• 查看当前配置
show configuration commands

防火墙

set firewall all-ping enable
 set firewall broadcast-ping disable
 set firewall ipv6-receive-redirects disable
 set firewall ipv6-src-route disable
 set firewall ip-src-route disable
 set firewall log-martians enable
 set firewall name WAN_IN default-action drop
 set firewall name WAN_IN description 'WAN to internal'
 set firewall name WAN_IN rule 10 action accept
 set firewall name WAN_IN rule 10 description 'Allow established/related'
 set firewall name WAN_IN rule 10 state established enable
 set firewall name WAN_IN rule 10 state related enable
 set firewall name WAN_IN rule 20 action drop
 set firewall name WAN_IN rule 20 description 'Drop invalid state'
 set firewall name WAN_IN rule 20 state invalid enable
 set firewall name WAN_LOCAL default-action drop
 set firewall name WAN_LOCAL description 'WAN to router'
 set firewall name WAN_LOCAL rule 10 action accept
 set firewall name WAN_LOCAL rule 10 description 'Allow established/related'
 set firewall name WAN_LOCAL rule 10 state established enable
 set firewall name WAN_LOCAL rule 10 state related enable
 set firewall name WAN_LOCAL rule 20 action drop
 set firewall name WAN_LOCAL rule 20 description 'Drop invalid state'
 set firewall name WAN_LOCAL rule 20 state invalid enable
 set firewall options mss-clamp mss 1412
 set firewall receive-redirects disable
 set firewall send-redirects enable
 set firewall source-validation disable
 set firewall syn-cookies enable

设置管理通道

set interfaces ethernet eth0 address 192.168.1.1/24

set interfaces ethernet eth0 description 'Local 2'

set interfaces ethernet eth0 duplex auto

set interfaces ethernet eth0 speed auto

配置拨号端口

set interfaces ethernet eth1 description 'Internet (PPPoE)'

set interfaces ethernet eth1 duplex auto

set interfaces ethernet eth1 pppoe 0 default-route auto

set interfaces ethernet eth1 pppoe 0 firewall in name WAN_IN

set interfaces ethernet eth1 pppoe 0 firewall local name WAN_LOCAL

set interfaces ethernet eth1 pppoe 0 mtu 1492

set interfaces ethernet eth1 pppoe 0 name-server auto

set interfaces ethernet eth1 pppoe 0 password 123A

set interfaces ethernet eth1 pppoe 0 user-id 123

set interfaces ethernet eth1 speed auto

配置内网交换机

set interfaces ethernet eth2 description Local
 set interfaces ethernet eth2 duplex auto
 set interfaces ethernet eth2 speed auto
 set interfaces ethernet eth3 description Local
 set interfaces ethernet eth3 duplex auto
 set interfaces ethernet eth3 speed auto
 set interfaces ethernet eth4 description Local
 set interfaces ethernet eth4 duplex auto
 set interfaces ethernet eth4 speed auto
 set interfaces loopback lo
 set interfaces switch switch0 address 192.168.2.1/24
 set interfaces switch switch0 description Local
 set interfaces switch switch0 mtu 1500
 set interfaces switch switch0 switch-port interface eth2
 set interfaces switch switch0 switch-port interface eth3
 set interfaces switch switch0 switch-port interface eth4

配置dhcp

set service dhcp-server disabled false
 set service dhcp-server hostfile-update disable
 set service dhcp-server shared-network-name LAN1 authoritative disable
 set service dhcp-server shared-network-name LAN1 subnet 192.168.1.0/24 default-router 192.168.1.1
 set service dhcp-server shared-network-name LAN1 subnet 192.168.1.0/24 dns-server 192.168.1.1
 set service dhcp-server shared-network-name LAN1 subnet 192.168.1.0/24 lease 86400
 set service dhcp-server shared-network-name LAN1 subnet 192.168.1.0/24 start 192.168.1.21 stop 192.168.1.240
 set service dhcp-server shared-network-name LAN2 authoritative disable
 set service dhcp-server shared-network-name LAN2 subnet 192.168.2.0/24 default-router 192.168.2.1
 set service dhcp-server shared-network-name LAN2 subnet 192.168.2.0/24 dns-server 192.168.2.1
 set service dhcp-server shared-network-name LAN2 subnet 192.168.2.0/24 lease 86400
 set service dhcp-server shared-network-name LAN2 subnet 192.168.2.0/24 start 192.168.2.21 stop 192.168.2.240

配置dns

set service dns forwarding cache-size 150

set service dns forwarding listen-on eth0

set service dns forwarding listen-on switch0

配置nat

set service nat rule 5010 outbound-interface pppoe0

set service nat rule 5010 type masquerade

配置web管理端口和其他

set service gui https-port 443
 set service ssh port 22
 set service ssh protocol-version v2
 set system host-name ubnt
 set system login user ubnt authentication encrypted-password '$1$zKNoUbAo$gomzUbYvgyUMcD436Wo66.'
 set system login user ubnt level admin
 set system ntp server 0.ubnt.pool.ntp.org
 set system ntp server 1.ubnt.pool.ntp.org
 set system ntp server 2.ubnt.pool.ntp.org
 set system ntp server 3.ubnt.pool.ntp.org
 set system syslog global facility all level notice
 set system syslog global facility protocols level debug
 set system time-zone Asia/Shanghai
Copyright © opschina.org 2017 with zzlyzq@gmail.com all right reserved,powered by Gitbook该文件修订时间: 2017-07-11 11:32:48

results matching ""

    No results matching ""