Carbonwind.net
Home
Blog
Articles
Books
Links
Tools
About
Contact
Disclaimer
Forefront TMG
ISA Server
Vyatta OFR
VPN
Virtualization
Firewalls
Cisco
Miscellaneous
Wireless

 21.12.2007
Vyatta Configuration

protocols {
static {
disable: false
route 0.0.0.0/0 {
next-hop: 192.168.22.1
metric: 1
}
}
}
policy {
}
interfaces {
restore: false
loopback lo {
description: ""
}
ethernet eth0 {
disable: false
discard: false
description: ""
hw-id: 00:0c:29:73:0a:d2
duplex: "auto"
speed: "auto"
address 192.168.22.79 {
prefix-length: 24
disable: false
}
firewall {
in {
name: "exttoint"
}
local {
name: "ExtLocal"
}
}
}
ethernet eth1 {
disable: false
discard: false
description: ""
hw-id: 00:0c:29:73:0a:dc
duplex: "auto"
speed: "auto"
address 192.168.40.1 {
prefix-length: 24
disable: false
}
firewall {
in {
name: "IntoExt"
}
local {
name: "IntLocal"
}
}
}
}
service {
nat {
rule 10 {
type: "masquerade"
outbound-interface: "eth0"
source {
network: "192.168.40.0/24"
}
}
}
ssh {
port: 22
protocol-version: "v2"
}
webgui {
http-port: 80
https-port: 443
}
}
firewall {
log-martians: "enable"
send-redirects: "disable"
receive-redirects: "disable"
ip-src-route: "disable"
broadcast-ping: "disable"
syn-cookies: "enable"
name IntoExt {
rule 10 {
protocol: "tcp"
state {
established: "enable"
new: "enable"
related: "enable"
invalid: "disable"
}
action: "accept"
log: "disable"
source {
network: "192.168.40.0/24"
}
destination {
address: "192.168.22.234"
port-number 1723
}
}
rule 11 {
protocol: "gre"
action: "accept"
log: "disable"
source {
network: "192.168.40.0/24"
}
destination {
address: "192.168.22.234"
}
}
rule 12 {
protocol: "udp"
action: "accept"
log: "disable"
source {
network: "192.168.40.0/24"
}
destination {
address: "192.168.22.234"
port-number 500
port-number 4500
}
}
rule 13 {
protocol: "udp"
action: "accept"
log: "disable"
source {
network: "192.168.40.0/24"
}
destination {
address: "192.168.22.1"
port-number 53
}
}
rule 14 {
protocol: "tcp"
state {
established: "enable"
new: "enable"
related: "enable"
invalid: "disable"
}
action: "accept"
log: "disable"
source {
network: "192.168.40.0/24"
}
destination {
port-number 80
port-number 443
}
}
}
name ExtLocal {
rule 10 {
protocol: "all"
action: "drop"
log: "disable"
}
}
name IntLocal {
rule 10 {
protocol: "tcp"
state {
established: "enable"
new: "enable"
related: "enable"
invalid: "disable"
}
action: "accept"
log: "disable"
source {
network: "192.168.40.0/24"
}
destination {
port-number 443
port-number 22
}
}
rule 11 {
protocol: "udp"
action: "accept"
log: "disable"
source {
address: "192.168.40.2"
port-range {
start: 44440
stop: 44450
}
}
}
}
name exttoint {
rule 10 {
protocol: "tcp"
state {
established: "enable"
related: "enable"
invalid: "disable"
}
action: "accept"
log: "disable"
source {
address: "192.168.22.234"
port-number 1723
}
destination {
network: "192.168.40.0/24"
}
}
rule 11 {
protocol: "gre"
action: "accept"
log: "disable"
source {
address: "192.168.22.234"
}
destination {
network: "192.168.40.0/24"
}
}
rule 12 {
protocol: "udp"
action: "accept"
log: "disable"
source {
address: "192.168.22.234"
port-number 500
port-number 4500
}
destination {
network: "192.168.40.0/24"
}
}
rule 13 {
protocol: "udp"
action: "accept"
log: "disable"
source {
address: "192.168.22.1"
port-number 53
}
destination {
network: "192.168.40.0/24"
}
}
rule 14 {
protocol: "tcp"
state {
established: "enable"
related: "enable"
invalid: "disable"
}
action: "accept"
log: "disable"
source {
port-number 80
port-number 443
}
destination {
network: "192.168.40.0/24"
}
}
}
}
system {
host-name: "carbon"
domain-name: ""
time-zone: "GMT"
ntp-server "69.59.150.135"
login {
user root {
full-name: ""
authentication {
encrypted-password: "Do you really care about that ? "
plaintext-password: ""
}
}
user adrian {
full-name: ""
authentication {
encrypted-password: "Do you really care about that ? "
plaintext-password: ""
}
}
}
package {
auto-sync: 1
repository community {
component: "main"
url: http://archive.vyatta.com/vyatta
}
}
}
Copyright ©2010 Adrian F. Dimcev