Bruker UF-SM-1G-S som fibermodul.
Jepp, det kan du absolutt, så lenge du har en managed switch i enden med TVen.
Jepp, det kan du absolutt, så lenge du har en managed switch i enden med TVen.
2391
1235364
|
firewall { all-ping enable broadcast-ping disable group { network-group TV_WAN { description "" network 172.21.0.0/16 } } ipv6-receive-redirects disable ipv6-src-route disable ip-src-route disable log-martians enable name WAN_IN { default-action drop description "WAN to internal" rule 10 { action accept description "Allow established/related" state { established enable related enable } } rule 20 { action drop description "Drop invalid state" log disable state { invalid enable } } } name WAN_LOCAL { default-action drop description "WAN to router" rule 10 { action accept description "Allow established/related" state { established enable related enable } } rule 20 { action drop description "Drop invalid state" log disable state { invalid enable } } } receive-redirects disable send-redirects enable source-validation disable syn-cookies enable } interfaces { ethernet eth0 { description Internet duplex auto mac xxxxxxxxxxx speed auto vif 101 { address dhcp description TV } vif 102 { address dhcp description Inet firewall { in { name WAN_IN } local { name WAN_LOCAL } } } } ethernet eth1 { address 192.168.2.40/24 description Local duplex auto speed auto } ethernet eth2 { address 10.1.2.1/24 description Anneks duplex auto speed auto } ethernet eth3 { duplex auto speed auto } loopback lo { } } protocols { static { route 172.21.0.0/16 { next-hop 10.194.x.x { } } } } service { dhcp-server { disabled false hostfile-update disable shared-network-name LAN1 { authoritative disable subnet 192.168.2.0/24 { default-router 192.168.2.40 dns-server 192.168.2.40 lease 86400 start 192.168.2.100 { stop 192.168.2.243 } } } shared-network-name LAN2 { authoritative disable subnet 10.1.2.0/24 { default-router 10.1.2.1 dns-server 10.1.2.1 lease 86400 start 10.1.2.100 { stop 10.1.2.243 } } } static-arp disable use-dnsmasq disable } dns { dynamic { interface eth0 { service dyndns { host-name xxxxxxxxx login xxxxxxxxx password xxxxxxxxxxxxx } web dyndns } } forwarding { cache-size 150 listen-on eth1 listen-on eth2 } } gui { http-port 80 https-port 443 older-ciphers enable } nat { rule 5010 { description "masquerade for WAN" log disable outbound-interface eth0.102 protocol all type masquerade } rule 5011 { description "masquerade for TV_WAN" destination { group { network-group TV_WAN } } log disable outbound-interface eth0.101 protocol all source { group { } } type masquerade } } ssh { port 22 protocol-version v2 } unms { disable } } system { host-name ubnt login { user ubnt { authentication { encrypted-password $6$PbzL5/Xi3xxxxxxxxxxxxxxxxxx } level admin } } ntp { server 0.ubnt.pool.ntp.org { } server 1.ubnt.pool.ntp.org { } server 2.ubnt.pool.ntp.org { } server 3.ubnt.pool.ntp.org { } } syslog { global { facility all { level notice } facility protocols { level debug } } } time-zone Europe/Oslo traffic-analysis { dpi disable export disable } }
vif 101 { address dhcp description "Altibox IPTV" dhcp-options { default-route no-update default-route-distance 210 name-server update } }
igmp-proxy { interface eth0.101 { role downstream threshold 1 } interface eth1 { alt-subnet 172.21.0.0/16 role upstream threshold 1 } interface eth2 { alt-subnet 172.21.0.0/16 role upstream threshold 1 } }
