action accept
+set firewall name WAN_IN rule 10 description 'Allow established/related'
+set firewall name WAN_IN rule 10 state established enable
+set firewall name WAN_IN rule 10 state related enable
+set firewall name WAN_IN rule 20 action drop
+set firewall name WAN_IN rule 20 description 'Drop invalid state'
+set firewall name WAN_IN rule 20 state invalid enable
+set firewall name WAN_LOCAL default-action drop
+set firewall name WAN_LOCAL description 'WAN to router'
+set firewall name WAN_LOCAL rule 10 action accept
+set firewall name WAN_LOCAL rule 10 description 'Allow established/related'
+set firewall name WAN_LOCAL rule 10 state established enable
+set firewall name WAN_LOCAL rule 10 state related enable
+set firewall name WAN_LOCAL rule 30 action drop
+set firewall name WAN_LOCAL rule 30 description 'Drop invalid state'
+set firewall name WAN_LOCAL rule 30 state invalid enable
+set firewall options mss-clamp mss 1412
+set firewall receive-redirects disable
+set firewall send-redirects enable
+set firewall source-validation disable
+set firewall syn-cookies enable
+set interfaces ethernet eth0 description 'Internet (PPPoE)'
+set interfaces ethernet eth0 duplex auto
+set interfaces ethernet eth0 pppoe 0 default-route auto
+set interfaces ethernet eth0 pppoe 0 firewall in name WAN_IN
+set interfaces ethernet eth0 pppoe 0 firewall local name WAN_LOCAL
+set interfaces ethernet eth0 pppoe 0 mtu 1492
+set interfaces ethernet eth0 pppoe 0 name-server auto
+set interfaces ethernet eth0 pppoe 0 password 24ydrUYs
+set interfaces ethernet eth0 pppoe 0 user-id hafnerjoseph
+set interfaces ethernet eth0 speed auto
+set interfaces ethernet eth1 address 192.168.2.1/24
+set interfaces ethernet eth1 description Local
+set interfaces ethernet eth1 duplex auto
+set interfaces ethernet eth1 speed auto
+set interfaces ethernet eth2 description 'Local 2'
+set interfaces ethernet eth2 duplex auto
+set interfaces ethernet eth2 speed auto
+set interfaces ethernet eth3 description 'Local 2'
+set interfaces ethernet eth3 duplex auto
+set interfaces ethernet eth3 speed auto
+set interfaces ethernet eth4 description 'Local 2'
+set interfaces ethernet eth4 duplex auto
+set interfaces ethernet eth4 speed auto
+set interfaces ethernet eth5 description 'Local 2'
+set interfaces ethernet eth5 duplex auto
+set interfaces ethernet eth5 speed auto
+set interfaces ethernet eth6 description 'Local 2'
+set interfaces ethernet eth6 duplex auto
+set interfaces ethernet eth6 speed auto
+set interfaces ethernet eth7 description 'Local 2'
+set interfaces ethernet eth7 duplex auto
+set interfaces ethernet eth7 speed auto
+set interfaces ethernet eth8 description 'Local 2'
+set interfaces ethernet eth8 duplex auto
+set interfaces ethernet eth8 speed auto
+set interfaces ethernet eth9 description 'Local 2'
+set interfaces ethernet eth9 duplex auto
+set interfaces ethernet eth9 poe output 24v
+set interfaces ethernet eth9 speed auto
+set interfaces loopback lo
+set interfaces switch switch0 address 192.168.1.1/24
+set interfaces switch switch0 description 'Local 2'
+set interfaces switch switch0 mtu 1500
+set interfaces switch switch0 switch-port interface eth2
+set interfaces switch switch0 switch-port interface eth3
+set interfaces switch switch0 switch-port interface eth4
+set interfaces switch switch0 switch-port interface eth5
+set interfaces switch switch0 switch-port interface eth6
+set interfaces switch switch0 switch-port interface eth7
