configure
set interfaces ethernet eth1 address 192.168.2.254/24
set interfaces ethernet eth1 description "eth1 - LAN"
set interfaces ethernet eth1 duplex auto
set interfaces ethernet eth1 speed auto
set interfaces ethernet eth2 address 192.168.2.254/24
set interfaces ethernet eth2 description "eth2 - LAN"
set interfaces ethernet eth2 duplex auto
set interfaces ethernet eth2 speed auto
set interfaces ethernet eth3 address 192.168.2.254/24
set interfaces ethernet eth3 description "eth3 - LAN"
set interfaces ethernet eth3 duplex auto
set interfaces ethernet eth3 speed auto
set interfaces ethernet eth4 address 192.168.2.254/24
set interfaces ethernet eth4 description "eth4 - LAN"
set interfaces ethernet eth4 duplex auto
set interfaces ethernet eth4 speed auto
set service dhcp-server disabled false
set service dhcp-server hostfile-update disable
set service dhcp-server shared-network-name LAN authoritative enable
set service dhcp-server shared-network-name LAN subnet 192.168.2.0/24
set service dhcp-server shared-network-name LAN subnet 192.168.2.0/24 default-router 192.168.2.254
set service dhcp-server shared-network-name LAN subnet 192.168.2.0/24 dns-server 8.8.8.8
set service dhcp-server shared-network-name LAN subnet 192.168.2.0/24 dns-server 8.8.4.4
set service dhcp-server shared-network-name LAN subnet 192.168.2.0/24 lease 86400
set service dhcp-server shared-network-name LAN subnet 192.168.2.0/24 start 192.168.2.50
set service dhcp-server shared-network-name LAN subnet 192.168.2.0/24 start 192.168.2.50 stop 192.168.2.200
set service dns forwarding cache-size 150
set service dns forwarding listen-on eth1
set service dns forwarding cache-size 150
set service dns forwarding listen-on eth2
set service dns forwarding cache-size 150
set service dns forwarding listen-on eth3
set service dns forwarding cache-size 150
set service dns forwarding listen-on eth4
set service dns forwarding name-server 8.8.8.8
set service dns forwarding name-server 8.8.4.4
set service dns forwarding options listen-address=192.168.2.254
commit
save
exit
========================================================================
configure
set firewall all-ping enable
set firewall broadcast-ping disable
set firewall ipv6-receive-redirects disable
set firewall ipv6-src-route disable
set firewall ip-src-route disable
set firewall log-martians enable
set firewall receive-redirects disable
set firewall send-redirects enable
set firewall source-validation disable
set firewall syn-cookies enable
set firewall name WAN_IN default-action drop
set firewall name WAN_IN description "WAN to Internal"
set firewall name WAN_IN enable-default-log
set firewall name WAN_IN rule 10 action accept
set firewall name WAN_IN rule 10 description "Allow established/related"
set firewall name WAN_IN rule 10 log enable
set firewall name WAN_IN rule 10 protocol all
set firewall name WAN_IN rule 10 state established enable
set firewall name WAN_IN rule 10 state invalid disable
set firewall name WAN_IN rule 10 state new disable
set firewall name WAN_IN rule 10 state related enable
set firewall name WAN_IN rule 20 action drop
set firewall name WAN_IN rule 20 description "Drop invalid state"
set firewall name WAN_IN rule 20 log enable
set firewall name WAN_IN rule 20 protocol all
set firewall name WAN_IN rule 20 state established disable
set firewall name WAN_IN rule 20 state invalid enable
set firewall name WAN_IN rule 20 state new disable
set firewall name WAN_IN rule 20 state related disable
set firewall name WAN_LOCAL default-action drop
set firewall name WAN_LOCAL description "WAN to router"
set firewall name WAN_LOCAL enable-default-log
set firewall name WAN_LOCAL rule 10 action accept
set firewall name WAN_LOCAL rule 10 description "Allow established/related"
set firewall name WAN_LOCAL rule 10 log disable
set firewall name WAN_LOCAL rule 10 protocol all
set firewall name WAN_LOCAL rule 10 state established enable
set firewall name WAN_LOCAL rule 10 state invalid disable
set firewall name WAN_LOCAL rule 10 state new disable
set firewall name WAN_LOCAL rule 10 state related enable
set firewall name WAN_LOCAL rule 20 action drop
set firewall name WAN_LOCAL rule 20 description "Drop invalid state"
set firewall name WAN_LOCAL rule 20 log disable
set firewall name WAN_LOCAL rule 20 protocol all
set firewall name WAN_LOCAL rule 20 state established disable
set firewall name WAN_LOCAL rule 20 state invalid enable
set firewall name WAN_LOCAL rule 20 state new disable
set firewall name WAN_LOCAL rule 20 state related disable
commit
save
exit
=======================================================================
sudo su
pppoe_id=$(ifconfig | grep -m 1 eth0 | awk '{print $5}' | awk -F':' '{print "set interfaces ethernet eth0 vif 6 pppoe 0 user-id "$1"-"$2"-"$3"-"$4"-"$5"-"$6"@internet"}')
