Hirdetés

  2. Fórumok
  3. Hálózat, szolgáltatók
  4. Ubiquiti hálózati eszközök
  • Téma összefoglaló
    Utoljára frissítve: 2024-08-28 22:02

    PROHARDVER!

    Ubiquiti hálózati eszközök - téma összefoglaló

Új hozzászólás Aktív témák

  • #2634 devast addikt Cirbolya_sen #2633
    Új Válasz #2634
    Új hozzászólás
    Összes hozzászólása itt Válaszok az összes hozzászólására itt Válaszok erre a hozzászólásra
    Privát üzenet küldése

    devast

    addikt

    válasz Cirbolya_sen #2633 üzenetére

    Itt egy minta konfig az ipv6 részről, megfelelő tűzfal beállításokkal ha az eth0-ba van dugva az ont, switch0 a belső interfészed, és természetesen pppoe-vel csatlakozol ( telekom optika ):

    set interfaces ethernet eth0 pppoe 0 dhcpv6-pd pd 0 interface switch0 host-address '::1'
    set interfaces ethernet eth0 pppoe 0 dhcpv6-pd pd 0 interface switch0 prefix-id ':0'
    set interfaces ethernet eth0 pppoe 0 dhcpv6-pd pd 0 interface switch0 service slaac
    set interfaces ethernet eth0 pppoe 0 dhcpv6-pd pd 0 prefix-length /56
    set interfaces ethernet eth0 pppoe 0 dhcpv6-pd prefix-only
    set interfaces ethernet eth0 pppoe 0 dhcpv6-pd rapid-commit enable
    set interfaces ethernet eth0 pppoe 0 firewall in ipv6-name WANv6_IN
    set interfaces ethernet eth0 pppoe 0 firewall local ipv6-name WANv6_LOCAL
    set interfaces ethernet eth0 pppoe 0 ipv6 dup-addr-detect-transmits 1
    set interfaces ethernet eth0 pppoe 0 ipv6 enable


    set firewall ipv6-name WANv6_IN default-action drop
    set firewall ipv6-name WANv6_IN description 'WAN inbound traffic forwarded to LAN'
    set firewall ipv6-name WANv6_IN enable-default-log
    set firewall ipv6-name WANv6_IN rule 10 action accept
    set firewall ipv6-name WANv6_IN rule 10 description 'Allow established/related sessions'
    set firewall ipv6-name WANv6_IN rule 10 state established enable
    set firewall ipv6-name WANv6_IN rule 10 state related enable
    set firewall ipv6-name WANv6_IN rule 20 action drop
    set firewall ipv6-name WANv6_IN rule 20 description 'Drop invalid state'
    set firewall ipv6-name WANv6_IN rule 20 state invalid enable
    set firewall ipv6-name WANv6_IN rule 30 action accept
    set firewall ipv6-name WANv6_IN rule 30 description 'Allow IPv6 icmp'
    set firewall ipv6-name WANv6_IN rule 30 protocol ipv6-icmp
    set firewall ipv6-name WANv6_LOCAL default-action drop
    set firewall ipv6-name WANv6_LOCAL description 'WAN inbound traffic to the router'
    set firewall ipv6-name WANv6_LOCAL enable-default-log
    set firewall ipv6-name WANv6_LOCAL rule 10 action accept
    set firewall ipv6-name WANv6_LOCAL rule 10 description 'Allow established/related sessions'
    set firewall ipv6-name WANv6_LOCAL rule 10 state established enable
    set firewall ipv6-name WANv6_LOCAL rule 10 state related enable
    set firewall ipv6-name WANv6_LOCAL rule 20 action drop
    set firewall ipv6-name WANv6_LOCAL rule 20 description 'Drop invalid state'
    set firewall ipv6-name WANv6_LOCAL rule 20 state invalid enable
    set firewall ipv6-name WANv6_LOCAL rule 30 action accept
    set firewall ipv6-name WANv6_LOCAL rule 30 description 'Allow IPv6 icmp'
    set firewall ipv6-name WANv6_LOCAL rule 30 protocol ipv6-icmp
    set firewall ipv6-name WANv6_LOCAL rule 40 action accept
    set firewall ipv6-name WANv6_LOCAL rule 40 description 'allow dhcpv6'
    set firewall ipv6-name WANv6_LOCAL rule 40 destination port 546
    set firewall ipv6-name WANv6_LOCAL rule 40 protocol udp
    set firewall ipv6-name WANv6_LOCAL rule 40 source port 547
    set firewall ipv6-receive-redirects disable
    set firewall ipv6-src-route disable
    set firewall options mss-clamp6 interface-type pppoe
    set firewall options mss-clamp6 mss 1432

Új hozzászólás Aktív témák