+set interfaces switch switch0 switch-port interface eth8
+set interfaces switch switch0 switch-port interface eth9
+set interfaces switch switch0 switch-port vlan-aware disable
+set port-forward auto-firewall enable
+set port-forward hairpin-nat enable
+set port-forward lan-interface switch0
+set port-forward rule 1 description Plex
+set port-forward rule 1 forward-to address 192.168.1.23
+set port-forward rule 1 original-port 32400
+set port-forward rule 1 protocol tcp_udp
+set port-forward rule 2 description BitTorrent
+set port-forward rule 2 forward-to address 192.168.1.21
+set port-forward rule 2 original-port 51000-51999
+set port-forward rule 2 protocol tcp_udp
+set port-forward rule 3 description WireGuard
+set port-forward rule 3 forward-to address 192.168.1.23
+set port-forward rule 3 original-port 53820-53829
+set port-forward rule 3 protocol tcp_udp
+set port-forward rule 4 description Minecraft
+set port-forward rule 4 forward-to address 192.168.1.23
+set port-forward rule 4 forward-to port 25565
+set port-forward rule 4 original-port 25565
+set port-forward rule 4 protocol tcp_udp
+set port-forward rule 5 description Iperf
+set port-forward rule 5 forward-to address 192.168.1.23
+set port-forward rule 5 original-port 50201
+set port-forward rule 5 protocol tcp_udp
+set port-forward rule 6 description https,http
+set port-forward rule 6 forward-to address 192.168.1.23
+set port-forward rule 6 original-port 443,80
+set port-forward rule 6 protocol tcp_udp
+set port-forward rule 7 description 'Peertube Live'
+set port-forward rule 7 forward-to address 192.168.1.23
+set port-forward rule 7 forward-to port 22
+set port-forward rule 7 original-port 1935
+set port-forward rule 7 protocol tcp_udp
+set port-forward rule 8 description 'Git SSH'
+set port-forward rule 8 forward-to address 192.168.1.23
+set port-forward rule 8 original-port 2228-2229
+set port-forward rule 8 protocol tcp_udp
+set port-forward rule 9 description SFTP
+set port-forward rule 9 forward-to address 192.168.1.23
+set port-forward rule 9 original-port 23450
+set port-forward rule 9 protocol tcp_udp
+set port-forward rule 10 description Terraria
+set port-forward rule 10 forward-to address 192.168.1.100
+set port-forward rule 10 forward-to port 7777
+set port-forward rule 10 original-port 50777
+set port-forward rule 10 protocol tcp_udp
+set port-forward rule 11 description BitTorrent
+set port-forward rule 11 forward-to address 192.168.1.23
+set port-forward rule 11 original-port 50000
+set port-forward rule 11 protocol tcp_udp
+set port-forward wan-interface pppoe0
+set service dhcp-server disabled false
+set service dhcp-server hostfile-update disable
+set service dhcp-server shared-network-name LAN1 authoritative enable
+set service dhcp-server shared-network-name LAN1 subnet 192.168.1.0/24 default-router 192.168.1.1
+set service dhcp-server shared-network-name LAN1 subnet 192.168.1.0/24 dns-server 1.1.1.1
+set service dhcp-server shared-network-name LAN1 subnet 192.168.1.0/24 dns-server 1.0.0.1
+set service dhcp-server shared-network-name LAN1 subnet 192.168.1.0/24 domain-name local
+set service dhcp-server shared-network-name LAN1 subnet 192.168.1.0/24 lease 86400
+set service dhcp-server shared-network-name LAN1 subnet 192.168.1.0/24 start 192.168.1.100 stop 192.168.1.254
+set service dhcp-server shared-network-name LAN1 subnet 192.168.1.0/24 static-mapping U6-Lite ip-address 192.168.1.3
+set service dhcp-server shared-network-name LAN1 subnet 192.168.1.0/24 static-mapping U6-Lite mac-address '78:45:58:67:87:14'