echo "$pppoe_id"
exit
=======================================================================
configure
delete interfaces ethernet eth0 address
set interfaces ethernet eth0 description "eth0 - FTTH"
set interfaces ethernet eth0 duplex auto
set interfaces ethernet eth0 speed auto
set interfaces ethernet eth0 mtu 1512
set interfaces ethernet eth0 vif 6 description "eth0.6 - Internet"
set interfaces ethernet eth0 vif 6 mtu 1508
(YOUR SET LINE FOR USER-ID, received from previous step)
set interfaces ethernet eth0 vif 6 pppoe 0 password 1234
set interfaces ethernet eth0 vif 6 pppoe 0 default-route auto
set interfaces ethernet eth0 vif 6 pppoe 0 name-server auto
set interfaces ethernet eth0 vif 6 pppoe 0 idle-timeout 180
set interfaces ethernet eth0 vif 6 pppoe 0 mtu 1500
set interfaces ethernet eth0 vif 6 pppoe 0 firewall in name WAN_IN
set interfaces ethernet eth0 vif 6 pppoe 0 firewall local name WAN_LOCAL
set system name-server 8.8.8.8
set system name-server 8.8.4.4
commit
save
exit
========================================================================
configure
set system offload ipv4 forwarding enable
set system offload ipv4 pppoe enable
set system offload ipv4 vlan enable
commit
save
exit
========================================================================
configure
set service nat rule 5010 description "XS4ALL Internet"
set service nat rule 5010 log enable
set service nat rule 5010 outbound-interface pppoe0
set service nat rule 5010 protocol all
set service nat rule 5010 source address 192.168.2.0/24
set service nat rule 5010 type masquerade
commit
save
exit
===========================================================================
configure
set system traffic-analysis dpi enable
set system traffic-analysis export enable
commit
save
exit
===========================================================================
configure
set system package repository wheezy components "main contrib non-free"
set system package repository wheezy distribution wheezy
set system package repository wheezy url
http://mirror.leaseweb.com/debian
set system package repository wheezy-security components main
set system package repository wheezy-security distribution wheezy/updates
set system package repository wheezy-security url
http://security.debian.org
commit
save
exit
sudo apt-get update
=========================================================================
sudo apt-get install package
=========================================================================
configure
set interfaces ethernet eth0 vif 4 address dhcp
set interfaces ethernet eth0 vif 4 description "eth0.4 - IPTV"
set interfaces ethernet eth0 vif 4 dhcp-options client-option "send vendor-class-identifier "IPTV_RG";"
set interfaces ethernet eth0 vif 4 dhcp-options client-option "request subnet-mask, routers, rfc3442-classless-static-routes;"
set interfaces ethernet eth0 vif 4 dhcp-options default-route no-update
set interfaces ethernet eth0 vif 4 dhcp-options default-route-distance 210
set interfaces ethernet eth0 vif 4 dhcp-options name-server update
commit
save
exit
=========================================================================
configure
set service dhcp-server global-parameters "option vendor-class-identifier code 60 = string;"
set service dhcp-server global-parameters "option broadcast-address code 28 = ip-address;"
commit
save
exit
=========================================================================
sudo su
r_ip=$(show dhcp client leases | grep router | awk '{ print $3 }');
iptv_static=$(echo "set protocols static route 213.75.112.0/21 next-hop $r_ip")
echo -e "$iptv_static"
exit
========================================================================
configure
set service nat rule 5000 description IPTV
set service nat rule 5000 log disable
set service nat rule 5000 outbound-interface eth0.4
set service nat rule 5000 protocol all
set service nat rule 5000 destination address 213.75.112.0/21
set service nat rule 5000 type masquerade
(YOUR SET LINE FOR STATIC ROUTE, received from previous step)
commit
save
exit
==========================================================================
configure
set protocols igmp-proxy interface eth0.4 alt-subnet 0.0.0.0/0
set protocols igmp-proxy interface eth0.4 role upstream
set protocols igmp-proxy interface eth0.4 threshold 1
set protocols igmp-proxy interface eth1 alt-subnet 0.0.0.0/0
set protocols igmp-proxy interface eth1 role downstream
set protocols igmp-proxy interface eth1 threshold 1
set protocols igmp-proxy interface eth2 alt-subnet 0.0.0.0/0
set protocols igmp-proxy interface eth2 role downstream
set protocols igmp-proxy interface eth2 threshold 1
set protocols igmp-proxy interface eth3 alt-subnet 0.0.0.0/0