igmp-proxy { interface eth1 { role downstream threshold 1 } interface eth2 { role downstream threshold 1 } interface eth0.101 { alt-subnet 172.21.0.0/16 role upstream threshold 1 } }
name LAN1_LAN2 { default-action accept description "Hus til Anneks" rule 1 { action drop description "Drop all from LAN1 to LAN2" destination { group { address-group NETv4_eth2 } } log disable protocol all } } name LAN2_LAN1 { default-action accept description "" rule 1 { action drop destination { group { address-group NETv4_eth1 } } log disable protocol all } } name LAN2_LOCAL { default-action accept description "" rule 1 { action drop description "Block router LAN IP" destination { address 192.168.2.40 } log disable protocol all }
ethernet eth1 { address 192.168.2.40/24 description Local duplex auto firewall { out { name LAN1_LAN2 } } speed auto } ethernet eth2 { address 10.1.2.1/24 description Anneks duplex auto firewall { local { name LAN2_LOCAL } out { name LAN2_LAN1 } } speed auto
firewall { all-ping enable broadcast-ping disable group { network-group TV_WAN { description "" network 172.21.0.0/16 } } ipv6-receive-redirects disable ipv6-src-route disable ip-src-route disable log-martians enable name WAN_IN { default-action drop description "WAN to internal" rule 10 { action accept description "Allow established/related" state { established enable related enable } } rule 20 { action drop description "Drop invalid state" log disable state { invalid enable } } } name WAN_LOCAL { default-action drop description "WAN to router" rule 10 { action accept description "Allow established/related" state { established enable related enable } } rule 20 { action drop description "Drop invalid state" log disable state { invalid enable } } } receive-redirects disable send-redirects enable source-validation disable syn-cookies enable }
firewall { all-ping enable broadcast-ping disable group { network-group TV_WAN { description IPTV network 172.21.0.0/16 } } ipv6-receive-redirects disable ipv6-src-route disable ip-src-route disable log-martians enable name WAN_IN { default-action drop description "WAN to internal" rule 10 { action accept description "Allow established/related" state { established enable related enable } } rule 20 { action drop description "Drop invalid state" state { invalid enable } } } name WAN_LOCAL { default-action drop description "WAN to router" rule 6 { action accept description "Allow IGMP" protocol igmp } rule 10 { action accept description "Allow established/related" state { established enable related enable } } rule 20 { action drop description "Drop invalid state" state { invalid enable } } } receive-redirects disable send-redirects enable source-validation disable syn-cookies enable } igmp-proxy { interface eth1 { role downstream threshold 1 } interface eth2 { role downstream threshold 1 } interface eth3.101 { alt-subnet 172.21.0.0/16 role upstream threshold 1 } } interfaces { ethernet eth0 { duplex auto speed auto } ethernet eth1 { address 192.168.1.1/24 description Local duplex auto speed auto } ethernet eth2 { address 192.168.2.1/24 description "Local 2" duplex auto speed auto } ethernet eth3 { duplex auto speed auto vif 101 { address dhcp description "Altibox IPTV" dhcp-options { default-route no-update default-route-distance 210 name-server update } } vif 102 { address dhcp description Internet