config included. Is this how it's supposed to be? What am I missing?
firewall {
all-ping enable
broadcast-ping disable
group {
port-group snmp {
description "block outgoing snmp"
port 161-162
}
}
ipv6-receive-redirects disable
ipv6-src-route disable
ip-src-route disable
log-martians enable
name WAN_IN {
default-action drop
description "WAN to internal"
enable-default-log
rule 10 {
action accept
description "Allow established/related"
state {
established enable
related enable
}
}
rule 20 {
action drop
description "Drop invalid state"
state {
invalid enable
}
}
rule 21 {
action reject
description "SSH remote"
log disable
protocol tcp_udp
source {
port 22
}
}
}
name WAN_LOCAL {
default-action drop
description "WAN to router"
rule 10 {
action accept
description "Allow established/related"
state {
established enable
related enable
}
}
rule 20 {
action drop
description "Drop invalid state"
state {
invalid enable
}
}
}
name WAN_OUT {
default-action accept
description "outbound wan rules"
rule 1 {
action drop
description "block snmp"
destination {
group {
}
}
log enable
protocol tcp_udp
source {
group {
}
port 161-162
}
state {
established enable
invalid enable
new enable
related enable
}
}
rule 2 {
action drop
description "block snmp outgoing"
destination {
port 161-162
}
log enable
protocol tcp_udp
}
}
name wanv6 {
default-action drop
description ""
}
options {
mss-clamp {
interface-type pppoe
mss 1452
}
}
receive-redirects disable
send-redirects enable
source-validation disable
syn-cookies enable
}
interfaces {
ethernet eth0 {
address dhcp
description "OSPF NETWORK"
duplex auto
ip {
}
poe {
output off
}
speed auto
}
ethernet eth1 {
address dhcp
description "ISP WAN"
dhcpv6-pd {
pd 0 {
interface eth2 {
host-address ::1
prefix-id :1
service slaac
}
interface switch0 {
host-address ::1
prefix-id :2
service slaac
}
prefix-length 60
}
pd 1 {
prefix-length /64
}
prefix-only
rapid-commit enable
}
duplex auto
firewall {
in {
name WAN_LOCAL
}
out {
name WAN_OUT
}
}
poe {
output off
}
speed auto
}
ethernet eth2 {
description switched-eth2
duplex auto
ipv6 {
dup-addr-detect-transmits 1
router-advert {
cur-hop-limit 64
link-mtu 0
managed-flag false
max-interval 600
other-config-flag false
prefix ::/64 {
autonomous-flag true
on-link-flag true
valid-lifetime 2592000
}
reachable-time 0
retrans-timer 0
send-advert true
}
}
poe {
output off
}
speed auto
}
ethernet eth3 {
description switched-eth3
duplex auto
poe {
output 24v
watchdog {
address 192.168.1.41
disable
failure-count 3
interval 15
off-delay 5
start-delay 300
}
}
speed auto
}
ethernet eth4 {
description switched-eth4
duplex auto
poe {
output 48v
watchdog {
address 192.168.1.102
disable
failure-count 3
interval 15
off-delay 5
start-delay 300
}
}
speed auto
}
loopback lo {
}
switch switch0 {
address 192.168.1.1/24
address 2001:b00b:b00b::0/64
description SWITCH-SWITCH
firewall {
local {
}
out {
name WAN_OUT
}
}
ip {
ospf {
dead-interval 40
hello-interval 10
priority 1
retransmit-interval 5
transmit-delay 1
}
}
ipv6 {
dup-addr-detect-transmits 1
router-advert {
cur-hop-limit 64
link-mtu 0
managed-flag false
max-interval 600
other-config-flag false
prefix ::/64 {
autonomous-flag true
on-link-flag true
valid-lifetime 2592000
}
reachable-time 0
retrans-timer 0
send-advert true
}
}
mtu 1500
switch-port {
interface eth2 {
}
interface eth3 {
}
interface eth4 {
}
vlan-aware disable
}
}
}
port-forward {
auto-firewall enable
hairpin-nat enable
lan-interface switch0
lan-interface eth4
rule 1 {
description mumble
forward-to {
address 192.168.1.13
}
original-port 64738
protocol tcp_udp
}
rule 2 {
description bt
forward-to {
address 192.168.1.13
}
original-port 59498
protocol tcp_udp
}
rule 3 {
description ts
forward-to {
address 192.168.1.13
}
original-port 6502
protocol tcp_udp
}
rule 4 {
description tsx
forward-to {
address 192.168.1.13
}
original-port 51413
protocol tcp_udp
}
rule 5 {
description tsx
forward-to {
address 192.168.1.13
}
original-port 9987
protocol tcp_udp
}
rule 6 {
description steam
forward-to {
address 192.168.1.3
}
original-port 27015
protocol tcp_udp
}
rule 7 {
description plex
forward-to {
address 192.168.1.13
port 32400
}
original-port 32500
protocol tcp_udp
}
rule 8 {
description "TS file transfer"
forward-to {
address 192.168.1.13
}
original-port 30033
protocol tcp_udp
}
rule 9 {
description ""
forward-to {
address 192.168.1.3
}
original-port 7777
protocol tcp_udp
}
wan-interface eth1
}
protocols {
}
service {
dhcp-server {
disabled false
hostfile-update disable
shared-network-name Main-LAN {
