Bonjour a tous,
Petit mot pour dit que depuis peu de temps j'utilise TNSR sur un Netgate 6100 Max avec ma Freebox Delta en mode bridge.
Pourqoui TNSR, pourqoui pas
Pour l'instant je crois le support IPV6 (RA/SLAAC, DHCPv6) manque un peu. Pas de souci pour moi par car j'utilise pas le IPv6.
Il faut que je trouve un Point D'access WiFi 6E (pas chere) qui supporte 2.5Gbs uplink, multiple SSID et VLAN, si vous avez des idees
Voici ma conf et mon home lab:
tnsrmgmt tnsr# show configuration running cli
configuration history enable
nacm disable
nacm read-default deny
nacm write-default deny
nacm exec-default deny
nacm group admin
member root
member tnsr
exit
nacm rule-list admin-rules
group admin
rule permit-all
module *
access-operations *
action permit
exit
exit
nacm enable
dataplane ethernet default-mtu 1500
dataplane dpdk uio-driver igb_uio
dataplane buffers buffers-per-numa 32768
dataplane statseg heap-size 96M
acl INTERNET-OUT
rule 10
description REFLECT ALL OUTBOUND
action reflect
ip-version ipv4
exit
exit
acl PORTFORWARD
rule 10
description NGINX TCP 443 10.10.200.252
action permit
ip-version ipv4
destination port 443 443
protocol tcp
exit
rule 11
description PLEX TCP 32400 10.10.200.254
action permit
ip-version ipv4
destination port 32400 32400
protocol udp
exit
exit
acl WAN-IN
rule 10
description ALLOW DHCP RESPONSES
action permit
ip-version ipv4
source port 67 67
destination port 68 68
protocol udp
exit
rule 20
description ALLOW ICMP
action permit
ip-version ipv4
protocol icmp
exit
rule 30
description ALLOW DNS RESPONSES
action permit
ip-version ipv4
source address 8.8.8.8/32
source port 53 53
protocol udp
exit
rule 31
description ALLOW DNS RESPONSES
action permit
ip-version ipv4
source address 8.8.8.8/32
source port 53 53
protocol tcp
exit
rule 32
description ALLOW DNS RESPONSES
action permit
ip-version ipv4
source address 8.8.4.4/32
source port 53 53
protocol udp
exit
rule 33
description ALLOW DNS RESPONSES
action permit
ip-version ipv4
source address 8.8.4.4/32
source port 53 53
protocol tcp
exit
exit
nat global-options nat44 max-translations-per-thread 128000
nat global-options nat44 endpoint-dependent true
nat global-options nat44 forwarding true
nat global-options nat44 enabled true
interface TenGigabitEthernet3/0/0
description WAN
enable
ip nat outside
dhcp client ipv4 hostname TNSR
access-list input acl INTERNET-OUT sequence 10
access-list input acl PORTFORWARD sequence 20
access-list input acl WAN-IN sequence 10
exit
interface TenGigabitEthernet3/0/1
description VLAN200
enable
ip nat inside
ip address 10.10.200.1/24
exit
nat pool address 82.66.xx.xx - 82.66.xx.xx
nat static mapping tcp local 10.10.200.252 443 external 0.0.0.0 TenGigabitEthernet3/0/0 443 route-table ipv4-VRF:0
nat static mapping tcp local 10.10.200.254 32400 external 0.0.0.0 TenGigabitEthernet3/0/0 32400 route-table ipv4-VRF:0
nat ipfix logging domain 1
nat ipfix logging src-port 4739
nat nat64 map parameters
security-check enable
exit
interface TenGigabitEthernet3/0/0
exit
interface TenGigabitEthernet3/0/1
exit
route dynamic manager
exit
route dynamic ospf6
exit
route dynamic bgp
disable
exit
route dynamic ospf
exit
route dynamic rip
exit
dhcp4 enable
dhcp4 server
description LAN-DHCP-SERVER
lease persist true
lease lfc-interval 3600
interface listen TenGigabitEthernet3/0/1
interface socket raw
subnet 10.10.200.0/24
interface TenGigabitEthernet3/0/1
option domain-name-servers
data 10.10.200.252
exit
option routers
data 10.10.200.1
exit
pool 10.10.200.10-10.10.200.50
exit
exit
exit
unbound server
do-ip4
do-tcp
do-udp
harden glue
hide identity
port outgoing range 4096
exit
snmp host disable