+set service dhcp-server shared-network-name LAN1 subnet 192.168.1.0/24 static-mapping UAP-AC-LR ip-address 192.168.1.2
+set service dhcp-server shared-network-name LAN1 subnet 192.168.1.0/24 static-mapping UAP-AC-LR mac-address '18:e8:29:50:f7:5b'
+set service dhcp-server shared-network-name LAN1 subnet 192.168.1.0/24 static-mapping joey-nas ip-address 192.168.1.10
+set service dhcp-server shared-network-name LAN1 subnet 192.168.1.0/24 static-mapping joey-nas mac-address '40:8d:5c:52:41:89'
+set service dhcp-server shared-network-name LAN1 subnet 192.168.1.0/24 static-mapping joey-seedbox ip-address 192.168.1.21
+set service dhcp-server shared-network-name LAN1 subnet 192.168.1.0/24 static-mapping joey-seedbox mac-address '24:4b:fe:57:bc:85'
+set service dhcp-server shared-network-name LAN1 subnet 192.168.1.0/24 static-mapping joey-server ip-address 192.168.1.23
+set service dhcp-server shared-network-name LAN1 subnet 192.168.1.0/24 static-mapping joey-server mac-address '24:4b:fe:8b:f3:b0'
+set service dhcp-server shared-network-name LAN1 subnet 192.168.1.0/24 static-mapping joeyPrinter ip-address 192.168.1.60
+set service dhcp-server shared-network-name LAN1 subnet 192.168.1.0/24 static-mapping joeyPrinter mac-address '9c:32:ce:7c:f8:25'
+set service dhcp-server shared-network-name LAN1 subnet 192.168.1.0/24 static-mapping pihole ip-address 192.168.1.22
+set service dhcp-server shared-network-name LAN1 subnet 192.168.1.0/24 static-mapping pihole mac-address 'b8:27:eb:3c:8e:bb'
+set service dhcp-server shared-network-name LAN1 subnet 192.168.1.0/24 static-mapping tasmota-1 ip-address 192.168.1.50
+set service dhcp-server shared-network-name LAN1 subnet 192.168.1.0/24 static-mapping tasmota-1 mac-address '3C:61:05:F6:44:1E'
+set service dhcp-server shared-network-name LAN1 subnet 192.168.1.0/24 static-mapping tasmota-2 ip-address 192.168.1.51
+set service dhcp-server shared-network-name LAN1 subnet 192.168.1.0/24 static-mapping tasmota-2 mac-address '3c:61:05:f6:d7:d3'
+set service dhcp-server shared-network-name LAN1 subnet 192.168.1.0/24 static-mapping tasmota-3 ip-address 192.168.1.52
+set service dhcp-server shared-network-name LAN1 subnet 192.168.1.0/24 static-mapping tasmota-3 mac-address '3c:61:05:f6:f0:62'
+set service dhcp-server shared-network-name LAN2 authoritative enable
+set service dhcp-server shared-network-name LAN2 subnet 192.168.2.0/24 default-router 192.168.2.1
+set service dhcp-server shared-network-name LAN2 subnet 192.168.2.0/24 dns-server 192.168.2.1
+set service dhcp-server shared-network-name LAN2 subnet 192.168.2.0/24 lease 86400
+set service dhcp-server shared-network-name LAN2 subnet 192.168.2.0/24 start 192.168.2.38 stop 192.168.2.243
+set service dhcp-server static-arp disable
+set service dhcp-server use-dnsmasq enable
+set service dns forwarding cache-size 150
+set service dns forwarding listen-on switch0
+set service dns forwarding name-server 192.168.1.1
+set service dns forwarding name-server 1.1.1.1
+set service dns forwarding name-server 1.0.0.1
+set service dns forwarding options strict-order
+set service dns forwarding system
+set service gui http-port 8080
+set service gui https-port 4433
+set service gui older-ciphers enable
+set service nat rule 5010 description 'masquerade for WAN'
+set service nat rule 5010 outbound-interface pppoe0
+set service nat rule 5010 type masquerade
+set service ssh port 22
