From ca06f3d7e73442a0ccadc6abf65d15b4aa047385 Mon Sep 17 00:00:00 2001 From: Joey Hafner Date: Sat, 30 Jul 2022 01:17:45 -0700 Subject: [PATCH] Update router config --- router/config/config.boot | 12 ++ router/config/config.boot-commands | 208 +++++++++++++++++++++++++++++ 2 files changed, 220 insertions(+) create mode 100644 router/config/config.boot-commands diff --git a/router/config/config.boot b/router/config/config.boot index fa2380d..68856b5 100644 --- a/router/config/config.boot +++ b/router/config/config.boot @@ -262,6 +262,14 @@ service { start 192.168.1.100 { stop 192.168.1.254 } + static-mapping U6-Lite { + ip-address 192.168.1.3 + mac-address 78:45:58:67:87:14 + } + static-mapping UAP-AC-LR { + ip-address 192.168.1.2 + mac-address 18:e8:29:50:f7:5b + } static-mapping joey-nas { ip-address 192.168.1.10 mac-address 40:8d:5c:52:41:89 @@ -274,6 +282,10 @@ service { ip-address 192.168.1.23 mac-address 24:4b:fe:8b:f3:b0 } + static-mapping joeyPrinter { + ip-address 192.168.1.60 + mac-address 9c:32:ce:7c:f8:25 + } static-mapping pihole { ip-address 192.168.1.22 mac-address b8:27:eb:3c:8e:bb diff --git a/router/config/config.boot-commands b/router/config/config.boot-commands new file mode 100644 index 0000000..0132666 --- /dev/null +++ b/router/config/config.boot-commands @@ -0,0 +1,208 @@ +set firewall all-ping enable +set firewall broadcast-ping disable +set firewall ipv6-receive-redirects disable +set firewall ipv6-src-route disable +set firewall ip-src-route disable +set firewall log-martians enable +set firewall name WAN_IN default-action drop +set firewall name WAN_IN description 'WAN to internal' +set firewall name WAN_IN rule 10 action accept +set firewall name WAN_IN rule 10 description 'Allow established/related' +set firewall name WAN_IN rule 10 state established enable +set firewall name WAN_IN rule 10 state related enable +set firewall name WAN_IN rule 20 action drop +set firewall name WAN_IN rule 20 description 'Drop invalid state' +set firewall name WAN_IN rule 20 state invalid enable +set firewall name WAN_LOCAL default-action drop +set firewall name WAN_LOCAL description 'WAN to router' +set firewall name WAN_LOCAL rule 10 action accept +set firewall name WAN_LOCAL rule 10 description 'Allow established/related' +set firewall name WAN_LOCAL rule 10 state established enable +set firewall name WAN_LOCAL rule 10 state related enable +set firewall name WAN_LOCAL rule 30 action drop +set firewall name WAN_LOCAL rule 30 description 'Drop invalid state' +set firewall name WAN_LOCAL rule 30 state invalid enable +set firewall options mss-clamp mss 1412 +set firewall receive-redirects disable +set firewall send-redirects enable +set firewall source-validation disable +set firewall syn-cookies enable +set interfaces ethernet eth0 description 'Internet (PPPoE)' +set interfaces ethernet eth0 duplex auto +set interfaces ethernet eth0 pppoe 0 default-route auto +set interfaces ethernet eth0 pppoe 0 firewall in name WAN_IN +set interfaces ethernet eth0 pppoe 0 firewall local name WAN_LOCAL +set interfaces ethernet eth0 pppoe 0 mtu 1492 +set interfaces ethernet eth0 