Tråd: Den Store Altibox tråden om hjemmesentral (internet)
View Single Post
silentspy
8
16. mars 2018
Sitat av sindrehaø Vis innlegg
Hvorfor denne, dette gjøres jo med masquerade regler...?

Kode

rule 10 {
     action modify
     description "traffic from IPTV to ETH3.101"
     modify {
         table 11
     }
     source {
         address 192.168.10.0/24
     }
 }
 rule 20 {
     action modify
     description "traffic from LAN to ETH3.102"
     modify {
         table 12
     }
     source {
         address 192.168.1.0/24
     }
 }
Hvorfor alle disse static routene?

Kode

route 172.21.0.0/16 {
    next-hop 10.168.224.1 {
    }
}
table 11 {
    route 0.0.0.0/0 {
        next-hop 10.168.224.1 {
        }
    }
}
table 12 {
    route 0.0.0.0/0 {
        next-hop 109.247.40.1 {
        }   
    }
}
Her skal det holde med:

Kode

route 172.21.0.0/16 {
    next-hop 10.168.224.1 {
    }
Vis hele sitatet...

Det holdt masse! det aktiverte seg etter jeg endret på IGMP proxyen. slik den ikke "spammer" så mye. fjernet også de ekstra modify reglene jeg lagde.

Config jeg har nå. kos dere!

Kode

# ruter: Edgerouter 4
# firmware: 1.10.0

# usikker på om dette faktiskt hjelper. men jeg fikk en del hits på denne regelen
set firewall name WAN_LOCAL rule 6 action accept
set firewall name WAN_LOCAL rule 6 description 'Allow IGMP'
set firewall name WAN_LOCAL rule 6 protocol igmp

# interface for IPTV. IPTV kobles i denne porten.
set interfaces ethernet eth0 address 192.168.10.1/24
set interfaces ethernet eth0 description IPTV
set interfaces ethernet eth0 duplex auto
set interfaces ethernet eth0 firewall in
set interfaces ethernet eth0 mtu 1500
set interfaces ethernet eth0 speed auto

# interface for LAN1 (alt annet på nettverket)
set interfaces ethernet eth1 address 192.168.1.1/24
set interfaces ethernet eth1 description LAN1
set interfaces ethernet eth1 duplex auto
set interfaces ethernet eth1 firewall in
set interfaces ethernet eth1 speed auto

# interface for LAN2 (ekstra nettverk for random bruk)
set interfaces ethernet eth2 address 10.0.0.1/24
set interfaces ethernet eth2 description LAN2
set interfaces ethernet eth2 duplex auto
set interfaces ethernet eth2 speed auto

#interface for Altibox. dette kobles direkte med fiber uttak fra veggen
#
# Hardware:
# https://www.fs.com/products/40459.html (kabel)
# https://www.fs.com/products/39135.html (SFP)

set interfaces ethernet eth3 description 'WAN IN SFP'
set interfaces ethernet eth3 duplex auto
set interfaces ethernet eth3 mac <DIN FMG HJEMMESENTRAL MAC ADRESSE(du finner dette på baksiden av hjemmesentralen)>
set interfaces ethernet eth3 speed auto
set interfaces ethernet eth3 vif 100 description ALTIBOX_CONFIG
set interfaces ethernet eth3 vif 100 mtu 1500
set interfaces ethernet eth3 vif 101 address dhcp
set interfaces ethernet eth3 vif 101 description 'Altibox IPTV'
set interfaces ethernet eth3 vif 101 dhcp-options default-route no-update
set interfaces ethernet eth3 vif 101 dhcp-options default-route-distance 210
set interfaces ethernet eth3 vif 101 dhcp-options name-server update
set interfaces ethernet eth3 vif 102 address dhcp
set interfaces ethernet eth3 vif 102 description 'Altibox Internet'
set interfaces ethernet eth3 vif 102 firewall in name WAN_IN
set interfaces ethernet eth3 vif 102 firewall local name WAN_LOCAL

