-
-
Save hansdg1/a632b3a44ee95ea4c40a to your computer and use it in GitHub Desktop.
Setup script for EdgeMax EdgeOS 1.7 routers to replace the Google Fiber Network Box
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # EdgeOS v1.7 Google Fiber Config Script | |
| # by Steve Jenkins (http://www.stevejenkins.com/) | |
| # Last updated: Nov 8, 2015 | |
| # Based on settings & scripts by Atlantisman, TK, and CompTech | |
| # RUN THIS SCRIPT AS ROOT ON YOUR EDGEROUTER | |
| # Script runs best if you copy and paste in sections | |
| #____________________Internet Service Config_____________________ | |
| configure | |
| #Setup WAN and VLAN Interfaces w/QoS | |
| set interfaces ethernet eth1 description "Google Fiber Jack" | |
| set interfaces ethernet eth1 vif 2 | |
| set interfaces ethernet eth1 vif 2 description "Google Fiber WAN" | |
| set interfaces ethernet eth1 vif 2 address dhcp | |
| set interfaces ethernet eth1 vif 2 address dhcpv6 | |
| set interfaces ethernet eth1 vif 2 egress-qos "0:3" | |
| set interfaces ethernet eth1 vif 2 firewall in name WAN_IN | |
| set interfaces ethernet eth1 vif 2 firewall local name WAN_LOCAL | |
| #Setup LAN | |
| set interfaces ethernet eth0 description "LAN" | |
| set interfaces ethernet eth0 address 192.168.1.1/24 | |
| #Setup Local Config Port | |
| set interfaces ethernet eth2 description "Local Config Port" | |
| set interfaces ethernet eth2 address 192.168.0.1/24 | |
| #Setup DHCP on LAN | |
| set service dhcp-server disabled false | |
| set service dhcp-server hostfile-update disable | |
| set service dhcp-server shared-network-name LAN authoritative disable | |
| set service dhcp-server shared-network-name LAN subnet 192.168.1.0/24 start 192.168.1.101 stop 192.168.1.254 | |
| set service dhcp-server shared-network-name LAN subnet 192.168.1.0/24 default-router 192.168.1.1 | |
| set service dhcp-server shared-network-name LAN subnet 192.168.1.0/24 dns-server 8.8.8.8 | |
| set service dhcp-server shared-network-name LAN subnet 192.168.1.0/24 dns-server 8.8.4.4 | |
| set service dhcp-server shared-network-name LAN subnet 192.168.1.0/24 lease 86400 | |
| commit | |
| save | |
| #______________________Basic Firewall Setup_______________________________ | |
| configure | |
| #Basic firewall to block all inbound traffic not specifically requested by a client machine on the network | |
| edit firewall | |
| edit name WAN_IN | |
| set default-action drop | |
| set description "WAN to Internal" | |
| set enable-default-log | |
| set rule 1 action accept | |
| set rule 1 description "Allow established/related" | |
| set rule 1 log disable | |
| set rule 1 state established enable | |
| set rule 1 state related enable | |
| set rule 2 action drop | |
| set rule 2 description "Drop invalid state" | |
| set rule 2 log enable | |
| set rule 2 state invalid enable | |
| up | |
| edit name WAN_LOCAL | |
| set default-action drop | |
| set description "WAN to Router" | |
| set enable-default-log | |
| set rule 1 action accept | |
| set rule 1 description "Allow established/related" | |
| set rule 1 log disable | |
| set rule 1 state established enable | |
| set rule 1 state related enable | |
| set rule 2 action drop | |
| set rule 2 description "Drop invalid state" | |
| set rule 2 log enable | |
| set rule 2 state invalid enable | |
| up | |
| # Enable MSS Clamping | |
| set options mss-clamp interface-type all | |
| set options mss-clamp mss 1460 | |
| commit | |
| save | |
| #______________________MGMT & Additional Settings___________________________ | |
| configure | |
| #Set VLAN offload to enable speeds faster than ~530Mbps up/down | |
| set system offload ipv4 forwarding enable | |
| set system offload ipv4 vlan enable | |
| #Set Router Hostname | |
| set system host-name UBNT-Gateway | |
| #Set Time Zone | |
| delete system time-zone | |
| set system time-zone America/Denver | |
| #Set System Name Servers | |
| set system name-server 8.8.8.8 | |
| set system name-server 8.8.4.4 | |
| #Set outbound NAT Interface to Google VLAN | |
| edit service nat rule 5000 | |
| set description "Masquerade for WAN" | |
| set log disable | |
| set outbound-interface eth1.2 | |
| set protocol all | |
| set type masquerade | |
| top | |
| #Auto-create new firewall rules for new port forwards | |
| set port-forward auto-firewall enable | |
| #Allow LAN clients to hit external port forwards | |
| set port-forward hairpin-nat enable | |
| #Pre-set correct interfaces for port forwarding | |
| set port-forward lan-interface eth0 | |
| set port-forward wan-interface eth1.2 | |
| #Set System DNS and Enable DNS forwarding and cacheing | |
| set system name-server 8.8.8.8 | |
| set system name-server 8.8.4.4 | |
| set system name-server '2001:4860:4860::8888' | |
| set system name-server '2001:4860:4860::8844' | |
| set service dns forwarding cache-size 150 | |
| set service dns forwarding listen-on eth0 | |
| set service dns forwarding name-server 8.8.8.8 | |
| set service dns forwarding name-server '2001:4860:4860::8888' | |
| set service dns forwarding system | |
| #Enable UPnP | |
| edit service upnp2 | |
| set listen-on eth0 | |
| set nat-pmp disable | |
| set secure-mode disable | |
| set wan eth1.2 | |
| top | |
| #Disable Deep Packet Inspection | |
| set system traffic-analysis dpi disable | |
| set system traffic-analysis export disable | |
| commit | |
| save | |
| exit |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment