Last active
May 15, 2017 19:24
-
-
Save geek0x23/bc60f2e3f24f2ef1b33355d8ffe7ff2f to your computer and use it in GitHub Desktop.
Ubiquiti EdgeRouter ERPoe-5 Basic NAT
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| set firewall all-ping enable | |
| set firewall broadcast-ping disable | |
| set firewall ipv6-receive-redirects disable | |
| set firewall ipv6-src-route disable | |
| set firewall ip-src-route disable | |
| set firewall log-martians enable | |
| set firewall receive-redirects disable | |
| set firewall send-redirects enable | |
| set firewall source-validation disable | |
| set firewall syn-cookies enable | |
| set firewall name WAN_IN default-action drop | |
| set firewall name WAN_IN enable-default-log | |
| set firewall name WAN_IN rule 1 action accept | |
| set firewall name WAN_IN rule 1 description "Allow established connections" | |
| set firewall name WAN_IN rule 1 state established enable | |
| set firewall name WAN_IN rule 1 state related enable | |
| set firewall name WAN_IN rule 2 action drop | |
| set firewall name WAN_IN rule 2 description "Drop invalid state" | |
| set firewall name WAN_IN rule 2 state invalid enable | |
| set firewall name WAN_LOCAL rule 1 action accept | |
| set firewall name WAN_LOCAL rule 1 description "Allow established connections" | |
| set firewall name WAN_LOCAL rule 1 state established enable | |
| set firewall name WAN_LOCAL rule 1 state related enable | |
| set firewall name WAN_LOCAL rule 2 action drop | |
| set firewall name WAN_LOCAL rule 2 description "Drop invalid state" | |
| set firewall name WAN_LOCAL rule 2 state invalid enable | |
| set interfaces ethernet eth0 description WAN | |
| set interfaces ethernet eth0 address dhcp | |
| set interfaces ethernet eth0 firewall in name WAN_IN | |
| set interfaces ethernet eth0 firewall local name WAN_LOCAL | |
| set service nat rule 5010 description "Masquerade for WAN" | |
| set service nat rule 5010 outbound-interface eth0 | |
| set service nat rule 5010 type masquerade | |
| set interfaces switch switch0 switch-port interface eth2 | |
| set interfaces switch switch0 switch-port interface eth3 | |
| set interfaces switch switch0 switch-port interface eth4 | |
| set interfaces switch switch0 address 10.0.0.1/24 | |
| set service dhcp-server disabled false | |
| set service dhcp-server shared-network-name LAN authoritative enable | |
| set service dhcp-server shared-network-name LAN subnet 10.0.0.0/24 default-router 10.0.0.1 | |
| set service dhcp-server shared-network-name LAN subnet 10.0.0.0/24 dns-server 10.0.0.1 | |
| set service dhcp-server shared-network-name LAN subnet 10.0.0.0/24 lease 86400 | |
| set service dhcp-server shared-network-name LAN subnet 10.0.0.0/24 start 10.0.0.20 stop 10.0.0.254 | |
| set service dns forwarding listen-on switch0 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment