Quantcast
Channel: All EdgeRouter posts
Viewing all articles
Browse latest Browse all 60861

Re: Bell PPPoE and IPTV with FTTH, Guide, configuration and tidbits.

September 25, 2016, 7:14 pm
$
0
0

Aaaaaaaand, the cheat sheet:

 

#### Cheat Sheet ####
### Basic Stuff for firewall
set firewall all-ping enable
set firewall broadcast-ping disable
set firewall ipv6-receive-redirects disable
set firewall ipv6-src-route disable
set firewall ip-src-route disable
set firewall log-martians enable
set firewall receive-redirects disable
set firewall send-redirects enable
set firewall source-validation disable
set firewall syn-cookies enable

### Rules for IPTV IN - VLAN36 To LAN
set firewall name IPTV_IN default action drop
set firewall name IPTV_IN description "IPTV to LAN"
set firewall name IPTV_IN rule 5 action accept
set firewall name IPTV_IN rule 5 description "Accept Established"
set firewall name IPTV_IN rule 5 log disable
set firewall name IPTV_IN rule 5 protocol all
set firewall name IPTV_IN rule 5 state established enable
set firewall name IPTV_IN rule 5 state related enable
set firewall name IPTV_IN rule 10 action accept
set firewall name IPTV_IN rule 10 description "Allow IGMP"
set firewall name IPTV_IN rule 10 log disable
set firewall name IPTV_IN rule 10 protocol igmp
set firewall name IPTV_IN rule 20 action accept
set firewall name IPTV_IN rule 20 description "Allow IPTV-Bell"
set firewall name IPTV_IN rule 20 log disable
set firewall name IPTV_IN rule 20 protocol udp
set firewall name IPTV_IN rule 20 destination address 239.0.0.0/8
set firewall name IPTV_IN rule 20 source address 10.0.0.0/8
set firewall name IPTV_IN rule 30 action drop
set firewall name IPTV_IN rule 30 description "Drop Invalid"
set firewall name IPTV_IN rule 30 log disable
set firewall name IPTV_IN rule 30 protocol all
set firewall name IPTV_IN rule 30 state invalid enable

### Rules for IPTV LOCAL - VLAN36 To Router
set firewall name IPTV_LOCAL default action drop
set firewall name IPTV_LOCAL description "IPTV to Router"
set firewall name IPTV_LOCAL rule 5 action accept
set firewall name IPTV_LOCAL rule 5 description "Accept Established"
set firewall name IPTV_LOCAL rule 5 log disable
set firewall name IPTV_LOCAL rule 5 protocol all
set firewall name IPTV_LOCAL rule 5 state established enable
set firewall name IPTV_LOCAL rule 5 state related enable
set firewall name IPTV_LOCAL rule 10 action accept
set firewall name IPTV_LOCAL rule 10 description "Allow IPTV-UDP"
set firewall name IPTV_LOCAL rule 10 log disable
set firewall name IPTV_LOCAL rule 10 protocol udp
set firewall name IPTV_LOCAL rule 10 destination address 239.0.0.0/8
set firewall name IPTV_LOCAL rule 10 source address 10.0.0.0/8
set firewall name IPTV_LOCAL rule 20 action accept
set firewall name IPTV_LOCAL rule 20 description "Allow IGMP"
set firewall name IPTV_LOCAL rule 20 log disable
set firewall name IPTV_LOCAL rule 20 protocol igmp
set firewall name IPTV_LOCAL rule 30 action accept
set firewall name IPTV_LOCAL rule 30 description "Allow ICMP"
set firewall name IPTV_LOCAL rule 30 log disable
set firewall name IPTV_LOCAL rule 30 protocol icmp
set firewall name IPTV_LOCAL rule 60 action drop
set firewall name IPTV_LOCAL rule 60 description "Drop Invalid"
set firewall name IPTV_LOCAL rule 60 log disable
set firewall name IPTV_LOCAL rule 60 protocol all
set firewall name IPTV_LOCAL rule 60 state invalid enable

### Rules for WAN-IN WAN to LAN
set firewall name WAN_IN default action drop
set firewall name WAN_IN description "WAN to Internal"
set firewall name WAN_IN rule 5 action accept
set firewall name WAN_IN rule 5 description "Accept Established"
set firewall name WAN_IN rule 5 log disable
set firewall name WAN_IN rule 5 protocol all
set firewall name WAN_IN rule 5 state established enable
set firewall name WAN_IN rule 5 state related enable
set firewall name WAN_IN rule 60 action drop
set firewall name WAN_IN rule 60 description "Drop Invalid"
set firewall name WAN_IN rule 60 log disable
set firewall name WAN_IN rule 60 protocol all
set firewall name WAN_IN rule 60 state invalid enable

