firewall { all-ping enable broadcast-ping disable config-trap disable ipv6-receive-redirects disable ipv6-src-route disable ip-src-route disable log-martians enable name OUTSIDE-IN { default-action drop rule 10 { action accept state { established enable related enable } } } name OUTSIDE-LOCAL { default-action accept rule 10 { action accept state { established enable related enable } } rule 20 { action accept icmp { type-name echo-request } protocol icmp state { new enable } } rule 30 { action drop destination { port 9528 } protocol tcp recent { count 4 time 60 } state { new enable } } rule 31 { action accept destination { port 9528 } protocol tcp state { new enable } } } receive-redirects disable send-redirects enable source-validation disable syn-cookies enable twa-hazards-protection disable } interfaces { bridge br0 { address 192.168.11.1/24 aging 300 hello-time 2 max-age 20 priority 32768 stp false } ethernet eth0 { duplex auto hw-id 00:e0:67:08:47:ea pppoe 0 { default-route auto firewall { in { name OUTSIDE-IN } local { name OUTSIDE-LOCAL } } mtu 1492 name-server none password 0000000 traffic-policy { out WAN-OUT } user-id 000000000 } smp-affinity auto speed auto } ethernet eth1 { address 10.32.3.152/22 duplex auto hw-id 00:e0:67:08:47:eb smp-affinity auto speed auto } ethernet eth2 { bridge-group { bridge br0 } duplex auto hw-id 00:e0:67:08:47:ec smp-affinity auto speed auto } ethernet eth3 { bridge-group { bridge br0 } duplex auto hw-id 00:e0:67:08:47:ed smp-affinity auto speed auto } ethernet eth4 { bridge-group { bridge br0 } duplex auto hw-id 00:e0:67:08:47:ee smp-affinity auto speed auto } ethernet eth5 { bridge-group { bridge br0 } duplex auto hw-id 00:e0:67:08:47:ef smp-affinity auto speed auto } loopback lo { } } nat { destination { rule 100 { destination { address 10.32.3.152 port 3389 } inbound-interface eth1 protocol tcp translation { address 192.168.11.100 port 3389 } } } source { rule 10 { outbound-interface pppoe0 source { address 192.168.11.0/24 } translation { address masquerade } } rule 11 { destination { address 10.32.0.0/16 } outbound-interface eth1 source { address 192.168.11.0/24 } translation { address masquerade } } } } protocols { static { route 10.32.0.0/22 { next-hop 10.32.0.252 { } } route 10.32.200.0/22 { next-hop 10.32.0.252 { } } } } service { dhcp-server { shared-network-name lan-dhcp { description bridge-lan-dhcp subnet 192.168.11.0/24 { default-router 192.168.11.1 dns-server 192.168.11.1 domain-name grapecity.net domain-search gcvyos.net domain-search grapecity.net lease 86400 range 0 { start 192.168.11.100 stop 192.168.11.254 } } } } dns { forwarding { domain grapecity.net { server 10.32.0.2 server 10.32.0.3 server 10.2.0.2 server 10.2.0.3 } listen-address 192.168.11.1 name-server 114.114.114.114 } } mdns { repeater { interface eth1 interface br0 } } snmp { community OkayGrapeCity { authorization ro network 10.32.0.0/22 } contact steve.dong@grapecity.com listen-address 10.32.3.152 { port 161 } location 3F-Lobby-SteveDong trap-target 203.0.113.10 { } } ssh { port 9528 } webproxy { cache-size 100 default-port 3128 listen-address 192.168.11.1 { } } } system { config-management { commit-revisions 100 } console { device ttyS0 { speed 9600 } } domain-search { domain grapecity.net } host-name sys-testing-gw login { user vyos { authentication { encrypted-password $6$99999999. plaintext-password "" } level admin } } name-server 192.168.11.1 ntp { server 0.pool.ntp.org { } server 1.pool.ntp.org { } server 2.pool.ntp.org { } } options { beep-if-fully-booted ctrl-alt-del-action ignore reboot-on-panic true } static-host-mapping { host-name xa-vc { inet 10.32.3.55 } host-name xa-vc.grapecity.net { inet 10.32.3.55 } } syslog { global { facility all { level info } facility protocols { level debug } } } time-zone Asia/Chongqing } traffic-policy { shaper LAN-OUT { bandwidth 4Mbit default { bandwidth 50% burst 15k ceiling 100% queue-type fair-queue } } shaper WAN-OUT { bandwidth 50Mbit default { bandwidth 50% burst 15k ceiling 100% queue-type fair-queue } } } /* Warning: Do not remove the following line. */ /* === vyatta-config-version: "broadcast-relay@1:cluster@1:config-management@1:conntrack-sync@1:conntrack@1:dhcp-relay@2:dhcp-server@5:firewall@5:ipsec@4:l2tp@1:mdns@1:nat@4:qos@1:quagga@3:ssh@1:system@9:vrrp@2:wanloadbalance@3:webgui@1:webproxy@1:zone-policy@1" === */ /* Release version: 1.2.0-rc7 */