#config for SFR
interface mvneta2 {
send raw-option 16 00:00:a0:0c:00:34:<code hexa de la chaine du Vendor class Identifier>;
send ia-pd 1;
request domain-name-servers;
script "/var/etc/dhcp6c_wan_script.sh";
};
id-assoc pd 1{
prefix ::/00 0 0;
prefix-interface mvneta1{
sla-id 1;
sla-len 8;
};
prefix-interface mvneta0{
sla-id 2;
sla-len 8;
};
};
interface: | OPT1 | Redirect target IP | 127.0.0.1 | |
protocol: | TCP/UDP | Redirect target Port | 89 | |
Source: | NB6_box_50 | Description | Redirect to local nginx changing ip_dhcp | |
Source Port Range: | Any | NAT Reflexion | Disabled | |
Destination: | invert Match, OPT1 Address | Filter Rule association | Rule NAT Redirect to local nginx changing ip_dhcp | |
Destination Port Range | HTTP |
#user nobody;
worker_processes 1;
pid /var/run/my_nginx.pid;
load_module /usr/local/libexec/nginx/ndk_http_module.so;
load_module /usr/local/libexec/nginx/ngx_http_lua_module.so;
# This default error log path is compiled-in to make sure configuration parsing
# errors are logged somewhere, especially during unattended boot when stderr
# isn't normally logged anywhere. This path will be touched on every nginx
# start regardless of error log location configured here. See
# https://trac.nginx.org/nginx/ticket/147 for more info.
#
error_log /usr/local/my_nginx/logs/system_error.log;
#
#pid logs/nginx.pid;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /usr/local/my_nginx/logs/global_access.log main;
error_log /usr/local/my_nginx/logs/global_error.log;
sendfile on;
#tcp_nopush on;
#keepalive_timeout 0;
keepalive_timeout 65;
#gzip on;
server {
include /usr/local/my_nginx/mvneta2_ip;
listen 89;
server_name localhost;
#charset koi8-r;
access_log /usr/local/my_nginx/logs/other_access.log main;
error_log /usr/local/my_nginx/logs/other_error.log;
rewrite_log on;
root /usr/local/my_nginx/www;
location / {
resolver <your DNS>;
add_header X-debug-message "other-site" always;
proxy_pass http://$http_host$uri$is_args$args;
}
}
server {
include /usr/local/my_nginx/mvneta2_ip;
listen 89;
server_name *.neufbox.sfr.net;
access_log /usr/local/my_nginx/logs/neufbox_access.log main;
error_log /usr/local/my_nginx/logs/neufbox_error.log;
root /usr/local/my_nginx/www;
location / {
set $xdebug_ip_dhcp "no";
set $xdebug_new_uri_ip "";
set $xdebug_old_uri_ip "";
if ($arg_ip_dhcp != "") {
access_by_lua_block {
local args, err = ngx.req.get_uri_args()
local wan_ip = ngx.var.xdebug_wan_ip
ngx.var.xdebug_old_uri_ip = args.ip_dhcp
args.ip_dhcp = wan_ip
ngx.var.xdebug_new_uri_ip = wan_ip
ngx.req.set_uri_args(args)
}
set $xdebug_ip_dhcp "yes";
}
add_header X-debug-message "ip_dhcp present: $xdebug_ip_dhcp, old ip_dhcp: $xdebug_old_uri_ip, new ip_dhcp: $xdebug_new_uri_ip" always;
proxy_set_header Accept-Encoding "";
resolver <your DNS> ipv6=off;
proxy_pass http://$http_host$uri$is_args$args;
sub_filter_types application/xml;
sub_filter_once off;
sub_filter residential.p-cscf.sfr.net</proxy> sip.parisdmz.lan</proxy>;
}
}
#!/bin/sh
#Sleep a little
sleep 5
# get the wan ip address in a file
ifconfig mvneta2 | grep "inet " | awk -F'[: ]' '{print "set $xdebug_wan_ip "$2";"}' > /usr/local/my_nginx/mvneta2_ip
#sleep a little
sleep 5
#check if my_nginx is already running if so kill it and restart
if [ -e /var/run/my_nginx.pid ]
then
echo "my_nginx is running so kill it..."
pkill -F /var/run/my_nginx.pid
fi
echo "(re)start my_nginx..."
/usr/local/sbin/nginx -c /usr/local/etc/nginx/my_nginx.conf
interface: | WAN | Redirect target IP | 192.168.50.203 | |
protocol: | UDP | Redirect target Port | 8000 | |
Source: | Any | Description | VOD SFR | |
Source Port Range: | Any | NAT Reflexion | Use System Default | |
Destination: | Wan Address | Filter Rule association | Rule NAT VOD SFR | |
Destination Port Range | From:8000 To 8999 |
Hello
Une petite question : pourquoi faire si compliqué ? je suis en train de chercher à mettre en place pfsense sur un PC recyclé pour l'occasion avec 2 ports réseaux.
Je comptais assez simplement connecter l'ONT à la box sfr comme c'est actuellement et tout désactiver. Réseau en 192.168.0.X
Le PC avec pfsense y sera relié sur l'un des 4 eth configuré en IP Fixe.
DMZ vers cette IP.
L'autre port de pfsense en 192.168.1.X servant de dhcp/dns/firewall etc ...
Le téléphone reste branché à la SFR Box. Pas de box TV (Android Box à la place comme bcp)
ça marcherait non ?
Ton post me mets le doute .... Pourquoi vouloir supprimer complètement la box opérateur, si elle ne fait plus que du transit de paquets ?