### Rules for WAN-Local - WAN To Router
set firewall name WAN_LOCAL default action drop
set firewall name WAN_LOCAL description "IPTV to Router"
set firewall name WAN_LOCAL rule 5 action accept
set firewall name WAN_LOCAL rule 5 description "Accept Established"
set firewall name WAN_LOCAL rule 5 log disable
set firewall name WAN_LOCAL rule 5 protocol all
set firewall name WAN_LOCAL rule 5 state established enable
set firewall name WAN_LOCAL rule 5 state related enable
set firewall name WAN_LOCAL rule 60 action drop
set firewall name WAN_LOCAL rule 60 description "Drop Invalid"
set firewall name WAN_LOCAL rule 60 log disable
set firewall name WAN_LOCAL rule 60 protocol all
set firewall name WAN_LOCAL rule 60 state invalid enable
### MSS Clamping (Well because of PPPoE)
set firewall options mss-clamp interface-type all
set firewall options mss-clamp mss 1412
### Ethernet0 - Bell ONT Interface
set interfaces ethernet eth0 description "Bell ONT"
set interfaces ethernet eth0 duplex auto
set interfaces ethernet eth0 speed auto
set interfaces ethernet eth0 vif 35 description "Bell VLAN35 Internet"
set interfaces ethernet eth0 vif 35 mtu 1492
set interfaces ethernet eth0 vif 35 pppoe 0 default-route force
set interfaces ethernet eth0 vif 35 pppoe 0 description "Bell PPPoE"
set interfaces ethernet eth0 vif 35 pppoe 0 firewall in name WAN_IN
set interfaces ethernet eth0 vif 35 pppoe 0 firewall local name WAN_LOCAL
set interfaces ethernet eth0 vif 35 pppoe 0 mtu 1492
set interfaces ethernet eth0 vif 35 pppoe 0 name-server none
set interfaces ethernet eth0 vif 35 pppoe 0 password your-bell-password
set interfaces ethernet eth0 vif 35 pppoe 0 user-id b1xxxxxx
set interfaces ethernet eth0 vif 36 address dhcp
set interfaces ethernet eth0 vif 36 description "Bell VLAN36 IPTV"
set interfaces ethernet eth0 vif 36 dhcp-options default-route no-update
set interfaces ethernet eth0 vif 36 dhcp-options default-route-distance 210
set interfaces ethernet eth0 vif 36 dhcp-options name-server no-update
set interfaces ethernet eth0 vif 36 egress-qos "0:4 1:4 2:4 3:4 4:4 5:4 6:4 7:4"
set interfaces ethernet eth0 vif 36 firewall in name IPTV_IN
set interfaces ethernet eth0 vif 36 firewall local name IPTV_LOCAL
set interfaces ethernet eth0 vif 36 mtu 1500
### Ethernet1 - Primary LAN Interface
set interfaces ethernet eth1 address 172.22.40.1/22
set interfaces ethernet eth1 description "Primary LAN"
set interfaces ethernet eth1 duplex auto
set interfaces ethernet eth1 speed auto
### Ethernet2 - Secondary LAN Interface - Where i put my IPTV Terminals
set interfaces ethernet eth2 address 172.22.100.1/24
set interfaces ethernet eth2 description "Primary LAN"
set interfaces ethernet eth2 duplex auto
set interfaces ethernet eth2 speed auto
### Set IGMP Proxy
set protocols igmp-proxy interface eth0.36 alt-subnet 0.0.0.0/0
set protocols igmp-proxy interface eth0.36 role upstream
set protocols igmp-proxy interface eth0.36 threshold 1
set protocols igmp-proxy interface eth2 alt-subnet 0.0.0.0/0
set protocols igmp-proxy interface eth2 role downstream
set protocols igmp-proxy interface eth2 threshold 1
### Static Routes
set protocols static route 10.0.0.0/8 next-hop 10.241.80.1 description "IPTV Route"
set protocols static route 10.0.0.0/8 next-hop 10.241.80.1 distance 1
### DHCP Server
set service dhcp-server disabled false
set service dhcp-server hostfile-update disable
set service dhcp-server use-dnsmasq disable
set service dhcp-server shared-network-name LAN1
set service dhcp-server shared-network-name LAN1 authoritative disable
set service dhcp-server shared-network-name LAN1 description "LAN1 DHCP Server"
set service dhcp-server shared-network-name LAN1 subnet 172.22.40.0/22
set service dhcp-server shared-network-name LAN1 subnet 172.22.40.0/22 default-router 172.22.40.1
set service dhcp-server shared-network-name LAN1 subnet 172.22.40.0/22 dns-server 172.22.40.1
set service dhcp-server shared-network-name LAN1 subnet 172.22.40.0/22 domain-name domain.com
set service dhcp-server shared-network-name LAN1 subnet 172.22.40.0/22 lease 3600
set service dhcp-server shared-network-name LAN1 subnet 172.22.40.0/22 start 172.22.40.100 stop 172.22.43.254
set service dhcp-server shared-network-name LAN2
set service dhcp-server shared-network-name LAN2 authoritative disable
set service dhcp-server shared-network-name LAN2 description "LAN2 DHCP Server"
set service dhcp-server shared-network-name LAN2 subnet 172.22.100.0/24
set service dhcp-server shared-network-name LAN2 subnet 172.22.100.0/24 default-router 172.22.100.1
set service dhcp-server shared-network-name LAN2 subnet 172.22.100.0/24 dns-server 172.22.100.1
set service dhcp-server shared-network-name LAN2 subnet 172.22.100.0/24 dns-server 10.2.127.228
set service dhcp-server shared-network-name LAN2 subnet 172.22.100.0/24 dns-server 10.2.127.196
set service dhcp-server shared-network-name LAN2 subnet 172.22.100.0/24 domain-name domain.com
set service dhcp-server shared-network-name LAN2 subnet 172.22.100.0/24 lease 7200
set service dhcp-server shared-network-name LAN2 subnet 172.22.100.0/24 start 172.22.100.50 stop 172.22.100.200

