Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


ForumsVetta and QuicQUIC DHCPv6-PD on Edgerouter-X
3l3m3nt

120 posts

Master Geek
+1 received by user: 152

ID Verified
Trusted
Lifetime subscriber

#306896 1-Sep-2023 22:51
Send private message

Hey fellow geeks,

 

To help others I thought I'd post my working config here. This is the working config for pppe0 on Quic Broadband with dual stack IPv4 and IPv6-PD.

 

Variables

 

WAN Interface: eth0 (No VLAN 10 - Thanks Quic!)
PPP Interface: pppoe0
LAN Interface: switch0 (over eth1-4)
LAN Subnet: 192.168.1.0/24

 

Full Config (just take the bits you need)

 

 

 

 firewall {
     all-ping enable
     broadcast-ping disable
     ipv6-name LANv6_IN {
         default-action accept
     }
     ipv6-name WANv6_IN {
         default-action drop
         rule 10 {
             action accept
             description "Allow established/related sessions"
             state {
                 established enable
                 related enable
             }
         }
         rule 20 {
             action drop
             description "Drop invalid state"
             state {
                 invalid enable
             }
         }
     }
     ipv6-name WANv6_LOCAL {
         default-action drop
         rule 10 {
             action accept
             description "Allow established/related sessions"
             state {
                 established enable
                 related enable
             }
         }
         rule 20 {
             action drop
             description "Drop invalid state"
             state {
                 invalid enable
             }
         }
         rule 30 {
             action accept
             description "Allow IPv6 icmp"
             protocol ipv6-icmp
         }
         rule 40 {
             action accept
             description "allow dhcpv6"
             destination {
                 port 546
             }
             protocol udp
             source {
                 port 547
             }
         }
     }
     ipv6-receive-redirects disable
     ipv6-src-route disable
     ip-src-route disable
     log-martians enable
     name LAN_IN {
         default-action accept
     }
     name WAN_IN {
         default-action drop
         rule 10 {
             action accept
             description "Allow established/related"
             state {
                 established enable
                 related enable
             }
         }
         rule 20 {
             action accept
             description "Allow ICMP"
             log disable
             protocol icmp
         }
         rule 30 {
             action drop
             description "Drop invalid state"
             log disable
             state {
                 invalid enable
             }
         }
     }
     name WAN_LOCAL {
         default-action drop
         rule 10 {
             action accept
             description "Allow established/related"
             state {
                 established enable
                 related enable
             }
         }
         rule 20 {
             action accept
             description "Allow ICMP"
             log disable
             protocol icmp
         }
         rule 30 {
             action drop
             description "Drop invalid state"
             log disable
             state {
                 invalid enable
             }
         }
     }
     receive-redirects disable
     send-redirects enable
     source-validation disable
     syn-cookies enable
 }
 interfaces {
     ethernet eth0 {
         duplex auto
         pppoe 0 {
             default-route auto
             dhcpv6-pd {
                 pd 0 {
                     interface switch0 {
                         host-address ::1
                         no-dns
                         service slaac
                     }
                     prefix-length /56
                 }
             }
             firewall {
                 in {
                     ipv6-name WANv6_IN
                     name WAN_IN
                 }
                 local {
                     ipv6-name WANv6_LOCAL
                     name WAN_LOCAL
                 }
             }
             ipv6 {
                 enable {
                 }
             }
             mtu 1500
             name-server auto
             password quic
             user-id quic@quic.nz
         }
         speed auto
     }
     ethernet eth1 {
         description Local
         duplex auto
         speed auto
     }
     ethernet eth2 {
         description Local
         duplex auto
         speed auto
     }
     ethernet eth3 {
         description Local
         duplex auto
         speed auto
     }
     ethernet eth4 {
         description Local
         duplex auto
         speed auto
     }
     loopback lo {
     }
     switch switch0 {
         address 192.168.1.1/24
         description Local
         firewall {
             in {
                 ipv6-name LANv6_IN
                 name LAN_IN
             }
         }
         mtu 1500
         switch-port {
             interface eth1 {
             }
             interface eth2 {
             }
             interface eth3 {
             }
             interface eth4 {
             }
             vlan-aware disable
         }
     }
 }
 port-forward {
     auto-firewall enable
     hairpin-nat enable
     lan-interface switch0
     wan-interface pppoe0
 }
 protocols {
     static {
         interface-route6 ::/0 {
             next-hop-interface pppoe0 {
             }
         }
     }
 }
 service {
     dhcp-server {
         disabled false
         hostfile-update disable
         shared-network-name LAN {
             authoritative enable
             subnet 192.168.1.0/24 {
                 default-router 192.168.1.1
                 dns-server 192.168.1.1
                 lease 86400
                 start 192.168.1.38 {
                     stop 192.168.1.243
                 }
             }
         }
         static-arp disable
         use-dnsmasq disable
     }
     dns {
         forwarding {
             cache-size 10000
             listen-on switch0
         }
     }
     gui {
         http-port 80
         https-port 443
         older-ciphers enable
     }
     nat {
         rule 5010 {
             log disable
             outbound-interface pppoe0
             protocol all
             type masquerade
         }
     }
     ssh {
         port 22
         protocol-version v2
     }
 }
 system {
     analytics-handler {
         send-analytics-report true
     }
     conntrack {
         expect-table-size 8192
         hash-size 65536
         table-size 262144
     }
     crash-handler {
         send-crash-report true
     }
     host-name quic-router
     login {
         user admin {
             authentication {
                 encrypted-password [password]
             }
             level admin
         }
     }
     ntp {
         server 0.ubnt.pool.ntp.org {
         }
         server 1.ubnt.pool.ntp.org {
         }
         server 2.ubnt.pool.ntp.org {
         }
         server 3.ubnt.pool.ntp.org {
         }
     }
     offload {
         hwnat enable
         ipsec enable
     }
     syslog {
         global {
             facility all {
                 level notice
             }
             facility protocols {
                 level debug
             }
         }
     }
     time-zone Pacific/Auckland
     traffic-analysis {
         dpi enable
         export enable
     }
 }




