Last active
January 14, 2021 01:49
-
-
Save bryanklingner/c5befc68b1570e5d497f to your computer and use it in GitHub Desktop.
Google Fiber with Ubiquiti EdgeRouter PoE config.boot
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
firewall { | |
all-ping enable | |
broadcast-ping disable | |
ipv6-receive-redirects disable | |
ipv6-src-route disable | |
ip-src-route disable | |
log-martians enable | |
name WAN_IN { | |
default-action drop | |
description "WAN to Internal" | |
enable-default-log | |
rule 1 { | |
action accept | |
description "Allow established/related" | |
log disable | |
state { | |
established enable | |
related enable | |
} | |
} | |
rule 2 { | |
action drop | |
description "Drop invalid state" | |
log enable | |
state { | |
invalid enable | |
} | |
} | |
} | |
name WAN_LOCAL { | |
default-action drop | |
description "WAN to Router" | |
enable-default-log | |
rule 1 { | |
action accept | |
description "Allow established/related" | |
log disable | |
state { | |
established enable | |
related enable | |
} | |
} | |
rule 2 { | |
action drop | |
description "Drop invalid state" | |
log enable | |
state { | |
invalid enable | |
} | |
} | |
} | |
options { | |
mss-clamp { | |
interface-type all | |
mss 1460 | |
} | |
} | |
receive-redirects disable | |
send-redirects enable | |
source-validation disable | |
syn-cookies enable | |
} | |
interfaces { | |
ethernet eth0 { | |
address 192.168.0.1/24 | |
description "Local Config Port" | |
duplex auto | |
poe { | |
output off | |
} | |
speed auto | |
} | |
ethernet eth1 { | |
description "Google Fiber Jack" | |
duplex auto | |
poe { | |
output 48v | |
} | |
speed auto | |
vif 2 { | |
address dhcp | |
address dhcpv6 | |
description "Google Fiber WAN" | |
egress-qos 0:3 | |
firewall { | |
in { | |
name WAN_IN | |
} | |
local { | |
name WAN_LOCAL | |
} | |
} | |
} | |
} | |
ethernet eth2 { | |
description "LAN 0" | |
duplex auto | |
poe { | |
output off | |
} | |
speed auto | |
} | |
ethernet eth3 { | |
description "LAN 1" | |
duplex auto | |
poe { | |
output off | |
} | |
speed auto | |
} | |
ethernet eth4 { | |
description "LAN 2" | |
duplex auto | |
poe { | |
output off | |
} | |
speed auto | |
} | |
loopback lo { | |
} | |
switch switch0 { | |
address 192.168.1.1/24 | |
description "LAN Switch" | |
mtu 1500 | |
switch-port { | |
interface eth2 | |
interface eth3 | |
interface eth4 | |
} | |
} | |
} | |
port-forward { | |
auto-firewall enable | |
hairpin-nat enable | |
lan-interface switch0 | |
wan-interface eth1.2 | |
} | |
service { | |
dhcp-server { | |
disabled false | |
hostfile-update enable | |
shared-network-name LAN { | |
authoritative disable | |
subnet 192.168.1.0/24 { | |
default-router 192.168.1.1 | |
dns-server 192.168.1.1 | |
lease 86400 | |
start 192.168.1.101 { | |
stop 192.168.1.254 | |
} | |
} | |
} | |
} | |
dns { | |
forwarding { | |
cache-size 1000 | |
listen-on switch0 | |
name-server 8.8.8.8 | |
name-server 8.8.4.4 | |
} | |
} | |
gui { | |
https-port 443 | |
} | |
nat { | |
rule 5000 { | |
description "Masquerade for WAN" | |
log disable | |
outbound-interface eth1.2 | |
protocol all | |
type masquerade | |
} | |
} | |
ssh { | |
port 22 | |
protocol-version v2 | |
} | |
upnp2 { | |
listen-on switch0 | |
nat-pmp disable | |
secure-mode disable | |
wan eth1.2 | |
} | |
} | |
system { | |
host-name edgy-loop | |
login { | |
user adminuser { | |
authentication { | |
encrypted-password redacted | |
plaintext-password "" | |
} | |
level admin | |
} | |
} | |
name-server 8.8.8.8 | |
name-server 8.8.4.4 | |
ntp { | |
server 0.ubnt.pool.ntp.org { | |
} | |
server 1.ubnt.pool.ntp.org { | |
} | |
server 2.ubnt.pool.ntp.org { | |
} | |
server 3.ubnt.pool.ntp.org { | |
} | |
} | |
offload { | |
ipsec enable | |
ipv4 { | |
forwarding enable | |
vlan enable | |
} | |
ipv6 { | |
forwarding disable | |
} | |
} | |
syslog { | |
global { | |
facility all { | |
level notice | |
} | |
facility protocols { | |
level debug | |
} | |
} | |
} | |
time-zone America/Chicago | |
} |
Hi Bryan,
Do you have a working config that allows for ipv6 addressing? I tried to modify your and Steve's config but haven't been able to successfully get an ip6 address. The gist is here: https://gist.github.com/atomizer123/f8aee29b8fb192d6ea09d9607aa38ef3
Could you see what might be corrected to get it working?
Thanks
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Nice, Bryan! I've tacked on a new section to my blog post referencing this PoE version of the EdgeRouter config.boot file:
http://www.stevejenkins.com/blog/2015/11/replace-your-google-fiber-network-box-with-a-ubiquiti-edgerouter-lite/
I also created a patch with "diff -Naur" so readers can quickly see the differences between what you have to do on an ERLite-3 vs. and ER5-PoE to get this working with Google Fiber:
https://gist.github.com/stevejenkins/d18d269a7651e9f493b3
Thanks and Happy New Year! :)