firewall { in { name WAN_IN } local { name WAN_LOCAL } } } } loopback lo { } } protocols { static { interface-route 172.21.0.0/16 { next-hop-interface eth1 { description IPTV disable distance 255 } next-hop-interface eth3.101 { description IPTV disable } } route 172.21.0.0/16 { next-hop 10.172.82.1 { } next-hop 10.174.82.1 { disable } next-hop 10.174.198.1 { disable } } } } service { dhcp-server { disabled false hostfile-update disable shared-network-name LAN1 { authoritative enable subnet 192.168.1.0/24 { default-router 192.168.1.1 dns-server 192.168.1.1 lease 86400 start 192.168.1.38 { stop 192.168.1.243 } } } shared-network-name LAN2 { authoritative enable subnet 192.168.2.0/24 { default-router 192.168.2.1 dns-server 192.168.2.1 lease 86400 start 192.168.2.38 { stop 192.168.2.243 } } } static-arp disable use-dnsmasq disable } dns { forwarding { cache-size 150 listen-on eth1 listen-on eth2 } } gui { http-port 80 https-port 443 older-ciphers enable } nat { rule 5010 { description "masquerade for WAN" outbound-interface eth3.102 protocol all type masquerade } rule 5011 { description "masquerade for TV_WAN" destination { group { network-group TV_WAN } } log disable outbound-interface eth3.101 protocol all source { group { } } type masquerade } } ssh { port 22 protocol-version v2 } } system { host-name ubnt login { user xxxxxx{ authentication { encrypted-password xxxxxxx } level admin } } ntp { server 0.ubnt.pool.ntp.org { } server 1.ubnt.pool.ntp.org { } server 2.ubnt.pool.ntp.org { } server 3.ubnt.pool.ntp.org { } } syslog { global { facility all { level notice } facility protocols { level debug } } } time-zone UTC } /* Warning: Do not remove the following line. */ /* === vyatta-config-version: "config-management@1:conntrack@1:cron@1:dhcp-relay@1:dhcp-server@4:firewall@5:ipsec@5:nat@3:qos@1:quagga@2:system@4:ubnt-pptp@1:ubnt-udapi-server@1:ubnt-unms@1:ubnt-util@1:vrrp@1:webgui@1:webproxy@1:zone-policy@1" === */ /* Release version: v1.10.5.5098942.180622.1611 */
16:39:52.863810 IP 10.172.82.1 > 224.0.0.13: PIMv2, Hello, length 30 16:39:53.963949 IP 10.172.82.1 > 224.0.0.13: PIMv2, Hello, length 30 16:39:55.064062 IP 10.172.82.1 > 224.0.0.13: PIMv2, Hello, length 30 16:39:55.561597 IP 192.168.1.1.54472 > 255.255.255.255.10001: UDP, length 4 16:39:56.164185 IP 10.172.82.1 > 224.0.0.13: PIMv2, Hello, length 30 16:39:57.264251 IP 10.172.82.1 > 224.0.0.13: PIMv2, Hello, length 30 16:39:58.364399 IP 10.172.82.1 > 224.0.0.13: PIMv2, Hello, length 30 16:39:59.464436 IP 10.172.82.1 > 224.0.0.13: PIMv2, Hello, length 30 16:40:00.564554 IP 10.172.82.1 > 224.0.0.13: PIMv2, Hello, length 30 16:40:01.664626 IP 10.172.82.1 > 224.0.0.13: PIMv2, Hello, length 30 16:40:02.764705 IP 10.172.82.1 > 224.0.0.13: PIMv2, Hello, length 30 16:40:03.864818 IP 10.172.82.1 > 224.0.0.13: PIMv2, Hello, length 30 16:40:04.964946 IP 10.172.82.1 > 224.0.0.13: PIMv2, Hello, length 30 16:40:06.064975 IP 10.172.82.1 > 224.0.0.13: PIMv2, Hello, length 30 16:40:07.165091 IP 10.172.82.1 > 224.0.0.13: PIMv2, Hello, length 30 16:40:08.265236 IP 10.172.82.1 > 224.0.0.13: PIMv2, Hello, length 30 16:40:09.365292 IP 10.172.82.1 > 224.0.0.13: PIMv2, Hello, length 30 16:40:10.465374 IP 10.172.82.1 > 224.0.0.13: PIMv2, Hello, length 30 16:40:11.565517 IP 10.172.82.1 > 224.0.0.13: PIMv2, Hello, length 30 16:40:12.665654 IP 10.172.82.1 > 224.0.0.13: PIMv2, Hello, length 30 