Dunedin, NZ
Quic Broadband  | Rocket 1G/1G Hyperfibre (Yes, you read that right!)
Dunedin Live Webcam (4K) | Quic Smokepings

 

Referral Links:
Quic (use R282731EPGJMG on checkout for free setup, and to help me pay for my fast internet addiction)
Contact Energy (use FRTDD2R for $100 credit)

Create new topic
RunningMan
9184 posts

Uber Geek
+1 received by user: 4834


  #3122804 1-Sep-2023 23:24
Send private message

You can use 1500 MTU



3l3m3nt

120 posts

Master Geek
+1 received by user: 152

ID Verified
Trusted
Lifetime subscriber

  #3122805 1-Sep-2023 23:47
Send private message

Hah! You're not wrong. The default appears to be 1492 bytes on the ER-X, but it seems to have no issue passing through a full 1500 byte packet after setting it to 1500 on the interface.

 

I'll update the config in the OP and get rid of the MSS clamping too.

 

Thanks for the tip!




Dunedin, NZ
Quic Broadband  | Rocket 1G/1G Hyperfibre (Yes, you read that right!)
Dunedin Live Webcam (4K) | Quic Smokepings

 

Referral Links:
Quic (use R282731EPGJMG on checkout for free setup, and to help me pay for my fast internet addiction)
Contact Energy (use FRTDD2R for $100 credit)

Lias
5655 posts

Uber Geek
+1 received by user: 3978

ID Verified
Trusted
Lifetime subscriber

  #3123314 3-Sep-2023 15:24
Send private message

You might want to post the output of "show configuration commands" rather than "show configuration"




I'm a geek, a gamer, a dad, a Quic user, and an IT Professional. I have a full rack home lab, size 15 feet, an epic beard and Asperger's. I'm a bit of a Cypherpunk, who believes information wants to be free and the Net interprets censorship as damage and routes around it. If you use my Quic signup you can also use the code R570394EKGIZ8 for free setup. Opinions are my own and not the views of my employer.



3l3m3nt

120 posts

Master Geek
+1 received by user: 152

ID Verified
Trusted
Lifetime subscriber

  #3123455 4-Sep-2023 09:40
Send private message

Yeah, might be easier.. here it is..