pppoe 0 name-server auto +set interfaces ethernet eth0 pppoe 0 password 24ydrUYs +set interfaces ethernet eth0 pppoe 0 user-id hafnerjoseph +set interfaces ethernet eth0 speed auto +set interfaces ethernet eth1 address 192.168.2.1/24 +set interfaces ethernet eth1 description Local +set interfaces ethernet eth1 duplex auto +set interfaces ethernet eth1 speed auto +set interfaces ethernet eth2 description 'Local 2' +set interfaces ethernet eth2 duplex auto +set interfaces ethernet eth2 speed auto +set interfaces ethernet eth3 description 'Local 2' +set interfaces ethernet eth3 duplex auto +set interfaces ethernet eth3 speed auto +set interfaces ethernet eth4 description 'Local 2' +set interfaces ethernet eth4 duplex auto +set interfaces ethernet eth4 speed auto +set interfaces ethernet eth5 description 'Local 2' +set interfaces ethernet eth5 duplex auto +set interfaces ethernet eth5 speed auto +set interfaces ethernet eth6 description 'Local 2' +set interfaces ethernet eth6 duplex auto +set interfaces ethernet eth6 speed auto +set interfaces ethernet eth7 description 'Local 2' +set interfaces ethernet eth7 duplex auto +set interfaces ethernet eth7 speed auto +set interfaces ethernet eth8 description 'Local 2' +set interfaces ethernet eth8 duplex auto +set interfaces ethernet eth8 speed auto +set interfaces ethernet eth9 description 'Local 2' +set interfaces ethernet eth9 duplex auto +set interfaces ethernet eth9 poe output 24v +set interfaces ethernet eth9 speed auto +set interfaces loopback lo +set interfaces switch switch0 address 192.168.1.1/24 +set interfaces switch switch0 description 'Local 2' +set interfaces switch switch0 mtu 1500 +set interfaces switch switch0 switch-port interface eth2 +set interfaces switch switch0 switch-port interface eth3 +set interfaces switch switch0 switch-port interface eth4 +set interfaces switch switch0 switch-port interface eth5 +set interfaces switch switch0 switch-port interface eth6 +set interfaces switch switch0 switch-port interface eth7 +set interfaces switch switch0 switch-port interface eth8 +set interfaces switch switch0 switch-port interface eth9 +set interfaces switch switch0 switch-port vlan-aware disable +set port-forward auto-firewall enable +set port-forward hairpin-nat enable +set port-forward lan-interface switch0 +set port-forward rule 1 description Plex +set port-forward rule 1 forward-to address 192.168.1.23 +set port-forward rule 1 original-port 32400 +set port-forward rule 1 protocol tcp_udp +set port-forward rule 2 description BitTorrent +set port-forward rule 2 forward-to address 192.168.1.21 +set port-forward rule 2 original-port 51000-51999 +set port-forward rule 2 protocol tcp_udp +set port-forward rule 3 description WireGuard +set port-forward rule 3 forward-to address 192.168.1.23 +set port-forward rule 3 original-port 53820-53829 +set port-forward rule 3 protocol tcp_udp +set port-forward rule 4 description Minecraft +set port-forward rule 4 forward-to address 192.168.1.23 +set port-forward rule 4 forward-to port 25565 +set port-forward rule 4 original-port 25565 +set port-forward rule 4 protocol tcp_udp +set port-forward rule 5 description Iperf +set port-forward rule 5 forward-to address 192.168.1.23 +set port-forward rule 5 original-port 50201 +set port-forward rule 5 protocol tcp_udp +set port-forward rule 6 description https,http +set port-forward rule 6 forward-to address 192.168.1.23 +set port-forward rule 6 original-port 443,80 +set port-forward rule 6 protocol tcp_udp +set port-forward rule 7 description 'Peertube Live' +set port-forward rule 7 forward-to address 192.168.1.23 +set port-forward rule 7 forward-to port 22 +set port-forward rule 7 original-port 1935 +set port-forward rule 7 protocol tcp_udp +set port-forward rule 8 description 'Git SSH' +set port-forward rule 8 forward-to address 192.168.1.23 +set port-forward rule 8 original-port 2228-2229 +set port-forward rule 8 protocol tcp_udp +set port-forward rule 9 description SFTP +set port-forward rule 9 forward-to address 192.168.1.23 +set port-forward rule 9 original-port 23450 +set port-forward rule 9 protocol tcp_udp +set port-forward rule 10 description Terraria +set port-forward rule 10 forward-to address 192.168.1.100 +set port-forward rule 10 forward-to port 7777 +set port-forward rule 10 original-port 50777 +set port-forward rule 10 protocol tcp_udp +set port-forward rule 11 description BitTorrent +set port-forward rule 11 forward-to address 192.168.1.23 +set port-forward rule 11 original-port 50000 +set port-forward rule 11 protocol tcp_udp +set port-forward wan-interface pppoe0 +set service dhcp-server disabled false +set service dhcp-server hostfile-update disable +set service dhcp-server shared-network-name LAN1 authoritative enable +set service dhcp-server shared-network-name LAN1 subnet 192.168.1.0/24 default-router 192.168.1.1 +set service dhcp-server shared-network-name LAN1 subnet 192.168.1.0/24 dns-server 1.1.1.1 +set service dhcp-server shared-network-name LAN1 subnet 192.168.1.0/24 dns-server 1.0.0.1 +set service dhcp-server shared-network-name LAN1 subnet 192.168.1.0/24 domain-name local +set service dhcp-server shared-network-name LAN1 subnet 192.168.1.0/24 lease 86400 +set service dhcp-server shared-network-name LAN1 subnet 192.168.1.0/24 start 192.168.1.100 stop 192.168.1.254 +set service dhcp-server shared-network-name LAN1 subnet 192.168.1.0/24 static-mapping U6-Lite ip-address 192.168.1.3 +set service dhcp-server shared-network-name LAN1 subnet 192.168.1.0/24 static-mapping U6-Lite mac-address '78:45:58:67:87:14' +set service dhcp-server shared-network-name LAN1 subnet 192.168.1.0/24 static-mapping UAP-AC-LR ip-address 192.168.1.2 +set service dhcp-server shared-network-name LAN1 subnet 192.168.1.0/24 static-mapping UAP-AC-LR mac-address '18:e8:29:50:f7:5b' +set service dhcp-server shared-network-name LAN1 subnet 192.168.1.0/24 static-mapping joey-nas ip-address 192.168.1.10 +set service dhcp-server shared-network-name LAN1 subnet 192.168.1.0/24 static-mapping joey-nas mac-address '40:8d:5c:52:41:89' +set service dhcp-server shared-network-name LAN1 subnet 192.168.1.0/24 static-mapping joey-seedbox ip-address 192.168.1.21 +set service dhcp-server shared-network-name LAN1 subnet 