Here is the fourth part of my config:
service {
dhcp-server {
disabled false
hostfile-update disable
shared-network-name LAN {
authoritative enable
subnet 192.168.1.0/24 {
default-router 192.168.1.1
dns-server 192.168.1.1
lease 86400
start 192.168.1.38 {
stop 192.168.1.243
}
unifi-controller 45.55.11.193
}
}
shared-network-name VOIP {
authoritative disable
subnet 192.168.2.0/24 {
default-router 192.168.2.1
dns-server 192.168.2.1
lease 86400
start 192.168.2.38 {
stop 192.168.2.138
}
unifi-controller 45.55.11.193
}
}
}
dns {
forwarding {
cache-size 150
listen-on eth2
listen-on eth3
}
}
gui {
http-port 80
https-port 443
older-ciphers enable
}
nat {
rule 5000 {
description "masquerade for WAN"
outbound-interface eth0
type masquerade
}
rule 5002 {
description "masquerade for WAN 2"
outbound-interface eth1
type masquerade
}
rule 5003 {
description "exclude ipsec local to remote"
destination {
address 72.13.6.218/32
}
exclude
log disable
outbound-interface eth0
protocol all
source {
address 192.168.2.0/24
}
type masquerade
}
}
ssh {
port 22
protocol-version v2
}
}