switch0 (votre LAN) : | 192.168.1.1/24 |
eth1 (LAN bbox) : | 192.168.2.1/24 |
eth2 (LAN miami) : | 192.168.3.1/24 |
ID | Préfixe | Mode | Rôle | Valeur exemple | IP locale ER-X |
:0 | /64 | SLAAC | Adresses LAN (switch0) | 2001:862:7e13:9c70::/64 | 2001:862:7e13:9c70::ffff/64 |
:1 | /64 | SLAAC | Adresses miami (eth2) | 2001:862:7e13:9c71::/64 | 2001:862:7e13:9c71::ffff/64 |
:e | /63 | Prefix-Delegation | Réseau bbox (eth1) | 2001:862:7e13:9c7e::/63 | fd00:bb0f:bb0f::ffff/64 |
set interfaces switch switch0 address 192.168.1.1/24
set interfaces switch switch0 description LAN
set interfaces switch switch0 switch-port interface eth3
set interfaces switch switch0 switch-port interface eth4
set service dns forwarding listen-on switch0
set service dhcp-server disabled false
set service dhcp-server shared-network-name lan subnet 192.168.1.0/24 dns-server 192.168.1.1
set service dhcp-server shared-network-name lan subnet 192.168.1.0/24 default-router 192.168.1.1
set service dhcp-server shared-network-name lan subnet 192.168.1.0/24 start 192.168.1.100 stop 192.168.1.254
set firewall name WAN_IN default-action drop
set firewall name WAN_IN description 'WAN to internal'
set firewall name WAN_IN rule 10 action accept
set firewall name WAN_IN rule 10 description 'Allow established/related'
set firewall name WAN_IN rule 10 state established enable
set firewall name WAN_IN rule 10 state related enable
set firewall name WAN_LOCAL default-action drop
set firewall name WAN_LOCAL description 'WAN to router'
set firewall name WAN_LOCAL rule 10 action accept
set firewall name WAN_LOCAL rule 10 description 'Allow established/related'
set firewall name WAN_LOCAL rule 10 state established enable
set firewall name WAN_LOCAL rule 10 state related enable
set interfaces ethernet eth0 vif 100 address dhcp
set interfaces ethernet eth0 vif 100 dhcp-options name-server update
set interfaces ethernet eth0 vif 100 description Internet
set interfaces ethernet eth0 vif 100 firewall in name WAN_IN
set interfaces ethernet eth0 vif 100 firewall local name WAN_LOCAL
commit
set service nat rule 5010 description 'masquerade for WAN'
set service nat rule 5010 log disable
set service nat rule 5010 outbound-interface eth0.100
set service nat rule 5010 protocol all
set service nat rule 5010 type masquerade
set system offload hwnat enable
commit
save
#!/bin/bash
src="/opt/vyatta/sbin/dhcpv6-pd-duid.pl"
[ -e "${src}.orig" ] && exit 0
if [ "`sed -E -e '44!d' -e 's/^\s+//' $src`" != 'my $buf = pack("n", $len);' ] ; then
logger "Unable to apply dhcpv6-duid patch, source not expected"
exit 0
fi
logger "Applying dhcpv6-duid patch"
cp $src $src.orig
ed $src << 'EOF'
44c
my $buf;
my $endian = $Config{byteorder};
if ($endian == 1234 or $endian == 12345678) {
$buf = pack("v", $len);
} else {
$buf = pack("n", $len);
}
.
w
EOF
set firewall ipv6-name WANv6_IN default-action drop
set firewall ipv6-name WANv6_IN description 'WANv6 to internal'
set firewall ipv6-name WANv6_IN rule 10 action accept
set firewall ipv6-name WANv6_IN rule 10 description 'Allow established/related sessions'
set firewall ipv6-name WANv6_IN rule 10 state established enable
set firewall ipv6-name WANv6_IN rule 10 state related enable
set firewall ipv6-name WANv6_LOCAL default-action drop
set firewall ipv6-name WANv6_LOCAL description 'WAN inbound traffic to the router'
set firewall ipv6-name WANv6_LOCAL rule 10 action accept
set firewall ipv6-name WANv6_LOCAL rule 10 description 'Allow established/related sessions'
set firewall ipv6-name WANv6_LOCAL rule 10 state established enable
set firewall ipv6-name WANv6_LOCAL rule 10 state related enable
set firewall ipv6-name WANv6_LOCAL rule 20 action drop
set firewall ipv6-name WANv6_LOCAL rule 20 description 'Drop invalid state'
set firewall ipv6-name WANv6_LOCAL rule 20 state invalid enable
set firewall ipv6-name WANv6_LOCAL rule 30 action accept
set firewall ipv6-name WANv6_LOCAL rule 30 description 'Allow IPv6 icmp'
set firewall ipv6-name WANv6_LOCAL rule 30 protocol ipv6-icmp
set firewall ipv6-name WANv6_LOCAL rule 40 action accept
set firewall ipv6-name WANv6_LOCAL rule 40 description 'Allow dhcpv6'
set firewall ipv6-name WANv6_LOCAL rule 40 destination port 546
set firewall ipv6-name WANv6_LOCAL rule 40 protocol udp
set firewall ipv6-name WANv6_LOCAL rule 40 source port 547
set interfaces ethernet eth0 vif 100 dhcpv6-pd prefix-only
set interfaces ethernet eth0 vif 100 dhcpv6-pd rapid-commit disable
set interfaces ethernet eth0 vif 100 dhcpv6-pd pd 0 interface switch0 host-address '::ffff'
set interfaces ethernet eth0 vif 100 dhcpv6-pd pd 0 interface switch0 prefix-id ':0'
