@mike78530
Voilà ce à quoi j'arrive en essayant de simplifier le plus possible le fichier json... Je m'arrête ici car je ne vois pas comment je peux aller plus loin dans la mesure où tout ce qui reste et qui est dupliqué par rapport à ce que fait le GUI a un rapport avec le VLAN 832 et donc je ne vois pas bien comment je peux le supprimer...
Mais je suis intéressé par toute idée pour continuer à retirer des choses:-) Les candidats les plus probables pouvant être retirés sont sans doute:
- la partie "options" de "forwarding",
- la partie "firewall" de eth2,
- tout sauf "wan-interface" de "port-forward"
Pour ceux qui veulent faire marcher Internet + la TV sans la livebox, je crois que ce fichier JSON peut permettre d'aller assez vite...
{
"interfaces": {
"ethernet": {
"eth2": {
"description": "WAN Orange",
"duplex": "auto",
"speed": "auto",
"vif": {
"832": {
"address": [
"dhcp"
],
"dhcp-options": {
"client-option": [
"retry 60;",
"send vendor-class-identifier "sagem";",
"send user-class "\\053FSVDSL_livebox.Internet.softathome.Livebox4";",
"send rfc3118-auth 00:00:00:00:00:00:00:00:00:00:00:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx;",
"request subnet-mask, routers, domain-name-servers, domain-name, broadcast-address, dhcp-lease-time, dhcp-renewal-time, dhcp-rebinding-time, rfc3118-auth;"
],
"default-route": "update",
"default-route-distance": "1",
"name-server": "no-update"
},
"egress-qos": "0:0 1:0 2:0 3:0 4:0 5:0 6:6 7:0",
"firewall": {
"in": {
"name": "WAN_IN"
},
"local": {
"name": "WAN_LOCAL"
},
"out": {
"name": "WAN_OUT"
}
}
},
"838":{
"address":[
"dhcp"
],
"dhcp-options":{
"client-option":[
"send vendor-class-identifier "sagem";",
"send user-class "\\047FSVDSL_livebox.MLTV.softathome.Livebox4";",
"send dhcp-client-identifier 1:yy:yy:yy:yy:yy:yy;",
"request subnet-mask, routers, rfc3442-classless-static-routes;"
],
"default-route":"no-update",
"default-route-distance":"210",
"name-server":"update"
},
"egress-qos":"0:4 1:4 2:4 3:4 4:4 5:4 6:4 7:4"
},
"840":{
"address":[
"192.168.255.254/24"
],
"egress-qos":"0:5 1:5 2:5 3:5 4:5 5:5 6:5 7:5"
}
}
}
}
},
"port-forward": {
"auto-firewall": "disable",
"hairpin-nat": "enable",
"lan-interface": [
"eth1",
"eth0",
"eth0.10"
],
"wan-interface": "eth2.832"
},
"service": {
"dns": {
"dynamic": {
"interface": {
"eth2.832": {
"service": {
"dyndns": {
"host-name": [
"the.host.name"
],
"login": "thelogin",
"password": "thepassword",
"server": "dynupdate.no-ip.com"
}
}
}
}
},
"forwarding": {
"cache-size": "10000",
"except-interface": [
"eth2.832"
],
"options": [
"ptr-record=1.101.168.192.in-addr.arpa,UnifiSecurityGatewayPro4",
"host-record=unifi,192.168.101.12"
]
}
},
"nat": {
"rule": {
"6001": {
"description": "MASQ corporate_network to WAN",
"log": "disable",
"outbound-interface": "eth2.832",
"protocol": "all",
"source": {
"group": {
"network-group": "corporate_network"
}
},
"type": "masquerade"
},
"6002": {
"description": "MASQ remote_user_vpn_network to WAN",
"log": "disable",
"outbound-interface": "eth2.832",
"protocol": "all",
"source": {
"group": {
"network-group": "remote_user_vpn_network"
}
},
"type": "masquerade"
},
"6003": {
"description": "MASQ guest_network to WAN",
"log": "disable",
"outbound-interface": "eth2.832",
"protocol": "all",
"source": {
"group": {
"network-group": "guest_network"
}
},
"type": "masquerade"
},
"6004":{
"description":"MASQ Livebox_TV to WAN",
"log":"disable",
"outbound-interface":"eth2.838",
"protocol":"all",
"source":{
"group":{
"network-group":"corporate_network"
}
},
"type":"masquerade"
}
}
}
},
"protocols":{
"igmp-proxy":{
"disable-quickleave":"''",
"interface":{
"eth0":{
"role":"disabled",
"threshold":"1"
},
"eth1":{
"alt-subnet":[
"0.0.0.0/0"
],
"role":"downstream",
"threshold":"1"
},
"eth2":{
"role":"disabled",
"threshold":"1"
},
"eth2.832":{
"role":"disabled",
"threshold":"1"
},
"eth2.838":{
"role":"disabled",
"threshold":"1"
},
"eth2.840":{
"alt-subnet":[
"0.0.0.0/0"
],
"role":"upstream",
"threshold":"1"
},
"eth3":{
"role":"disabled",
"threshold":"1"
}
}
}
},
}
L'étape suivante est de faire marcher tout ça avec le double wan en failover only - of course, je perdrai la télé si ça bascule...