firewall { all-ping enable broadcast-ping disable ipv6-receive-redirects disable ipv6-src-route disable ip-src-route disable log-martians enable options { mss-clamp { mss 1412 } } receive-redirects disable send-redirects enable source-validation disable syn-cookies enable } interfaces { bridge br0 { aging 300 bridged-conntrack disable description BR_VOIP hello-time 2 max-age 20 priority 32768 promiscuous disable stp false } bridge br1 { aging 300 bridged-conntrack disable description BR_TV hello-time 2 max-age 20 priority 32768 promiscuous disable stp false } ethernet eth0 { address 192.168.2.1/24 description LIVEBOX duplex auto poe { output off } speed auto vif 835 { description FTTH } vif 838 { bridge-group { bridge br1 } description TV } vif 840 { bridge-group { bridge br1 } description TV } vif 851 { bridge-group { bridge br0 } description VOIP } } ethernet eth1 { description ONT duplex auto poe { output off } speed auto vif 835 { address dhcp description FTTH pppoe 0 { default-route auto mtu 1492 name-server auto password xx user-id fti/xx } } vif 838 { bridge-group { bridge br1 } description TV egress-qos "0:4 1:4 2:4 3:4 4:4 5:4 6:4 7:4" } vif 840 { bridge-group { bridge br1 } description TV egress-qos "0:5 1:5 2:5 3:5 4:5 5:5 6:5 7:5" } vif 851 { bridge-group { bridge br0 } description VOIP egress-qos "0:6 1:6 2:6 3:6 4:6 5:6 6:6 7:6" } } ethernet eth2 { duplex auto poe { output off } speed auto } ethernet eth3 { duplex auto poe { output off } speed auto } ethernet eth4 { address 192.168.1.1/24 description eth4 duplex auto poe { output off } speed auto } loopback lo { } switch switch0 { mtu 1500 } } port-forward { auto-firewall enable hairpin-nat enable lan-interface eth4 rule 1 { description ssh forward-to { address 192.168.1.129 port 22 } original-port 22 protocol tcp_udp } rule 2 { description http forward-to { address 192.168.1.130 port 80 } original-port 80 protocol tcp_udp } rule 3 { description https forward-to { address 192.168.1.129 port 443 } original-port 443 protocol tcp_udp } rule 4 { description imaps forward-to { address 192.168.1.129 port 993 } original-port 993 protocol tcp_udp } rule 5 { description smtps forward-to { address 192.168.1.129 port 465 } original-port 465 protocol tcp_udp } rule 6 { description torrent forward-to { address 192.168.1.129 port 51413 } original-port 51413 protocol tcp_udp } rule 7 { description emuleUDP2 forward-to { address 192.168.1.129 port 4665 } original-port 4665 protocol udp } rule 8 { description emuleUDP forward-to { address 192.168.1.129 port 4672 } original-port 4672 protocol udp } rule 9 { description emuleTCP forward-to { address 192.168.1.129 port 4662 } original-port 4662 protocol tcp } wan-interface pppoe0 } service { dhcp-server { disabled false hostfile-update disable shared-network-name ADMIN { authoritative disable disable subnet 192.168.10.0/24 { default-router 192.168.10.1 dns-server 192.168.10.1 lease 86400 start 192.168.10.150 { stop 192.168.10.250 } } } shared-network-name LIVEBOX { authoritative enable subnet 192.168.2.0/24 { default-router 192.168.2.1 dns-server 192.168.2.1 lease 86400 start 192.168.2.21 { stop 192.168.2.200 } } } shared-network-name LOCAL { authoritative disable subnet 192.168.1.0/24 { default-router 192.168.1.1 dns-server 192.168.1.1 lease 86400 start 192.168.1.150 { stop 192.168.1.250 } static-mapping RouteurNetgear { ip-address 192.168.1.2 mac-address 6C:B0:CE:B8:43:F5 } } } } dns { forwarding { cache-size 1000 listen-on eth0 listen-on eth4 } } gui { https-port 443 } nat { rule 5010 { outbound-interface pppoe0 type masquerade } } pppoe-server { authentication { local-users { username fti/xx { password "" } } mode local } client-ip-pool { start 192.168.2.210 stop 192.168.2.220 } dns-servers { server-1 80.10.246.2 server-2 80.10.246.129 } interface eth0.835 mtu 1492 } ssh { port 22 protocol-version v2 } ubnt-discover { disable } upnp { listen-on eth1 { outbound-interface eth4 } } } system { host-name ubnt login { user ubnt { authentication { encrypted-password $1$zKNoUbAo$gomzUbYvgyUMcD436Wo66. } level admin } } name-server 80.10.246.2 name-server 80.10.246.129 ntp { server 0.ubnt.pool.ntp.org { } server 1.ubnt.pool.ntp.org { } server 2.ubnt.pool.ntp.org { } server 3.ubnt.pool.ntp.org { } } offload { ipv4 { forwarding enable pppoe enable vlan enable } } package { repository wheezy { components "main contrib non-free" distribution wheezy password "" url http://http.us.debian.org/debian username "" } repository wheezy-security { components main distribution wheezy/updates password "" url http://security.debian.org username "" } } syslog { global { facility all { level notice } facility protocols { level debug } } } time-zone Europe/Paris traffic-analysis { dpi enable export enable } } /* Warning: Do not remove the following line. */ /* === vyatta-config-version: "config-management@1:conntrack@1:cron@1:dhcp-relay@1:dhcp-server@4:firewall@5:ipsec@4:nat@3:qos@1:quagga@2:system@4:ubnt-pptp@1:ubnt-util@1:vrrp@1:webgui@1:webproxy@1:zone-policy@1" === */ /* Release version: v1.7.0.4783374.150622.1534 */