192.168.1.0/24 static-mapping joey-seedbox mac-address '24:4b:fe:57:bc:85' +set service dhcp-server shared-network-name LAN1 subnet 192.168.1.0/24 static-mapping joey-server ip-address 192.168.1.23 +set service dhcp-server shared-network-name LAN1 subnet 192.168.1.0/24 static-mapping joey-server mac-address '24:4b:fe:8b:f3:b0' +set service dhcp-server shared-network-name LAN1 subnet 192.168.1.0/24 static-mapping joeyPrinter ip-address 192.168.1.60 +set service dhcp-server shared-network-name LAN1 subnet 192.168.1.0/24 static-mapping joeyPrinter mac-address '9c:32:ce:7c:f8:25' +set service dhcp-server shared-network-name LAN1 subnet 192.168.1.0/24 static-mapping pihole ip-address 192.168.1.22 +set service dhcp-server shared-network-name LAN1 subnet 192.168.1.0/24 static-mapping pihole mac-address 'b8:27:eb:3c:8e:bb' +set service dhcp-server shared-network-name LAN1 subnet 192.168.1.0/24 static-mapping tasmota-1 ip-address 192.168.1.50 +set service dhcp-server shared-network-name LAN1 subnet 192.168.1.0/24 static-mapping tasmota-1 mac-address '3C:61:05:F6:44:1E' +set service dhcp-server shared-network-name LAN1 subnet 192.168.1.0/24 static-mapping tasmota-2 ip-address 192.168.1.51 +set service dhcp-server shared-network-name LAN1 subnet 192.168.1.0/24 static-mapping tasmota-2 mac-address '3c:61:05:f6:d7:d3' +set service dhcp-server shared-network-name LAN1 subnet 192.168.1.0/24 static-mapping tasmota-3 ip-address 192.168.1.52 +set service dhcp-server shared-network-name LAN1 subnet 192.168.1.0/24 static-mapping tasmota-3 mac-address '3c:61:05:f6:f0:62' +set service dhcp-server shared-network-name LAN2 authoritative enable +set service dhcp-server shared-network-name LAN2 subnet 192.168.2.0/24 default-router 192.168.2.1 +set service dhcp-server shared-network-name LAN2 subnet 192.168.2.0/24 dns-server 192.168.2.1 +set service dhcp-server shared-network-name LAN2 subnet 192.168.2.0/24 lease 86400 +set service dhcp-server shared-network-name LAN2 subnet 192.168.2.0/24 start 192.168.2.38 stop 192.168.2.243 +set service dhcp-server static-arp disable +set service dhcp-server use-dnsmasq enable +set service dns forwarding cache-size 150 +set service dns forwarding listen-on switch0 +set service dns forwarding name-server 192.168.1.1 +set service dns forwarding name-server 1.1.1.1 +set service dns forwarding name-server 1.0.0.1 +set service dns forwarding options strict-order +set service dns forwarding system +set service gui http-port 8080 +set service gui https-port 4433 +set service gui older-ciphers enable +set service nat rule 5010 description 'masquerade for WAN' +set service nat rule 5010 outbound-interface pppoe0 +set service nat rule 5010 type masquerade +set service ssh port 22 +set service ssh protocol-version v2 +set service unms disable +set system domain-name local +set system host-name ubnt +set system login user admin authentication encrypted-password '$5$j8QJRFCpc2Pc90kV$AA7DbPJldnwMlahDbbFWf0N9WiNnL9faW473jO9z1Z0' +set system login user admin authentication public-keys jafner425@gmail.com key