 

 

 

set firewall all-ping disable
set firewall broadcast-ping disable
set firewall ipv6-name LANv6_IN default-action accept
set firewall ipv6-name WANv6_IN default-action drop
set firewall ipv6-name WANv6_IN description 'WAN inbound traffic forwarded to LAN'
set firewall ipv6-name WANv6_IN enable-default-log
set firewall ipv6-name WANv6_IN rule 10 action accept
set firewall ipv6-name WANv6_IN rule 10 description 'Allow established/related sessions'
set firewall ipv6-name WANv6_IN rule 10 state established enable
set firewall ipv6-name WANv6_IN rule 10 state related enable
set firewall ipv6-name WANv6_IN rule 20 action drop
set firewall ipv6-name WANv6_IN rule 20 description 'Drop invalid state'
set firewall ipv6-name WANv6_IN rule 20 state invalid enable
set firewall ipv6-name WANv6_LOCAL default-action drop
set firewall ipv6-name WANv6_LOCAL description 'WAN inbound traffic to the router'
set firewall ipv6-name WANv6_LOCAL enable-default-log
set firewall ipv6-name WANv6_LOCAL rule 10 action accept
set firewall ipv6-name WANv6_LOCAL rule 10 description 'Allow established/related sessions'
set firewall ipv6-name WANv6_LOCAL rule 10 state established enable
set firewall ipv6-name WANv6_LOCAL rule 10 state related enable
set firewall ipv6-name WANv6_LOCAL rule 20 action drop
set firewall ipv6-name WANv6_LOCAL rule 20 description 'Drop invalid state'
set firewall ipv6-name WANv6_LOCAL rule 20 state invalid enable
set firewall ipv6-name WANv6_LOCAL rule 30 action accept
set firewall ipv6-name WANv6_LOCAL rule 30 description 'Allow IPv6 icmp'
set firewall ipv6-name WANv6_LOCAL rule 30 protocol ipv6-icmp
set firewall ipv6-name WANv6_LOCAL rule 40 action accept
set firewall ipv6-name WANv6_LOCAL rule 40 description 'allow dhcpv6'
set firewall ipv6-name WANv6_LOCAL rule 40 destination port 546
set firewall ipv6-name WANv6_LOCAL rule 40 protocol udp
set firewall ipv6-name WANv6_LOCAL rule 40 source port 547
set firewall ipv6-receive-redirects disable
set firewall ipv6-src-route disable
set firewall ip-src-route disable
set firewall log-martians enable
set firewall name LAN_IN default-action accept
set firewall name WAN_IN default-action drop
set firewall name WAN_IN description 'WAN to internal'
set firewall name WAN_IN rule 10 action accept
set firewall name WAN_IN rule 10 description 'Allow established/related'
set firewall name WAN_IN rule 10 state established enable
set firewall name WAN_IN rule 10 state related enable
set firewall name WAN_IN rule 20 action accept
set firewall name WAN_IN rule 20 description 'Allow ICMP'
set firewall name WAN_IN rule 20 log disable
set firewall name WAN_IN rule 20 protocol icmp
set firewall name WAN_IN rule 30 action drop
set firewall name WAN_IN rule 30 description 'Drop invalid state'
set firewall name WAN_IN rule 30 log disable
set firewall name WAN_IN rule 30 state invalid enable
set firewall name WAN_LOCAL default-action drop
set firewall name WAN_LOCAL description 'WAN to router'
set firewall name WAN_LOCAL rule 10 action accept
set firewall name WAN_LOCAL rule 10 description 'Allow established/related'
set firewall name WAN_LOCAL rule 10 state established enable
set firewall name WAN_LOCAL rule 10 state related enable
set firewall name WAN_LOCAL rule 20 action accept
set firewall name WAN_LOCAL rule 20 description 'Allow ICMP'
set firewall name WAN_LOCAL rule 20 log disable
set firewall name WAN_LOCAL rule 20 protocol icmp
set firewall name WAN_LOCAL rule 30 action drop
set firewall name WAN_LOCAL rule 30 description 'Drop invalid state'
set firewall name WAN_LOCAL rule 30 log disable
set firewall name WAN_LOCAL rule 30 state invalid enable
set firewall options
set firewall receive-redirects disable
set firewall send-redirects enable
set firewall source-validation disable
set firewall syn-cookies enable
set interfaces ethernet eth0 duplex auto
set interfaces ethernet eth0 pppoe 0 default-route auto
set interfaces ethernet eth0 pppoe 0 dhcpv6-pd pd 0 interface switch0 host-address '::1'
set interfaces ethernet eth0 pppoe 0 dhcpv6-pd pd 0 interface switch0 no-dns
