set firewall state-policy established action 'accept'
set firewall state-policy related action 'accept'
set high-availability vrrp group ff address 172.16.0.2/24
set high-availability vrrp group ff hello-source-address '172.16.0.206'
set high-availability vrrp group ff interface 'eth1'
set high-availability vrrp group ff peer-address '172.16.0.202'
set high-availability vrrp group ff priority '100'
set high-availability vrrp group ff vrid '10'
set high-availability vrrp sync-group sync member 'ff'
set interfaces ethernet eth0 address '10.10.10.206/24'
set interfaces ethernet eth0 address '2a01:4f9:12:3456::3/64'
set interfaces ethernet eth0 description 'WAN'
set interfaces ethernet eth1 address '172.16.0.206/24'
set interfaces ethernet eth1 description 'LAN'
set interfaces ethernet eth1 mtu '1450'
set interfaces loopback lo
set nat destination rule 10 description 'HTTP to SITE'
set nat destination rule 10 destination port '80'
set nat destination rule 10 inbound-interface 'eth0'
set nat destination rule 10 protocol 'tcp'
set nat destination rule 10 translation address '172.16.0.112'
set nat destination rule 10 translation port '80'
set nat destination rule 20 description 'HTTPS to SITE'
set nat destination rule 20 destination port '443'
set nat destination rule 20 inbound-interface 'eth0'
set nat destination rule 20 protocol 'tcp_udp'
set nat destination rule 20 translation address '172.16.0.112'
set nat destination rule 20 translation port '443'
set nat destination rule 30 description 'FTP to SITE'
set nat destination rule 30 destination port '21'
set nat destination rule 30 inbound-interface 'eth0'
set nat destination rule 30 protocol 'tcp'
set nat destination rule 30 translation address '172.16.0.112'
set nat destination rule 30 translation port '21'
set nat destination rule 40 description 'FTP to SITE - Passive ports'
set nat destination rule 40 destination port '35000-40000'
set nat destination rule 40 inbound-interface 'eth0'
set nat destination rule 40 protocol 'tcp'
set nat destination rule 40 translation address '172.16.0.112'
set nat destination rule 40 translation port '35000-40000'
set nat destination rule 50 description 'MYSQL to SITE'
set nat destination rule 50 destination port '3306'
set nat destination rule 50 inbound-interface 'eth0'
set nat destination rule 50 protocol 'tcp'
set nat destination rule 50 translation address '172.16.0.112'
set nat destination rule 50 translation port '3306'
set nat source rule 10 outbound-interface 'eth0'
set nat source rule 10 source address '172.16.0.0/24'
set nat source rule 10 translation address 'masquerade'
set policy route eth0-out interface 'eth0'
set policy route eth0-out rule 10 protocol 'tcp'
set policy route eth0-out rule 10 set tcp-mss '1450'
set policy route eth0-out rule 10 tcp flags syn
set protocols static route 0.0.0.0/0 next-hop 10.10.10.1
set protocols static route6 ::/0 next-hop fe80::1 interface 'eth0'
set service conntrack-sync event-listen-queue-size '8'
set service conntrack-sync failover-mechanism vrrp sync-group 'sync'
set service conntrack-sync interface eth1
set service conntrack-sync mcast-group '224.0.0.50'
set service conntrack-sync sync-queue-size '8'
set service dns forwarding allow-from '172.16.0.0/24'
set service dns forwarding listen-address '172.16.0.1'
set service dns forwarding system
set service ntp allow-client address '172.16.0.0/24'
set service ntp server time1.vyos.net
set service ntp server time2.vyos.net
set service ntp server time3.vyos.net
set service snmp community snmp-community
set service snmp contact 'admin@support.com'
set service snmp location 'Hetzner'
set service ssh
set system config-management commit-revisions '100'
set system conntrack expect-table-size '8192'
set system conntrack hash-size '131072'
set system conntrack modules ftp
set system conntrack table-size '1048576'
set system console device ttyS0 speed '115200'
set system host-name 'gate6'
set system name-server '1.1.1.1'