16:40:13.047703 IP 10.172.82.1 > 224.0.0.1: igmp query v2 16:40:13.765662 IP 10.172.82.1 > 224.0.0.13: PIMv2, Hello, length 30 16:40:14.865731 IP 10.172.82.1 > 224.0.0.13: PIMv2, Hello, length 30 16:40:15.965854 IP 10.172.82.1 > 224.0.0.13: PIMv2, Hello, length 30 16:40:17.065954 IP 10.172.82.1 > 224.0.0.13: PIMv2, Hello, length 30 16:40:18.166010 IP 10.172.82.1 > 224.0.0.13: PIMv2, Hello, length 30 16:40:19.266122 IP 10.172.82.1 > 224.0.0.13: PIMv2, Hello, length 30 16:40:19.399126 IP 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request from fc:ec:da:43:52:71, length 300 16:40:20.078229 IP 10.172.82.1 > 239.193.4.88: igmp query v2 [max resp time 10] [gaddr 239.193.4.88] 16:40:20.366240 IP 10.172.82.1 > 224.0.0.13: PIMv2, Hello, length 30 16:40:21.080438 IP 10.172.82.1 > 239.193.4.88: igmp query v2 [max resp time 10] [gaddr 239.193.4.88] 16:40:21.466315 IP 10.172.82.1 > 224.0.0.13: PIMv2, Hello, length 30 16:40:22.566422 IP 10.172.82.1 > 224.0.0.13: PIMv2, Hello, length 30 16:40:22.868948 IP 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request from fc:ec:da:43:52:71, length 300 16:40:23.666500 IP 10.172.82.1 > 224.0.0.13: PIMv2, Hello, length 30 16:40:24.766614 IP 10.172.82.1 > 224.0.0.13: PIMv2, Hello, length 30 16:40:25.866693 IP 10.172.82.1 > 224.0.0.13: PIMv2, Hello, length 30 16:40:26.638055 IP 192.168.1.1.47667 > 255.255.255.255.10001: UDP, length 4 16:40:26.966785 IP 10.172.82.1 > 224.0.0.13: PIMv2, Hello, length 30 16:40:28.066873 IP 10.172.82.1 > 224.0.0.13: PIMv2, Hello, length 30 16:40:28.338947 IP 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request from fc:ec:da:43:52:71, length 300 16:40:29.166981 IP 10.172.82.1 > 224.0.0.13: PIMv2, Hello, length 30 16:40:30.267046 IP 10.172.82.1 > 224.0.0.13: PIMv2, Hello, length 30 16:40:31.367308 IP 10.172.82.1 > 224.0.0.13: PIMv2, Hello, length 30 16:40:32.467257 IP 10.172.82.1 > 224.0.0.13: PIMv2, Hello, length 30 16:40:33.567389 IP 10.172.82.1 > 224.0.0.13: PIMv2, Hello, length 30 16:40:34.667444 IP 10.172.82.1 > 224.0.0.13: PIMv2, Hello, length 30 16:40:35.767551 IP 10.172.82.1 > 224.0.0.13: PIMv2, Hello, length 30 16:40:36.867659 IP 10.172.82.1 > 224.0.0.13: PIMv2, Hello, length 30 16:40:36.938945 IP 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request from fc:ec:da:43:52:71, length 300 16:40:37.967749 IP 10.172.82.1 > 224.0.0.13: PIMv2, Hello, length 30 16:40:39.067814 IP 10.172.82.1 > 224.0.0.13: PIMv2, Hello, length 30 16:40:40.167975 IP 10.172.82.1 > 224.0.0.13: PIMv2, Hello, length 30 16:40:41.268005 IP 10.172.82.1 > 224.0.0.13: PIMv2, Hello, length 30 16:40:42.368103 IP 10.172.82.1 > 224.0.0.13: PIMv2, Hello, length 30 16:40:43.468172 IP 10.172.82.1 > 224.0.0.13: PIMv2, Hello, length 30 16:40:44.568306 IP 10.172.82.1 > 224.0.0.13: PIMv2, Hello, length 30 16:40:45.668394 IP 10.172.82.1 > 224.0.0.13: PIMv2, Hello, length 30 16:40:46.768501 IP 10.172.82.1 > 224.0.0.13: PIMv2, Hello, length 30 16:40:47.868571 IP 10.172.82.1 > 224.0.0.13: PIMv2, Hello, length 30 16:40:48.968673 IP 10.172.82.1 > 224.0.0.13: PIMv2, Hello, length 30 16:40:50.068769 IP 10.172.82.1 > 224.0.0.13: PIMv2, Hello, length 30 16:40:51.168854 IP 10.172.82.1 > 224.0.0.13: PIMv2, Hello, length 30 16:40:52.268965 IP 10.172.82.1 > 224.0.0.13: PIMv2, Hello, length 30 16:40:53.369092 IP 10.172.82.1 > 224.0.0.13: PIMv2, Hello, length 30 16:40:54.469107 IP 10.172.82.1 > 