Carbonwind.net
Home
Blog
Articles
Books
Links
Tools
About
Contact
Disclaimer
Forefront TMG
ISA Server
Vyatta OFR
VPN
Virtualization
Firewalls
Cisco
Miscellaneous
Wireless

 21.12.2007
Vyatta Configuration

protocols {
static {
disable: false
route 0.0.0.0/0 {
next-hop: 192.168.22.1
metric: 1
}
}
}
policy {
}
interfaces {
restore: false
loopback lo {
description: ""
}
ethernet eth0 {
disable: false
discard: false
description: ""
hw-id: 00:0c:29:75:5c:57
duplex: "auto"
speed: "auto"
address 192.168.22.225 {
prefix-length: 24
disable: false
}
firewall {
in {
name: "exttoint"
}
local {
name: "extlocal"
}
}
}
ethernet eth1 {
disable: false
discard: false
description: ""
hw-id: 00:0c:29:75:5c:61
duplex: "auto"
speed: "auto"
address 192.168.40.1 {
prefix-length: 24
disable: false
}
firewall {
in {
name: "intoext"
}
local {
name: "intlocal"
}
}
}
}
service {
nat {
rule 10 {
type: "source"
outbound-interface: "eth0"
source {
network: "192.168.40.0/24"
}
destination {
network: "!192.168.10.0/24"
}
outside-address {
address: 192.168.22.225
}
}
}
ssh {
port: 22
protocol-version: "v2"
}
webgui {
http-port: 80
https-port: 443
}
}
firewall {
log-martians: "enable"
send-redirects: "disable"
receive-redirects: "disable"
ip-src-route: "disable"
broadcast-ping: "disable"
syn-cookies: "enable"
name intoext {
rule 10 {
protocol: "tcp"
state {
established: "enable"
new: "enable"
related: "enable"
invalid: "disable"
}
action: "accept"
log: "disable"
source {
network: "192.168.40.0/24"
}
destination {
network: "192.168.10.0/24"
}
}
rule 11 {
protocol: "udp"
action: "accept"
log: "disable"
source {
network: "192.168.40.0/24"
}
destination {
network: "192.168.10.0/24"
}
}
rule 12 {
protocol: "icmp"
icmp {
type: "8"
code: "0"
}
action: "accept"
log: "disable"
source {
network: "192.168.40.0/24"
}
destination {
network: "192.168.10.0/24"
}
}
rule 13 {
protocol: "icmp"
icmp {
type: "0"
code: "0"
}
action: "accept"
log: "disable"
source {
network: "192.168.40.0/24"
}
destination {
network: "192.168.10.0/24"
}
}
rule 14 {
protocol: "udp"
action: "accept"
log: "disable"
source {
network: "192.168.40.0/24"
}
destination {
address: "192.168.22.1"
port-number 53
}
}
rule 15 {
protocol: "tcp"
state {
established: "enable"
new: "enable"
related: "enable"
invalid: "disable"
}
action: "accept"
log: "disable"
source {
network: "192.168.40.0/24"
}
destination {
network: "!192.168.10.0/24"
port-number 80
port-number 443
}
}
}
name extlocal {
rule 1 {
protocol: "udp"
action: "accept"
log: "disable"
source {
address: "192.168.22.234"
}
destination {
port-number 500
}
}
rule 2 {
protocol: "esp"
action: "accept"
log: "disable"
source {
address: "192.168.22.234"
}
}
rule 3 {
protocol: "icmp"
icmp {
type: "0"
code: "0"
}
action: "accept"
log: "disable"
}
}
name exttoint {
rule 10 {
protocol: "tcp"
state {
established: "enable"
new: "enable"
related: "enable"
invalid: "disable"
}
action: "accept"
log: "disable"
source {
network: "192.168.10.0/24"
}
destination {
network: "192.168.40.0/24"
}
}
rule 11 {
protocol: "udp"
action: "accept"
log: "disable"
source {
network: "192.168.10.0/24"
}
destination {
network: "192.168.40.0/24"
}
}
rule 12 {
protocol: "icmp"
icmp {
type: "8"
code: "0"
}
action: "accept"
log: "disable"
source {
network: "192.168.10.0/24"
}
destination {
network: "192.168.40.0/24"
}
}
rule 13 {
protocol: "icmp"
icmp {
type: "0"
code: "0"
}
action: "accept"
log: "disable"
source {
network: "192.168.10.0/24"
}
destination {
network: "192.168.40.0/24"
}
}
rule 14 {
protocol: "udp"
action: "accept"
log: "disable"
source {
address: "192.168.22.1"
port-number 53
}
destination {
network: "192.168.40.0/24"
}
}
rule 15 {
protocol: "tcp"
state {
established: "enable"
related: "enable"
invalid: "disable"
}
action: "accept"
log: "disable"
source {
port-number 80
port-number 443
}
destination {
network: "192.168.40.0/24"
}
}
}
name intlocal {
rule 1 {
protocol: "tcp"
state {
established: "enable"
new: "enable"
related: "enable"
invalid: "disable"
}
action: "accept"
log: "disable"
source {
network: "192.168.40.0/24"
}
destination {
port-number 22
port-number 443
}
}
rule 2 {
protocol: "icmp"
icmp {
type: "0"
code: "0"
}
action: "accept"
log: "disable"
source {
network: "192.168.40.0/24"
}
}
rule 3 {
protocol: "udp"
action: "accept"
log: "disable"
source {
address: "192.168.40.2"
port-range {
start: 44440
stop: 44450
}
}
}
}
}
system {
host-name: "carbon"
domain-name: ""
time-zone: "GMT"
ntp-server "69.59.150.135"
login {
user root {
full-name: ""
authentication {
encrypted-password: "Do you really care about that ?"
plaintext-password: ""
}
}
user adrian {
full-name: ""
authentication {
encrypted-password: "Do you really care about that ? "
plaintext-password: ""
}
}
}
package {
auto-sync: 1
repository community {
component: "main"
url: "http://archive.vyatta.com/vyatta"
}
}
}
vpn {
ipsec {
ipsec-interfaces {
interface eth0
}
nat-traversal: "enable"
copy-tos: "disable"
ike-group "IKE-ISA" {
proposal 1 {
encryption: "3des"
hash: "sha1"
dh-group: 2
}
lifetime: 28800
aggressive-mode: "disable"
}
esp-group "ESP-ISA" {
proposal 1 {
encryption: "3des"
hash: "sha1"
}
mode: "tunnel"
lifetime: 3600
pfs: "enable"
compression: "disable"
}
site-to-site {
peer 192.168.22.234 {
authentication {
mode: "pre-shared-secret"
pre-shared-secret: "eC5d9n41fVbW54of38073Xdf25dbz50d0u20f5cae617fT2152l7f......"
}
ike-group: "IKE-ISA"
local-ip: 192.168.22.225
tunnel 1 {
local-subnet: 192.168.40.0/24
remote-subnet: 192.168.10.0/24
allow-nat-networks: "disable"
allow-public-networks: "disable"
esp-group: "ESP-ISA"
}
}
}
}
}
Copyright ©2010 Adrian F. Dimcev