set interfaces ethernet eth0 vif 100 dhcpv6-pd pd 0 interface switch0 service slaac
set interfaces ethernet eth0 vif 100 dhcpv6-pd pd 0 prefix-length /60
set interfaces ethernet eth0 vif 100 firewall in ipv6-name WANv6_IN
set interfaces ethernet eth0 vif 100 firewall local ipv6-name WANv6_LOCAL
commit
save
set interfaces ethernet eth1 vif 100 address 192.168.2.1/24
set interfaces ethernet eth1 vif 100 description bbox
set interfaces ethernet eth1 vif 100 ipv6 address eui64 'fd00:bb0f:bb0f::ffff/64'
commit
set service dhcp-server shared-network-name bbox subnet 192.168.2.0/24 dns-server 194.158.122.10
set service dhcp-server shared-network-name bbox subnet 192.168.2.0/24 dns-server 194.158.122.15
set service dhcp-server shared-network-name bbox subnet 192.168.2.0/24 ntp-server 194.158.119.97
set service dhcp-server shared-network-name bbox subnet 192.168.2.0/24 default-router 192.168.2.1
set service dhcp-server shared-network-name bbox subnet 192.168.2.0/24 start 192.168.2.100 stop 192.168.2.150
set service dhcpv6-server shared-network-name bbox name-server '2001:860:b0ff:1::1'
set service dhcpv6-server shared-network-name bbox name-server '2001:860:b0ff:1::2'
set service dhcpv6-server shared-network-name bbox subnet 'fd00:bb0f:bb0f::/64' prefix-delegation start '2001:862:7e13:9c7e::' stop '2001:862:7e13:9c7e::' prefix-length 63
set interfaces ethernet eth1 vif 100 ipv6 router-advert send-advert true
set protocols static interface-route6 '2001:862:7e13:9c7e::/63' next-hop-interface eth1.100 description bbox
commit
save
#!/bin/sh
sysctl -w net.ipv4.conf.default.force_igmp_version=2
sysctl -w net.ipv4.conf.all.force_igmp_version=2
set interfaces ethernet eth2 address 192.168.3.1/24
set interfaces ethernet eth2 description miami
set interfaces ethernet eth0 vif 100 dhcpv6-pd pd 0 interface eth2 host-address '::ffff'
set interfaces ethernet eth0 vif 100 dhcpv6-pd pd 0 interface eth2 prefix-id ':1'
set interfaces ethernet eth0 vif 100 dhcpv6-pd pd 0 interface eth2 service slaac
set service dhcp-server shared-network-name miami subnet 192.168.3.0/24 dns-server 194.158.122.10
set service dhcp-server shared-network-name miami subnet 192.168.3.0/24 dns-server 194.158.122.15
set service dhcp-server shared-network-name miami subnet 192.168.3.0/24 ntp-server 194.158.119.97
set service dhcp-server shared-network-name miami subnet 192.168.3.0/24 default-router 192.168.3.1
set service dhcp-server shared-network-name miami subnet 192.168.3.0/24 start 192.168.3.100 stop 192.168.3.150
set service dhcp-server shared-network-name miami subnet 192.168.3.0/24 subnet-parameters 'option vivsi "\x00\x00.......\x42\x46";'
set firewall group address-group IPTV-multicast address 224.0.0.0/4
set firewall group address-group IPTV-multicast description Multicast
set firewall name WAN_IN rule 20 action drop
set firewall name WAN_IN rule 20 description 'Drop invalid state'
set firewall name WAN_IN rule 20 state invalid enable
set firewall name WAN_IN rule 30 action accept
set firewall name WAN_IN rule 30 description 'Allow multicast'
set firewall name WAN_IN rule 30 destination group address-group IPTV-multicast
set firewall name WAN_IN rule 30 log disable
set firewall name WAN_IN rule 30 protocol all
set firewall name WAN_IN rule 30 source group
set firewall name WAN_IN rule 30 state established enable
set firewall name WAN_IN rule 30 state new enable
set firewall name WAN_IN rule 30 state related enable
set firewall name WAN_LOCAL rule 20 action drop
set firewall name WAN_LOCAL rule 20 description 'Drop invalid state'
set firewall name WAN_LOCAL rule 20 state invalid enable
set firewall name WAN_LOCAL rule 30 action accept
set firewall name WAN_LOCAL rule 30 description 'Allow Multicast'
set firewall name WAN_LOCAL rule 30 destination group address-group IPTV-multicast
set firewall name WAN_LOCAL rule 30 log disable
set firewall name WAN_LOCAL rule 30 protocol all
set firewall name WAN_LOCAL rule 30 source group
set firewall name WAN_LOCAL rule 30 state established enable
set firewall name WAN_LOCAL rule 30 state new enable
set firewall name WAN_LOCAL rule 30 state related enable
set protocols igmp-proxy interface eth0.100 alt-subnet 0.0.0.0/0
set protocols igmp-proxy interface eth0.100 role upstream
set protocols igmp-proxy interface eth0.100 threshold 1
set protocols igmp-proxy interface eth2 alt-subnet 0.0.0.0/0
set protocols igmp-proxy interface eth2 role downstream
set protocols igmp-proxy interface eth2 threshold 1
set service upnp2 listen-on eth2
set service upnp2 wan eth0.100
set interfaces ethernet eth0 vif 100 egress-qos '7:5'
commit
save