salut,
J'ai finalement reçu mon telephone IP OVH (1.12€ par mois pour un numero), et donc j'ai pu faire la config de Zoc de la page 264, sans aucune Livebox, ni pour la TV, ni pour le telephone. J'économise quelques watts de consommation électrique...
J'ai fait quelques adaptions de la config pour mon ERPro : j'ai l'ONT sur ETH6 et le SWITCH sur ETH7. J'ai mis les décodeurs TV sur ETH2. C'est un peu un mix avec la configuration de nanostra.
firewall {
all-ping enable
broadcast-ping disable
ip-src-route disable
log-martians enable
name WAN_IN {
default-action drop
description "WAN to internal"
enable-default-log
rule 10 {
action accept
description "Allow established/related"
log disable
protocol all
state {
established enable
invalid disable
new disable
related enable
}
}
rule 20 {
action drop
description "Drop invalid state"
log disable
protocol all
state {
established disable
invalid enable
new disable
related disable
}
}
}
name WAN_LOCAL {
default-action drop
description "WAN to router"
rule 1 {
action accept
description "Allow established/related"
state {
established enable
related enable
}
}
rule 2 {
action drop
description "Drop invalid state"
log disable
state {
invalid enable
}
}
}
options {
}
receive-redirects disable
send-redirects enable
source-validation disable
syn-cookies enable
}
interfaces {
ethernet eth0 {
disable
duplex auto
speed auto
}
ethernet eth1 {
disable
duplex auto
speed auto
}
ethernet eth2 {
address 192.168.2.1/24
description "eth2 TV DECODER LAN"
duplex auto
speed auto
}
ethernet eth3 {
disable
duplex auto
speed auto
}
ethernet eth4 {
disable
duplex auto
speed auto
}
ethernet eth5 {
disable
duplex auto
speed auto
}
ethernet eth6 {
description "eth6 ONT (FIBRE RJ45)"
duplex auto
speed auto
vif 832 {
address dhcp
description "eth6.832 (INTERNET + VOIP + CANAL 2)"
dhcp-options {
client-option "send vendor-class-identifier "sagem";"
client-option "send user-class "\053FSVDSL_livebox.Internet.softathome.Livebox3";"
client-option "send rfc3118-auth YY:YY....;"
client-option "request subnet-mask, routers, domain-name-servers, domain-name, broadcast-address, dhcp-lease-time, dhcp-renewal-time, dhcp-rebinding-time, rfc3118-auth;"
default-route update
default-route-distance 210
name-server update
}
egress-qos "0:0 1:0 2:0 3:0 4:0 5:0 6:6 7:0"
firewall {
in {
name WAN_IN
}
local {
name WAN_LOCAL
}
}
}
vif 838 {
address dhcp
description "eth6.838 (VOD)"
dhcp-options {
client-option "send vendor-class-identifier "sagem";"
client-option "send user-class "\047FSVDSL_livebox.MLTV.softathome.Livebox4";"
client-option "send dhcp-client-identifier 1:XX:XX:XX:XX:XX:XX;"
client-option "request subnet-mask, routers, rfc3442-classless-static-routes;"
default-route no-update
default-route-distance 210
name-server update
}
egress-qos "0:4 1:4 2:4 3:4 4:4 5:4 6:4 7:4"
}
vif 840 {
address 192.168.255.254/32
description "eth6.840 (TV)"
egress-qos "0:5 1:5 2:5 3:5 4:5 5:5 6:5 7:5"
}
}
ethernet eth7 {
address 192.168.1.1/24
description "eth7 LOCAL LAN SWITCH"
duplex auto
speed auto
}
loopback lo {
}
}
port-forward {
auto-firewall enable
hairpin-nat enable
lan-interface eth7
rule 1 {
description "Synology sDSM"
forward-to {
address 192.168.1.XX
port 5001
}
original-port 5001
protocol tcp_udp
}