224.0.0.13: PIMv2, Hello, length 30 16:40:55.569238 IP 10.172.82.1 > 224.0.0.13: PIMv2, Hello, length 30 16:40:56.669333 IP 10.172.82.1 > 224.0.0.13: PIMv2, Hello, length 30 16:40:57.258949 IP 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request from fc:ec:da:43:52:71, length 300 16:40:57.719996 IP 192.168.1.1.52367 > 255.255.255.255.10001: UDP, length 4 16:40:57.769450 IP 10.172.82.1 > 224.0.0.13: PIMv2, Hello, length 30 16:40:58.869509 IP 10.172.82.1 > 224.0.0.13: PIMv2, Hello, length 30 16:40:59.969600 IP 10.172.82.1 > 224.0.0.13: PIMv2, Hello, length 30 16:41:01.069692 IP 10.172.82.1 > 224.0.0.13: PIMv2, Hello, length 30 16:41:02.169771 IP 10.172.82.1 > 224.0.0.13: PIMv2, Hello, length 30 16:41:03.269890 IP 10.172.82.1 > 224.0.0.13: PIMv2, Hello, length 30 16:41:04.369999 IP 10.172.82.1 > 224.0.0.13: PIMv2, Hello, length 30 16:41:05.470079 IP 10.172.82.1 > 224.0.0.13: PIMv2, Hello, length 30 16:41:06.570156 IP 10.172.82.1 > 224.0.0.13: PIMv2, Hello, length 30 16:41:07.670270 IP 10.172.82.1 > 224.0.0.13: PIMv2, Hello, length 30 16:41:08.770411 IP 10.172.82.1 > 224.0.0.13: PIMv2, Hello, length 30 16:41:09.870449 IP 10.172.82.1 > 224.0.0.13: PIMv2, Hello, length 30 16:41:10.970566 IP 10.172.82.1 > 224.0.0.13: PIMv2, Hello, length 30 16:41:12.070621 IP 10.172.82.1 > 224.0.0.13: PIMv2, Hello, length 30 16:41:12.878980 IP 10.172.82.1 > 239.193.4.171: igmp query v2 [max resp time 10] [gaddr 239.193.4.171] 16:41:12.918945 IP 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request from fc:ec:da:43:52:71, length 300 16:41:13.052821 IP 10.172.82.1 > 224.0.0.1: igmp query v2 16:41:13.170718 IP 10.172.82.1 > 224.0.0.13: PIMv2, Hello, length 30 16:41:13.875510 IP 10.172.82.1 > 239.193.4.171: igmp query v2 [max resp time 10] [gaddr 239.193.4.171] 16:41:14.270835 IP 10.172.82.1 > 224.0.0.13: PIMv2, Hello, length 30 16:41:14.878627 IP 10.172.82.1 > 239.193.4.171: igmp query v2 [max resp time 10] [gaddr 239.193.4.171] 16:41:15.370931 IP 10.172.82.1 > 224.0.0.13: PIMv2, Hello, length 30 16:41:15.980960 IP 10.172.82.1 > 239.193.4.171: igmp query v2 [max resp time 10] [gaddr 239.193.4.171] 16:41:16.470995 IP 10.172.82.1 > 224.0.0.13: PIMv2, Hello, length 30 16:41:17.571132 IP 10.172.82.1 > 224.0.0.13: PIMv2, Hello, length 30 16:41:18.671189 IP 10.172.82.1 > 224.0.0.13: PIMv2, Hello, length 30 16:41:19.771327 IP 10.172.82.1 > 224.0.0.13: PIMv2, Hello, length 30 16:41:20.871384 IP 10.172.82.1 > 224.0.0.13: PIMv2, Hello, length 30 16:41:21.971499 IP 10.172.82.1 > 224.0.0.13: PIMv2, Hello, length 30 16:41:23.071571 IP 10.172.82.1 > 224.0.0.13: PIMv2, Hello, length 30 16:41:24.171669 IP 10.172.82.1 > 224.0.0.13: PIMv2, Hello, length 30 16:41:25.271750 IP 10.172.82.1 > 224.0.0.13: PIMv2, Hello, length 30 16:41:26.371871 IP 10.172.82.1 > 224.0.0.13: PIMv2, Hello, length 30
set interfaces ethernet eth3.101 mac 00:00:00:00:00:01
igmp-proxy { interface eth0.101 { alt-subnet 0.0.0.0/0 role upstream threshold 1 } interface eth1 { alt-subnet 0.0.0.0/0 role downstream threshold 1
protocols { static { interface-route 172.21.0.0/16 { next-hop-interface eth1 { description IPTV disable distance 255 } next-hop-interface eth3.101 { description IPTV disable } } route 172.21.0.0/16 { next-hop 10.172.82.1 { } next-hop 10.174.82.1 { disable } next-hop 10.174.198.1 { disable } } } }
static { route 172.21.0.0/16 { next-hop 10.169.130.1 { distance 1 } } }
|