set interfaces ethernet eth0 pppoe 0 dhcpv6-pd pd 0 interface switch0 service slaac
set interfaces ethernet eth0 pppoe 0 dhcpv6-pd pd 0 prefix-length /56
set interfaces ethernet eth0 pppoe 0 dhcpv6-pd rapid-commit enable
set interfaces ethernet eth0 pppoe 0 firewall in ipv6-name WANv6_IN
set interfaces ethernet eth0 pppoe 0 firewall in name WAN_IN
set interfaces ethernet eth0 pppoe 0 firewall local ipv6-name WANv6_LOCAL
set interfaces ethernet eth0 pppoe 0 firewall local name WAN_LOCAL
set interfaces ethernet eth0 pppoe 0 ipv6 dup-addr-detect-transmits 1
set interfaces ethernet eth0 pppoe 0 ipv6 enable
set interfaces ethernet eth0 pppoe 0 mtu 1500
set interfaces ethernet eth0 pppoe 0 name-server auto
set interfaces ethernet eth0 pppoe 0 password quic
set interfaces ethernet eth0 pppoe 0 user-id quic@quic.nz
set interfaces ethernet eth0 speed auto
set interfaces ethernet eth1 description Local
set interfaces ethernet eth1 duplex auto
set interfaces ethernet eth1 speed auto
set interfaces ethernet eth2 description Local
set interfaces ethernet eth2 duplex auto
set interfaces ethernet eth2 speed auto
set interfaces ethernet eth3 description Local
set interfaces ethernet eth3 duplex auto
set interfaces ethernet eth3 speed auto
set interfaces ethernet eth4 description Local
set interfaces ethernet eth4 duplex auto
set interfaces ethernet eth4 speed auto
set interfaces loopback lo
set interfaces switch switch0 address 192.168.1.1/24
set interfaces switch switch0 description Local
set interfaces switch switch0 firewall in ipv6-name LANv6_IN
set interfaces switch switch0 firewall in name LAN_IN
set interfaces switch switch0 mtu 1500
set interfaces switch switch0 switch-port interface eth1
set interfaces switch switch0 switch-port interface eth2
set interfaces switch switch0 switch-port interface eth3
set interfaces switch switch0 switch-port interface eth4
set interfaces switch switch0 switch-port vlan-aware disable
set port-forward auto-firewall enable
set port-forward hairpin-nat enable
set port-forward lan-interface switch0
set port-forward wan-interface pppoe0
set protocols static interface-route6 '::/0' next-hop-interface pppoe0
set service dhcp-server disabled false
set service dhcp-server hostfile-update disable
set service dhcp-server shared-network-name LAN authoritative enable
set service dhcp-server shared-network-name LAN subnet 192.168.1.0/24 default-router 192.168.1.1
set service dhcp-server shared-network-name LAN subnet 192.168.1.0/24 dns-server 192.168.1.1
set service dhcp-server shared-network-name LAN subnet 192.168.1.0/24 lease 86400
set service dhcp-server shared-network-name LAN subnet 192.168.1.0/24 start 192.168.1.38 stop 192.168.1.243
set service dhcp-server static-arp disable
set service dhcp-server use-dnsmasq disable
set service dns forwarding cache-size 10000
set service dns forwarding listen-on switch0
set service gui http-port 80
set service gui https-port 443
set service gui older-ciphers enable
set service nat rule 5010 description 'masquerade for WAN'
set service nat rule 5010 log disable
set service nat rule 5010 outbound-interface pppoe0
set service nat rule 5010 protocol all
set service nat rule 5010 type masquerade
set service ssh port 22
set service ssh protocol-version v2
set system analytics-handler send-analytics-report true
set system conntrack expect-table-size 8192
set system conntrack hash-size 65536
set system conntrack table-size 262144
set system crash-handler send-crash-report true
set system host-name quic-router
set system ipv6
set system login user admin authentication encrypted-password [password]
set system login user admin level admin
set system ntp server 0.ubnt.pool.ntp.org
set system ntp server 1.ubnt.pool.ntp.org
set system ntp server 2.ubnt.pool.ntp.org
set system ntp server 3.ubnt.pool.ntp.org
set system offload hwnat enable
set system offload ipsec enable
set system syslog global facility all level notice
set system syslog global facility protocols level debug
set system time-zone Pacific/Auckland
set system traffic-analysis dpi enable
set system traffic-analysis export enable