set protocols igmp-proxy interface eth3 role downstream
set protocols igmp-proxy interface eth3 threshold 1
set protocols igmp-proxy interface eth4 alt-subnet 0.0.0.0/0
set protocols igmp-proxy interface eth4 role downstream
set protocols igmp-proxy interface eth4 threshold 1
commit
save
exit
==============================================================================
configure
set firewall ipv6-name WANv6_IN default-action drop
set firewall ipv6-name WANv6_IN description "WAN inbound traffic forwarded to LAN"
set firewall ipv6-name WANv6_IN enable-default-log
set firewall ipv6-name WANv6_IN rule 10 action accept
set firewall ipv6-name WANv6_IN rule 10 description "Allow established/related sessions"
set firewall ipv6-name WANv6_IN rule 10 state established enable
set firewall ipv6-name WANv6_IN rule 10 state related enable
set firewall ipv6-name WANv6_IN rule 20 action drop
set firewall ipv6-name WANv6_IN rule 20 description "Drop invalid state"
set firewall ipv6-name WANv6_IN rule 20 state invalid enable
set firewall ipv6-name WANv6_LOCAL default-action drop
set firewall ipv6-name WANv6_LOCAL description "WAN inbound traffic to the router"
set firewall ipv6-name WANv6_LOCAL enable-default-log
set firewall ipv6-name WANv6_LOCAL rule 10 action accept
set firewall ipv6-name WANv6_LOCAL rule 10 description "Allow established/related sessions"
set firewall ipv6-name WANv6_LOCAL rule 10 state established enable
set firewall ipv6-name WANv6_LOCAL rule 10 state related enable
set firewall ipv6-name WANv6_LOCAL rule 20 action drop
set firewall ipv6-name WANv6_LOCAL rule 20 description "Drop invalid state"
set firewall ipv6-name WANv6_LOCAL rule 20 state invalid enable
set firewall ipv6-name WANv6_LOCAL rule 30 action accept
set firewall ipv6-name WANv6_LOCAL rule 30 description "Allow IPv6 icmp"
set firewall ipv6-name WANv6_LOCAL rule 30 protocol ipv6-icmp
set firewall ipv6-name WANv6_LOCAL rule 40 action accept
set firewall ipv6-name WANv6_LOCAL rule 40 description "allow dhcpv6"
set firewall ipv6-name WANv6_LOCAL rule 40 destination port 546
set firewall ipv6-name WANv6_LOCAL rule 40 protocol udp
set firewall ipv6-name WANv6_LOCAL rule 40 source port 547
commit
save
exit
================================================================================
configure
set interfaces ethernet eth0 vif 6 pppoe 0 firewall in ipv6-name WANv6_IN
set interfaces ethernet eth0 vif 6 pppoe 0 firewall local ipv6-name WANv6_LOCAL
set interfaces ethernet eth0 vif 6 pppoe 0 ipv6 enable
set interfaces ethernet eth0 vif 6 pppoe 0 ipv6 address autoconf
set interfaces ethernet eth0 vif 6 pppoe 0 ipv6 dup-addr-detect-transmits 1
set interfaces ethernet eth0 vif 6 pppoe 0 dhcpv6-pd no-dns
set interfaces ethernet eth0 vif 6 pppoe 0 dhcpv6-pd pd 0 interface eth1 prefix-id :1
set interfaces ethernet eth0 vif 6 pppoe 0 dhcpv6-pd pd 0 interface eth1 service slaac
set interfaces ethernet eth0 vif 6 pppoe 0 dhcpv6-pd pd 0 prefix-length /48
set interfaces ethernet eth0 vif 6 pppoe 0 dhcpv6-pd rapid-commit disable
set protocols static interface-route6 ::/0 next-hop-interface pppoe0
commit
save
exit
=================================================================================
configure
set interfaces ethernet eth1 ipv6 dup-addr-detect-transmits 1
set interfaces ethernet eth1 ipv6 router-advert cur-hop-limit 64
set interfaces ethernet eth1 ipv6 router-advert link-mtu 0
set interfaces ethernet eth1 ipv6 router-advert managed-flag false
set interfaces ethernet eth1 ipv6 router-advert max-interval 600
set interfaces ethernet eth1 ipv6 router-advert name-server 2001:4860:4860::8888
set interfaces ethernet eth1 ipv6 router-advert name-server 2001:4860:4860::8844
set interfaces ethernet eth1 ipv6 router-advert radvd-options "RDNSS 2001:4860:4860::8888 2001:4860:4860::8844 {};"
set interfaces ethernet eth1 ipv6 router-advert other-config-flag false
set interfaces ethernet eth1 ipv6 router-advert reachable-time 0
set interfaces ethernet eth1 ipv6 router-advert retrans-timer 0
set interfaces ethernet eth1 ipv6 router-advert send-advert true
set interfaces ethernet eth1 ipv6 router-advert prefix ::/64 autonomous-flag true
set interfaces ethernet eth1 ipv6 router-advert prefix ::/64 on-link-flag true
set interfaces ethernet eth1 ipv6 router-advert prefix ::/64 valid-lifetime 2592000
set system name-server 2001:4860:4860::8888
set system name-server 2001:4860:4860::8844
commit
save
exit
=================================================================================
configure
set system offload ipv6 forwarding enable
set system offload ipv6 pppoe enable
commit
save
exit
=====================================================================================
reboot
====================================================================================