### DNS Service (Forwarder) - The forwarding DNS Servers are from various sources gathered using namebench
### Just adjust the set service dns forwarding name-server <dns server IP> for what you like
set service dns forwarding cache-size 300
set service dns forwarding listen-on eth2
set service dns forwarding listen-on eth1
set service dns forwarding name-server 205.236.148.130
set service dns forwarding name-server 205.236.148.131
set service dns forwarding name-server 205.151.222.251
set service dns forwarding name-server 74.82.42.42
set service dns forwarding name-server 156.154.70.1
set service dns forwarding name-server 8.8.4.4
set service dns forwarding name-server 4.2.2.4
set service dns forwarding options server=/bell.ca/10.2.127.196
set service dns forwarding options server=/bell.com/10.2.127.196
set service dns forwarding options server=/bell.com/10.2.127.22
set service dns forwarding options server=/bell.ca/10.2.127.228
set service dns forwarding system

### Other Misc Stuff (Not that much relevant but still)
set service gui http-port 80
set service gui https-port 443
set service gui older-ciphers disable

### NAT Rules for PPPoE and IPTV
set service nat rule 5010 description "Network NAT on PPPoE WAN"
set service nat rule 5010 outbound-interface pppoe0
set service nat rule 5010 type masquerade
set service nat rule 5010 log disable
set service nat rule 5011 description "Bell IPTV NAT"
set service nat rule 5011 destination address 10.0.0.0/8
set service nat rule 5011 log disable
set service nat rule 5011 outbound-interface eth0.36
set service nat rule 5011 protocol all
set service nat rule 5011 type masquerade

### System Settings
set system domain-name domain.com
set system host-name edgerouter
set system name-server 127.0.0.1
set system offload ipsec enable
set system offload ipv4 forwarding enable
set system offload ipv4 gre enable
set system offload ipv4 pppoe enable
set system offload ipv4 vlan enable
set system time-zone America/Montreal
 

Search
Viewing all articles
Browse latest Browse all 60861

Trending Articles

Practice Sheet of Right form of verbs for HSC Students

September 22, 2019, 11:40 pm

Download: FK ft Shenky – Nakuyewa ”Prod by: Shenky”

February 16, 2017, 4:24 pm

How to win at Markstrat (Markstrat Tips and Tricks) – Vodites

January 5, 2014, 10:34 pm

Ominde Commission Report and Recommendations – Ominde Report of 1964

March 16, 2015, 5:14 am

Bureau of Internal Revenue: Regional Offices (Directory)

January 9, 2014, 11:06 pm

GO 53 on Enhancement of Ex-gratia upto 5 Lakhs Toddy Tappers in Telangana

March 26, 2017, 11:23 pm

Cakewalk CA-2A Leveling Amplifier v2.0.1.97 WiN, v2.0.1.96 OSX Incl Keygen

October 17, 2016, 7:20 am

Mp3 Download: Mdu - Kunjenjenjena

December 7, 2017, 8:16 am

How the kill the job , when DTP request running for long hours.

July 26, 2013, 2:41 am

Microsoft Intune から展開しているアプリのアップデートについて

October 17, 2016, 4:11 am

18-year-old girl was beaten for half an hour by two Northampton men in 'an...

September 1, 2017, 10:00 pm

Car crash in Dunton Bassett leaves driver in critical condition

October 7, 2014, 7:51 am

Macky 2, Two Others In Road Accident

March 29, 2015, 5:34 am

Application log 00000000000000089514: Could not convert queue DLVST90CLNT

May 14, 2015, 11:27 pm

Detroit mafia: D’Anna Brothers agree to plea deal

April 21, 2016, 6:56 am

Delivery block field greyed out using VA02

January 26, 2016, 2:52 pm

Muloraki Au

June 22, 2016, 1:44 am

【個人撮影】スマホのプライベート映像♪「中に出さないで///」カラオケ屋での生ハメ撮りが流出w【リベンジポルノ】@PornHub

October 12, 2017, 2:23 pm

BREAKING NEWS: Diamond Platnumz Is Reported Dead After Ghastly Car Accident

February 9, 2018, 4:56 am

FIAT 500 B0111 B0112

July 5, 2018, 10:31 am
Search