Dunedin, NZ
Quic Broadband  | Rocket 1G/1G Hyperfibre (Yes, you read that right!)
Dunedin Live Webcam (4K) | Quic Smokepings

 

Referral Links:
Quic (use R282731EPGJMG on checkout for free setup, and to help me pay for my fast internet addiction)
Contact Energy (use FRTDD2R for $100 credit)

mentalinc
3384 posts

Uber Geek
+1 received by user: 1023

Trusted

  #3169862 8-Dec-2023 21:12
Send private message

And a view of config for Edgerouter 4, slight differences with no switch

 

 

 

set firewall all-ping enable
set firewall broadcast-ping disable
set firewall group network-group LAN_NETWORKS description 'RFC1918 ranges'
set firewall group network-group LAN_NETWORKS network 192.168.0.0/16
set firewall group network-group LAN_NETWORKS network 172.16.0.0/12
set firewall group network-group LAN_NETWORKS network 10.0.0.0/8
set firewall ipv6-name WAN6_IN default-action drop
set firewall ipv6-name WAN6_IN rule 30 action accept
set firewall ipv6-name WAN6_IN rule 30 description 'allow ICMPv6'
set firewall ipv6-name WAN6_IN rule 30 protocol icmpv6
set firewall ipv6-name WANv6_IN default-action drop
set firewall ipv6-name WANv6_IN description 'WAN inbound traffic forwarded to LAN'
set firewall ipv6-name WANv6_IN enable-default-log
set firewall ipv6-name WANv6_IN rule 10 action accept
set firewall ipv6-name WANv6_IN rule 10 description 'Allow established/related sessions'
set firewall ipv6-name WANv6_IN rule 10 state established enable
set firewall ipv6-name WANv6_IN rule 10 state related enable
set firewall ipv6-name WANv6_IN rule 20 action drop
set firewall ipv6-name WANv6_IN rule 20 description 'Drop invalid state'
set firewall ipv6-name WANv6_IN rule 20 state invalid enable
set firewall ipv6-name WANv6_LOCAL default-action drop
set firewall ipv6-name WANv6_LOCAL description 'WAN inbound traffic to the router'
set firewall ipv6-name WANv6_LOCAL enable-default-log
set firewall ipv6-name WANv6_LOCAL rule 10 action accept
set firewall ipv6-name WANv6_LOCAL rule 10 description 'Allow established/related sessions'
set firewall ipv6-name WANv6_LOCAL rule 10 state established enable
set firewall ipv6-name WANv6_LOCAL rule 10 state related enable
set firewall ipv6-name WANv6_LOCAL rule 20 action drop
set firewall ipv6-name WANv6_LOCAL rule 20 description 'Drop invalid state'
set firewall ipv6-name WANv6_LOCAL rule 20 state invalid enable
set firewall ipv6-name WANv6_LOCAL rule 30 action accept
set firewall ipv6-name WANv6_LOCAL rule 30 description 'Allow IPv6 icmp'
set firewall ipv6-name WANv6_LOCAL rule 30 protocol ipv6-icmp
set firewall ipv6-name WANv6_LOCAL rule 40 action accept
set firewall ipv6-name WANv6_LOCAL rule 40 description 'allow dhcpv6'
set firewall ipv6-name WANv6_LOCAL rule 40 destination port 546
set firewall ipv6-name WANv6_LOCAL rule 40 protocol udp
set firewall ipv6-name WANv6_LOCAL rule 40 source port 547
set firewall ipv6-receive-redirects disable
set firewall ipv6-src-route disable
set firewall ip-src-route disable
set firewall log-martians enable
set firewall name WAN_IN default-action drop
set firewall name WAN_IN description 'WAN to internal'
set firewall name WAN_IN rule 10 action accept
set firewall name WAN_IN rule 10 description 'Allow established/related'
set firewall name WAN_IN rule 10 state established enable
set firewall name WAN_IN rule 10 state related enable
set firewall name WAN_IN rule 20 action drop
set firewall name WAN_IN rule 20 description 'Drop invalid state'
set firewall name WAN_IN rule 20 state invalid enable
set firewall name WAN_LOCAL default-action drop
set firewall name WAN_LOCAL description 'WAN to router'
set firewall name WAN_LOCAL rule 10 action accept
set firewall name WAN_LOCAL rule 10 description 'Allow established/related'
set firewall name WAN_LOCAL rule 10 state established enable
set firewall name WAN_LOCAL rule 10 state related enable
set firewall name WAN_LOCAL rule 20 action drop
set firewall name WAN_LOCAL rule 20 description 'Drop invalid state'
set firewall name WAN_LOCAL rule 20 state invalid enable
set firewall options
set firewall receive-redirects disable
set firewall send-redirects enable
set firewall source-validation disable
set firewall syn-cookies enable
set interfaces ethernet eth0 description 'quic.nz pppoe'
set interfaces ethernet eth0 duplex auto
set interfaces ethernet eth0 mtu 1508