AAAAB3NzaC1yc2EAAAADAQABAAAEAQCyolGiQAOvyKZ9GtPx2FbKwdt8twLuKs8l0+o3QVZsS5NCG4pX6GXuH8GspmHSedy4yfgVBN0NlOoVPpwxGslZZ5BLkOyhfcoiayPMbYyEpyiujcmnIUlNLI04otz7Ucqhopy+DC/+UpLTMqgnlevWDJW5YgYNAInPFNP7cIJ//sjimisP/su0n4DTzq/1WDUHN+Pk2LKw9P6NnAyk+RhSAH2v5Z/sq0FjUVxe57oNnCGec8KzVsxvI3PP44ax17n8MIyZlXhDa41+1u/LsE9oHSeidaWz8S8IZaRQbUkdtaViiOL+JS55ZOut11cmEOBTsXgmwEH9d1gLS5NKukwTDruBjznqJDXuFlcoRvHIYOTbBXVBDzI710kX7hucks/XZuUhXuOsO0hqQjqAJFX/LKbeR/XN+7AvuGIy25bslZu3/HUdL9UYhenm/AJL5YtUKRsLIeznRyHJcJ8905qgMIELRVWYxTDlekbsL5rNzrRSJ4+gV9Y5TFe1uxRaqqGiuyJ1T7/R2++z+p+sYoBJOY+vehUul7CtaYeVe7FUGuJzWHylkmkOMSJQb0XvjQWjFgSOstIf4MoFcRSfgztL4C2utDNayvR2XjLjRcaZnIzzAkBweY/g0Y0Jnnjk+dmnKWeoDHUXOT/GHGi/KfL4lwnQFRtS8x6M52sX417Of9K14ljILaHESJibjPN2jWboQdvTw0PFhbr72jr6+rhayuiP3n+5rENtDxwPlfYdSsCdgVyg7HC/2F6ZL5QHXctJFjIswMdJds+3pHnb7l5d4TiRdBQNQGVv7pYYfZdyqMGk5sdKXBzn/uS1a0SRqzJAhgH6nA67HfuBKq2xwu86hlOnc6hsFuehXAweaZ/UvTBiCE+4oYokAyHcpHsjOYqTmK6rSTTfGQ3Yc8zgD5vGb04tGRMVFA0+uQSrcBeIidxFZA1pbrMuDGDQDqtevIyna+rN958IWjCMvs8O+wro4SFYKAHYOkaBW0syQl1m/GKePcDJR6rkLx8eLrr6jaj4rHAS5fVJVYOpPIkrnfI5kTvnuRqJTH9NIaan3q4+6mAQ1prBqrtO2RUWcdmfkuVuUapDcqhgqGQqzsaKNWjsiCr21CPnYuj8pYItyJziF2VGS5oci2feCxWwbqqW8WUXZha7PnhQaIIiv7vyIo/JVWKK12v8UfeFRiRL73JOfFdtRCWldQxF2yRTt5gFxObCPQj5oSj1+Buc/IzQwqkKxeKpjUdtYt1RjsU3rJR1JDjEhrbbN/LZg986wkxrsLVqQmsXxSniai2X4vN+9KZu4kcg8Crk4g29+L0Snj0P7PQ61SXT3HMZxp5T2jLvekwLyn9yIKl75IiQSdgp+DIv +set system login user admin authentication public-keys jafner425@gmail.com type ssh-rsa +set system login user admin authentication public-keys joey@joey-server key AAAAB3NzaC1yc2EAAAADAQABAAACAQDOCCXndD7BbVmUHsYEkVLobZVBbZ8mgHjpKreUSsyZLah9Et2VxzATOh1bnXwapHu137h/cMeBDBPD3AfoCT3njd/mvVZB3INkyS8mPoFuwYViHmlW2L+6Bv5kGiMpjK/G5lPkKLsA79bTMu2kuAM6usslap3hEdwNW0vK3a+feM1RSwxirQmDXq4WRmsY9r4Md9wIfxLaezy0l0oK8k7xqMeiLrqMsrpsDOVV5Cb7iyufDqEx4QbicosrMD+C4Mql8ptdOYVj86jOND9lcpoqujOQWD2k8Cvl/zdoWY3ZG7duZjD9NYFgvM7F62LM5p7t5iNicxcegCqdZmFR5+ueZtoIn6BpCT4cvAWHSipRuvNmAWaQBnfr/NKh4H2QF0wJluDkG+wTrJPjH9FmK4sUHdOx+rqZ4iWhhZ7a2c4wNgm9i+UHoh//MPSvWOC5lQ97FvTUVBmE8BiWh8tZ82SxjSUtWaYPGZEmJvEIVXus70aY8Rwelxn9gXTwLlzRZl+0G7XOQia1EIj8VnUtPtWMxHeI09klOP1BRUVSRXBGOvz1UjbHIAEYvnxkTiW5LG1xxJopUQ3QiyDDERBbelLtM3iBIRFbVlFcqyIG3OsZaR90LwngBFIMtPZrv3vWTg3YdtMDw7uW1SVHHBDfxEc9cSBYQinVGupUmyztTLkM4Q== +set system login user admin authentication public-keys joey@joey-server type ssh-rsa +set system login user admin level admin +set system name-server 127.0.0.1 +set system name-server 1.1.1.1 +set system name-server 1.0.0.1 +set system ntp server 0.ubnt.pool.ntp.org +set system ntp server 1.ubnt.pool.ntp.org +set system ntp server 2.ubnt.pool.ntp.org +set system ntp server 3.ubnt.pool.ntp.org +set system offload hwnat enable +set system package repository stretch components 'main contrib non-free' +set system package repository stretch distribution stretch +set system package repository stretch password '' +set system package repository stretch url 'http://http.us.debian.org/debian' +set system package repository stretch username '' +set system syslog global facility all level notice +set system syslog global facility protocols level debug +set system time-zone America/Los_Angeles \ No newline at end of file