authoritative disable
subnet 192.168.2.0/24 {
default-router 192.168.2.1
dns-server 8.8.8.8
dns-server 8.8.4.4
lease 86400
start 192.168.2.2 {
stop 192.168.2.30
}
}
}
shared-network-name Router-LAN {
authoritative disable
subnet 192.168.1.0/24 {
default-router 192.168.1.1
dns-server 8.8.8.8
dns-server 8.8.4.4
lease 86400
start 192.168.1.80 {
stop 192.168.1.100
}
static-mapping REDACT {
ip-address 192.168.1.147
mac-address 24:a4:3c:e0:14:86
}
static-mapping REDACT {
ip-address 192.168.1.136
mac-address 98:d6:bb:24:12:ac
}
static-mapping REDACT {
ip-address 192.168.1.253
mac-address 00:05:cd:49:ba:f3
}
static-mapping REDACT {
ip-address 192.168.1.171
mac-address 70:62:b8:08:2e:64
}
static-mapping REDACT {
ip-address 192.168.1.139
mac-address 2c:1f:23:43:91:ee
}
static-mapping REDACT {
ip-address 192.168.1.138
mac-address d8:bb:2c:70:7c:e2
}
static-mapping REDACT {
ip-address 192.168.1.131
mac-address ac:29:3a:00:00:17
}
static-mapping REDACT {
ip-address 192.168.1.173
mac-address 80:2A:A8:1D:51:0F
}
static-mapping REDACT {
ip-address 192.168.1.6
mac-address 2c:27:d7:e4:8d:07
}
static-mapping REDACT {
ip-address 192.168.1.7
mac-address 18:3d:a2:8a:46:1c
}
static-mapping REDACT {
ip-address 192.168.1.146
mac-address 24:a4:3c:e0:15:56
}
static-mapping REDACT {
ip-address 192.168.1.144
mac-address 80:2a:a8:50:50:0b
}
static-mapping REDACT {
ip-address 192.168.1.148
mac-address 80:2a:a8:56:74:02
}
static-mapping REDACT {
ip-address 192.168.1.2
mac-address 60:f8:1d:b2:cb:20
}
static-mapping REDACT {
ip-address 192.168.1.172
mac-address cc:2d:8c:dd:1f:8c
}
static-mapping REDACT {
ip-address 192.168.1.8
mac-address 00:14:22:8f:cc:1a
}
static-mapping MREDACT {
ip-address 192.168.1.132
mac-address c8:85:50:12:88:ba
}
static-mapping REDACT {
ip-address 192.168.1.251
mac-address 6c:c2:17:10:c7:e2
}
static-mapping REDACT {
ip-address 192.168.1.20
mac-address b8:27:eb:fe:14:09
}
static-mapping REDACT {
ip-address 192.168.1.170
mac-address 08:05:81:24:0f:4e
}
static-mapping REDACT {
ip-address 192.168.1.174
mac-address 00:11:d9:5b:55:4d
}
static-mapping REDACT {
ip-address 192.168.1.175
mac-address 00:19:9d:01:3b:e4
}
static-mapping REDACT {
ip-address 192.168.1.149
mac-address 24:a4:3c:e0:15:6b
}
static-mapping REDACT {
ip-address 192.168.1.252
mac-address 00:a0:de:b4:95:64
}
static-mapping REDACT {
ip-address 192.168.1.4
mac-address 10:c3:7b:6e:02:6f
}
static-mapping REDACT {
ip-address 192.168.1.3
mac-address 10:c3:7b:6d:fc:a7
}
static-mapping REDACT {
ip-address 192.168.1.140
mac-address 30:f7:c5:4d:54:57
}
static-mapping REDACT {
ip-address 192.168.1.137
mac-address b4:18:d1:df:17:eb
}
static-mapping REDACT {
ip-address 192.168.1.133
mac-address 0c:3e:9f:60:50:e4
}
static-mapping REDACT {
ip-address 192.168.1.135
mac-address 6c:70:9f:d6:26:14
}
static-mapping REDACT {
ip-address 192.168.1.13
mac-address 00:0c:29:e9:73:4c
}
static-mapping REDACT {
ip-address 192.168.1.5
mac-address 54:27:1e:f6:eb:e9
}
unifi-controller REDACT
}
}
use-dnsmasq disable
}
dhcpv6-server {
}
dns {
dynamic {
interface eth1 {
service noip {
host-name REDACT
host-name REDACT
login REDACT
password REDACT
}
}
}
forwarding {
cache-size 150
listen-on eth1
listen-on switch0
listen-on eth0
}
}
gui {
http-port 80
https-port 443
listen-address 192.168.1.1
older-ciphers enable
}
nat {
rule 5010 {
description suddenlink
log disable
outbound-interface eth1
protocol all
type masquerade
}
}
ssh {
listen-address 192.168.1.1
port 22
protocol-version v2
}
}
system {
config-management {
commit-archive {
location REDACT
}
commit-revisions 20
}
conntrack {
expect-table-size 2048
hash-size 32768
table-size 262144
}
host-name REDACT
login {
user REDACT {
authentication {
encrypted-password REDACT
plaintext-password ""
}
full-name REDACT
level admin
}
user REDACT {
authentication {
encrypted-password REDACT
plaintext-password ""
}
full-name REDACT
level admin
}
}
ntp {
server 0.ubnt.pool.ntp.org {
}
server 1.ubnt.pool.ntp.org {
}
server 2.ubnt.pool.ntp.org {
}
server 3.ubnt.pool.ntp.org {
}
server 192.168.1.3 {
prefer
}
}
offload {
hwnat disable
ipsec enable
ipv4 {
forwarding enable
pppoe enable
vlan enable
}
ipv6 {
forwarding enable
pppoe disable
vlan enable
}
}
static-host-mapping {
host-name REDACT-cert.com {
inet 192.168.1.1
}
}
syslog {
global {
facility all {
level notice
}
facility protocols {
level debug
}
}
host 192.168.1.3 {
facility all {
level notice
}
}
}
time-zone America/Denver
traffic-analysis {
dpi enable
export enable
}
}
vpn {
rsa-keys {
rsa-key-name REDACT {
}
}
}