set interfaces ethernet eth0 speed auto
set interfaces ethernet eth0 vif 10 description 'Internet (PPPoE)'
set interfaces ethernet eth0 vif 10 mtu 1508
set interfaces ethernet eth0 vif 10 pppoe 0 default-route auto
set interfaces ethernet eth0 vif 10 pppoe 0 dhcpv6-pd pd 0 interface eth1 host-address '::1'
set interfaces ethernet eth0 vif 10 pppoe 0 dhcpv6-pd pd 0 interface eth1 no-dns
set interfaces ethernet eth0 vif 10 pppoe 0 dhcpv6-pd pd 0 interface eth1 prefix-id ':0'
set interfaces ethernet eth0 vif 10 pppoe 0 dhcpv6-pd pd 0 interface eth1 service slaac
set interfaces ethernet eth0 vif 10 pppoe 0 dhcpv6-pd pd 0 interface eth2 host-address '::1'
set interfaces ethernet eth0 vif 10 pppoe 0 dhcpv6-pd pd 0 interface eth2 prefix-id ':1'
set interfaces ethernet eth0 vif 10 pppoe 0 dhcpv6-pd pd 0 interface eth2 service slaac
set interfaces ethernet eth0 vif 10 pppoe 0 dhcpv6-pd pd 0 prefix-length /56
set interfaces ethernet eth0 vif 10 pppoe 0 dhcpv6-pd rapid-commit enable
set interfaces ethernet eth0 vif 10 pppoe 0 firewall in ipv6-name WANv6_IN
set interfaces ethernet eth0 vif 10 pppoe 0 firewall in name WAN_IN
set interfaces ethernet eth0 vif 10 pppoe 0 firewall local ipv6-name WANv6_LOCAL
set interfaces ethernet eth0 vif 10 pppoe 0 firewall local name WAN_LOCAL
set interfaces ethernet eth0 vif 10 pppoe 0 ipv6 dup-addr-detect-transmits 1
set interfaces ethernet eth0 vif 10 pppoe 0 ipv6 enable
set interfaces ethernet eth0 vif 10 pppoe 0 mtu 1500
set interfaces ethernet eth0 vif 10 pppoe 0 name-server auto
set interfaces ethernet eth0 vif 10 pppoe 0 password quic
set interfaces ethernet eth0 vif 10 pppoe 0 user-id quic@quic.nz
set interfaces ethernet eth1 address 192.168.2.1/24
set interfaces ethernet eth1 description Local
set interfaces ethernet eth1 duplex auto
set interfaces ethernet eth1 speed auto
set interfaces ethernet eth2 address 172.16.1.1/24
set interfaces ethernet eth2 description Unit
set interfaces ethernet eth2 duplex auto
set interfaces ethernet eth2 speed auto
set interfaces ethernet eth3 duplex auto
set interfaces ethernet eth3 speed auto
set interfaces loopback lo
set port-forward auto-firewall enable
set port-forward hairpin-nat enable
set port-forward lan-interface eth1
set port-forward wan-interface pppoe0
set protocols static interface-route6 '::/0' next-hop-interface pppoe0
set service dhcp-server disabled false
set service dhcp-server hostfile-update disable
set service dhcp-server shared-network-name LAN1 authoritative enable
set service dhcp-server shared-network-name LAN1 subnet 192.168.2.0/24 default-router 192.168.2.1
set service dhcp-server shared-network-name LAN1 subnet 192.168.2.0/24 dns-server 192.168.2.4
set service dhcp-server shared-network-name LAN1 subnet 192.168.2.0/24 dns-server 192.168.2.6
set service dhcp-server shared-network-name LAN1 subnet 192.168.2.0/24 lease 86400
set service dhcp-server shared-network-name LAN1 subnet 192.168.2.0/24 start 192.168.2.38 stop 192.168.2.243
set service dhcp-server static-arp disable
set service dhcp-server use-dnsmasq disable
set service dns forwarding cache-size 10000
set service dns forwarding listen-on eth1
set service dns forwarding listen-on eth2
set service dns forwarding name-server 192.168.2.4
set service dns forwarding name-server 192.168.2.6
set service gui http-port 80
set service gui https-port 443
set service gui older-ciphers disable
set service nat rule 5010 description 'masquerade for WAN'
set service nat rule 5010 outbound-interface pppoe0
set service nat rule 5010 type masquerade
set service ssh port 22
set service ssh protocol-version v2
set service unms disable
set system analytics-handler send-analytics-report false
set system crash-handler send-crash-report false
set system host-name EdgeRouter-4
set system login user mentalinc authentication encrypted-password ''
set system login user mentalinc level admin
set system ntp server 0.ubnt.pool.ntp.org
set system ntp server 1.ubnt.pool.ntp.org
set system ntp server 2.ubnt.pool.ntp.org
set system ntp server 3.ubnt.pool.ntp.org
set system offload hwnat disable
set system offload ipv4 forwarding enable
set system offload ipv4 pppoe enable
set system syslog global facility all level notice
set system syslog global facility protocols level debug
set system time-zone Pacific/Auckland 