# IGMP proxy. har kun downstream av 172.21.x.x for å unngå støy i nettverket
set protocols igmp-proxy interface eth0 role downstream
set protocols igmp-proxy interface eth0 threshold 1
set protocols igmp-proxy interface eth3.101 alt-subnet 172.21.0.0/16
set protocols igmp-proxy interface eth3.101 role upstream
set protocols igmp-proxy interface eth3.101 threshold 1

# Static route (nødvendig for IPTV)
set protocols static route 172.21.0.0/16 next-hop <ALTIBOX VLAN 101 DHCP GATEWAY IP> (hent ut med "show dhcp client leases interface eth3.101" i cli. sjekk router linjen.)

set service dhcp-server disabled false
set service dhcp-server hostfile-update enable
set service dhcp-server shared-network-name IPTV authoritative disable
set service dhcp-server shared-network-name IPTV subnet 192.168.10.0/24 dns-server <ALTIBOX VLAN 101 DHCP DNS IP #1> (hent ut med "show dhcp client leases interface eth3.101" i cli. sjekk nameserver linjen)
set service dhcp-server shared-network-name IPTV subnet 192.168.10.0/24 dns-server <ALTIBOX VLAN 101 DHCP DNS IP #2> (utfør slik som ovenfor. men bruk den som er etter den første ipen i samme linjen)
set service dhcp-server shared-network-name IPTV subnet 192.168.10.0/24 lease 86400
set service dhcp-server shared-network-name IPTV subnet 192.168.10.0/24 start 192.168.10.50 stop 192.168.10.100
set service dhcp-server shared-network-name LAN1 authoritative enable
set service dhcp-server shared-network-name LAN1 subnet 192.168.1.0/24 default-router 192.168.1.1
set service dhcp-server shared-network-name LAN1 subnet 192.168.1.0/24 dns-server 192.168.1.1
set service dhcp-server shared-network-name LAN1 subnet 192.168.1.0/24 dns-server 8.8.8.8
set service dhcp-server shared-network-name LAN1 subnet 192.168.1.0/24 domain-name home.lan
set service dhcp-server shared-network-name LAN1 subnet 192.168.1.0/24 lease 86400
set service dhcp-server shared-network-name LAN1 subnet 192.168.1.0/24 start 192.168.1.38 stop 192.168.1.243
set service dhcp-server shared-network-name LAN2 authoritative disable
set service dhcp-server shared-network-name LAN2 subnet 10.0.0.0/24 default-router 10.0.0.1
set service dhcp-server shared-network-name LAN2 subnet 10.0.0.0/24 dns-server 10.0.0.1
set service dhcp-server shared-network-name LAN2 subnet 10.0.0.0/24 dns-server 8.8.8.8
set service dhcp-server shared-network-name LAN2 subnet 10.0.0.0/24 lease 86400
set service dhcp-server shared-network-name LAN2 subnet 10.0.0.0/24 start 10.0.0.100 stop 10.0.0.200
set service dhcp-server static-arp disable

# because dnsmasq is awesomer
set service dhcp-server use-dnsmasq enable

set service dns forwarding cache-size 10000
set service dns forwarding listen-on eth1
set service dns forwarding listen-on eth2
set service dns forwarding listen-on eth0

# Broadcaster mdns enheter slik som chromecast mellom LAN1 og LAN2
set service mdns repeater interface eth2
set service mdns repeater interface eth1

# NAT regler for WAN og IPTV
set service nat rule 5010 description 'masquerade for WAN'
set service nat rule 5010 outbound-interface eth3.102
set service nat rule 5010 type masquerade
set service nat rule 5011 description 'MASQ for ALTIBOX IPTV'
set service nat rule 5011 destination address 172.21.0.0/16
set service nat rule 5011 outbound-interface eth3.101
set service nat rule 5011 protocol all
set service nat rule 5011 type masquerade

set system domain-name home.lan
set system host-name edgerouter

#forcer ruteren å bruke sin egen dns
set system name-server 127.0.0.1

set system offload hwnat disable
set system offload ipv4 forwarding enable
set system offload ipv4 vlan enable

# because norwegian rite?
set system time-zone Europe/Oslo
Sist endret av silentspy; 16. mars 2018 kl. 00:36.