wan-interface eth6.832
}
protocols {
igmp-proxy {
disable-quickleave
interface eth2 {
alt-subnet 0.0.0.0/0
role downstream
threshold 1
}
interface eth6 {
role disabled
threshold 1
}
interface eth6.832 {
role disabled
threshold 1
}
interface eth6.838 {
role disabled
threshold 1
}
interface eth6.840 {
alt-subnet 0.0.0.0/0
role upstream
threshold 1
}
interface eth7 {
role disabled
threshold 1
}
}
}
service {
dhcp-server {
disabled false
hostfile-update disable
shared-network-name LAN_TV_ETH2_DHCP {
authoritative enable
subnet 192.168.2.0/24 {
default-router 192.168.2.1
dns-server 81.253.149.10
dns-server 80.10.246.3
lease 86400
ntp-server 192.168.2.1
start 192.168.2.100 {
stop 192.168.2.200
}
}
}
shared-network-name LAN_ETH7_DHCP {
authoritative disable
subnet 192.168.1.0/24 {
default-router 192.168.1.1
dns-server 192.168.1.1
lease 86400
start 192.168.1.100 {
stop 192.168.1.254
}
static-mapping GigasetDECT {
ip-address 192.168.1.90
mac-address 7C:2F:80:XX:XX:XX
}
}
use-dnsmasq disable
}
dns {
dynamic {
interface eth6.832 {
service dyndns {
#mes params DYnDNS pour "l'IP fixe"
}
}
}
forwarding {
cache-size 200
listen-on eth7
}
}
gui {
http-port 80
https-port 443
older-ciphers enable
}
nat {
rule 5001 {
description "MASQ: WAN"
log disable
outbound-interface eth6.832
protocol all
type masquerade
}
rule 5002 {
description "MASQ: ORANGE"
log disable
outbound-interface eth6.838
protocol all
type masquerade
}
}
snmp {
community ubnt {
authorization ro
}
}
ssh {
port 22
protocol-version v2
}
ubnt-discover {
disable
}
unms {
disable
}
}
system {
config-management {
commit-revisions 50
}
domain-name ILCO-HOME
host-name ubnt
login {
user root {
authentication {
encrypted-password VOTRE_PASS
plaintext-password ""
}
full-name ""
level admin
}
user ubnt {
authentication {
encrypted-password VOTRE_PASS
plaintext-password ""
}
full-name ""
level admin
}
}
name-server 208.67.222.222
name-server 208.67.220.220
name-server 8.8.8.8
name-server 8.8.4.4
ntp {
server 0.ubnt.pool.ntp.org {
}
server 1.ubnt.pool.ntp.org {
}
server 2.ubnt.pool.ntp.org {
}
server 3.ubnt.pool.ntp.org {
}
}
offload {
hwnat disable
ipsec enable
ipv4 {
forwarding enable
gre enable
vlan enable
}
ipv6 {
forwarding disable
}
}
package {
repository wheezy {
components "main contrib non-free"
distribution wheezy
password ""
url http://http.us.debian.org/debian
username ""
}
repository wheezy-security {
components main
distribution wheezy/updates
password ""
url http://security.debian.org
username ""
}
}
syslog {
global {
facility all {
level notice
}
facility protocols {
level warning
}
}
}
time-zone Europe/Paris
traffic-analysis {
dpi enable
export enable
}
}
/* Warning: Do not remove the following line. */
/* === vyatta-config-version: "config-management@1:conntrack@1:cron@1:dhcp-relay@1:dhcp-server@4:firewall@5:ipsec@5:nat@3:qos@1:quagga@2:system@4:ubnt-pptp@1:ubnt-unms@1:ubnt-util@1:vrrp@1:webgui@1:webproxy@1:zone-policy@1" === */
/* Release version: v1.9.7+hotfix.4.5024021.171005.0533 */
J'ai pas tout a fait respecter la configuration DNS, car je ne voulais pas des DNS Orange par défaut. Je les ai juste laissé pour l'interface dédiée aux décodeurs TV (ETH2). J'espère que ca ne posera pas de souci dans le temps...
Merci en tous cas pour toutes les infos.