CPU: AMD 5900x | RAM: GSKILL Trident Z Neo RGB F4-3600C16D-32GTZNC-32-GB | MB:  Asus X570-E | GFX: EVGA FTW3 Ultra RTX 3080Ti| Monitor: LG 27GL850-B 2560x1440

 

Quic: https://account.quic.nz/refer/473833 R473833EQKIBX 

3l3m3nt

120 posts

Master Geek
+1 received by user: 152

ID Verified
Trusted
Lifetime subscriber

  #3169863 8-Dec-2023 21:13
Send private message

Thanks for sharing ☺️




Dunedin, NZ
Quic Broadband  | Rocket 1G/1G Hyperfibre (Yes, you read that right!)
Dunedin Live Webcam (4K) | Quic Smokepings

 

Referral Links:
Quic (use R282731EPGJMG on checkout for free setup, and to help me pay for my fast internet addiction)
Contact Energy (use FRTDD2R for $100 credit)

Create new topic








Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Updates »

Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.








RSS feeds
Main feed
Forums feed
Copyright
©2002-2026 Geekzone®
Site features
Geekzone BI dashboard
Geekzone Badges
Geekzone Status Page

 

Site Information
Subscribe to Geekzone
Privacy Statement
Forum Usage Guidelines (FUG)
Advertising
Trademark and copyright