+set service ssh protocol-version v2
+set service unms disable
+set system domain-name local
+set system host-name ubnt
+set system login user admin authentication encrypted-password '$5$j8QJRFCpc2Pc90kV$AA7DbPJldnwMlahDbbFWf0N9WiNnL9faW473jO9z1Z0'
+set system login user admin authentication public-keys jafner425@gmail.com key AAAAB3NzaC1yc2EAAAADAQABAAAEAQCyolGiQAOvyKZ9GtPx2FbKwdt8twLuKs8l0+o3QVZsS5NCG4pX6GXuH8GspmHSedy4yfgVBN0NlOoVPpwxGslZZ5BLkOyhfcoiayPMbYyEpyiujcmnIUlNLI04otz7Ucqhopy+DC/+UpLTMqgnlevWDJW5YgYNAInPFNP7cIJ//sjimisP/su0n4DTzq/1WDUHN+Pk2LKw9P6NnAyk+RhSAH2v5Z/sq0FjUVxe57oNnCGec8KzVsxvI3PP44ax17n8MIyZlXhDa41+1u/LsE9oHSeidaWz8S8IZaRQbUkdtaViiOL+JS55ZOut11cmEOBTsXgmwEH9d1gLS5NKukwTDruBjznqJDXuFlcoRvHIYOTbBXVBDzI710kX7hucks/XZuUhXuOsO0hqQjqAJFX/LKbeR/XN+7AvuGIy25bslZu3/HUdL9UYhenm/AJL5YtUKRsLIeznRyHJcJ8905qgMIELRVWYxTDlekbsL5rNzrRSJ4+gV9Y5TFe1uxRaqqGiuyJ1T7/R2++z+p+sYoBJOY+vehUul7CtaYeVe7FUGuJzWHylkmkOMSJQb0XvjQWjFgSOstIf4MoFcRSfgztL4C2utDNayvR2XjLjRcaZnIzzAkBweY/g0Y0Jnnjk+dmnKWeoDHUXOT/GHGi/KfL4lwnQFRtS8x6M52sX417Of9K14ljILaHESJibjPN2jWboQdvTw0PFhbr72jr6+rhayuiP3n+5rENtDxwPlfYdSsCdgVyg7HC/2F6ZL5QHXctJFjIswMdJds+3pHnb7l5d4TiRdBQNQGVv7pYYfZdyqMGk5sdKXBzn/uS1a0SRqzJAhgH6nA67HfuBKq2xwu86hlOnc6hsFuehXAweaZ/UvTBiCE+4oYokAyHcpHsjOYqTmK6rSTTfGQ3Yc8zgD5vGb04tGRMVFA0+uQSrcBeIidxFZA1pbrMuDGDQDqtevIyna+rN958IWjCMvs8O+wro4SFYKAHYOkaBW0syQl1m/GKePcDJR6rkLx8eLrr6jaj4rHAS5fVJVYOpPIkrnfI5kTvnuRqJTH9NIaan3q4+6mAQ1prBqrtO2RUWcdmfkuVuUapDcqhgqGQqzsaKNWjsiCr21CPnYuj8pYItyJziF2VGS5oci2feCxWwbqqW8WUXZha7PnhQaIIiv7vyIo/JVWKK12v8UfeFRiRL73JOfFdtRCWldQxF2yRTt5gFxObCPQj5oSj1+Buc/IzQwqkKxeKpjUdtYt1RjsU3rJR1JDjEhrbbN/LZg986wkxrsLVqQmsXxSniai2X4vN+9KZu4kcg8Crk4g29+L0Snj0P7PQ61SXT3HMZxp5T2jLvekwLyn9yIKl75IiQSdgp+DIv
+set system login user admin authentication public-keys jafner425@gmail.com type ssh-rsa
+set system login user admin authentication public-keys joey@joey-server key AAAAB3NzaC1yc2EAAAADAQABAAACAQDOCCXndD7BbVmUHsYEkVLobZVBbZ8mgHjpKreUSsyZLah9Et2VxzATOh1bnXwapHu137h/cMeBDBPD3AfoCT3njd/mvVZB3INkyS8mPoFuwYViHmlW2L+6Bv5kGiMpjK/G5lPkKLsA79bTMu2kuAM6usslap3hEdwNW0vK3a+feM1RSwxirQmDXq4WRmsY9r4Md9wIfxLaezy0l0oK8k7xqMeiLrqMsrpsDOVV5Cb7iyufDqEx4QbicosrMD+C4Mql8ptdOYVj86jOND9lcpoqujOQWD2k8Cvl/zdoWY3ZG7duZjD9NYFgvM7F62LM5p7t5iNicxcegCqdZmFR5+ueZtoIn6BpCT4cvAWHSipRuvNmAWaQBnfr/NKh4H2QF0wJluDkG+wTrJPjH9FmK4sUHdOx+rqZ4iWhhZ7a2c4wNgm9i+UHoh//MPSvWOC5lQ97FvTUVBmE8BiWh8tZ82SxjSUtWaYPGZEmJvEIVXus70aY8Rwelxn9gXTwLlzRZl+0G7XOQia1EIj8VnUtPtWMxHeI09klOP1BRUVSRXBGOvz1UjbHIAEYvnxkTiW5LG1xxJopUQ3QiyDDERBbelLtM3iBIRFbVlFcqyIG3OsZaR90LwngBFIMtPZrv3vWTg3YdtMDw7uW1SVHHBDfxEc9cSBYQinVGupUmyztTLkM4Q==
+set system login user admin authentication public-keys joey@joey-server type ssh-rsa
+set system login user admin level admin
+set system name-server 127.0.0.1
+set system name-server 1.1.1.1
+set system name-server 1.0.0.1
+set system ntp server 0.ubnt.pool.ntp.org
+set system ntp server 1.ubnt.pool.ntp.org
+set system ntp server 2.ubnt.pool.ntp.org
+set system ntp server 3.ubnt.pool.ntp.org
+set system offload hwnat enable
+set system package repository stretch components 'main contrib non-free'
+set system package repository stretch distribution stretch
+set system package repository stretch password ''
+set system package repository stretch url 'http://http.us.debian.org/debian'
+set system package repository stretch username ''
+set system syslog global facility all level notice
+set system syslog global facility protocols level debug
+set system time-zone America/Los_Angeles