路由器VS防火墙 ROUTER典型防火墙设置-网络通信专区

路由器VS防火墙 ROUTER典型防火墙设置

作者：www.net130.com 编辑：王炯 2007-06-24 00:00

show running-config &n bsp;

　　version 11.2

　　service timestamps debug datetime msec

　　service timestamps log datetime msec

　　service password-encryption

　　no service udp-small-servers

　　no service tcp-small-servers

　　hostname fw-rtr

　　enable password cisco

　　username admin password cisco

　　username chw10.Sydney password cisco

　　no ip source-route

　　ip nat pool inside-p

ool 203.1.1.2 203.1.1.254 ne

tmask 255.255.255.0

　　ip nat inside source

list 99 pool inside-pool

　　ip domain-list domain.com

　　ip domain-name domain.com

　　ip name-server 192.168.1.1

　　ip inspect name internet smtp

　　ip inspect name inte

rnet http java-list 42 timeo

ut 60

　　ip inspect name internet ftp

　　ip inspect name internet tcp

　　ip inspect name internet udp

　　ip inspect name internet realaudio

　　ip inspect name internet h323

　　ip inspect name internet cuseeme

　　isdn switch-type basic-net3

　　clock timezone AEST 10

　　interface Loopback0

　　ip address 203.1.1.1 255.255.255.0

　　interface Ethernet0

　　ip address 192.168.1.253 255.255.255.0

　　ip nat inside

　　ip route-cache same-interface

　　interface BRI0

　　no ip address

　　encapsulation ppp

　　dialer pool-member 1

　　no fair-queue

　　ppp authentication chap callin

　　ppp multilink

　　interface Dialer0

　　description BigPond Dialup Link

　　ip address 139.130.98.32 255.255.254.0

　　ip access-group 169 in

　　ip access-group 158 out

　　no ip unreachables

　　no ip directed-broadcast

　　no ip proxy-arp

　　ip nat outside

　　ip inspect internet out

　　encapsulation ppp

　　dialer remote-name chw10.Sydney

　　dialer idle-timeout 999999

　　dialer string 84486000

　　dialer load-threshold 1 either

　　dialer pool 1

　　dialer-group 1

　　no fair-queue

　　no cdp enable

　　ppp chap hostname anixte0

　　ppp multilink

　　ip classless

　　ip route 0.0.0.0 0.0.0.0 139.130.98.1

　　ip route 192.168.0.0 255.255.0.0

192.168.1.254

　　ip http server

　　ip http access-class 1

　　logging buffered 16000 debugging

　　logging 192.168.1.1

　　access-list 1 permit 192.168.1.0

0.0.0.255

　　access-list 2 deny any

　　access-list 42 permit any

　　access-list 99 permi

t 192.168.0.0 0.0.255.255

　　access-list 101 deny udp any any

eq rip

　　access-list 101 permit icmp any any

　　access-list 101 permit ip any any

　　access-list 158 permit icmp any any

　　access-list 158 permit udp any any

　　access-list 158 permit tcp any any

　　access-list 158 deny

ip any any log-input

　　access-list 159 permit icmp any any

　　access-list 159 permit ip any any

　　access-list 159 perm

it tcp any any eq smtp

　　access-list 159 perm

it tcp any any eq www

　　access-list 159 permit tcp any a

ny eq telnet

　　access-list 159 permit tcp any a

ny eq ftp

　　access-list 159 perm

it tcp any any eq ftp-data

　　access-list 159 perm

it tcp any any eq domain

　　access-list 159 permit udp any a

ny eq domain

　　access-list 159 perm

it tcp any any eq 554

　　access-list 159 perm

it tcp any any eq 7070

　　access-list 159 deny ip any any

log-input

　　access-list 169 permit icmp any any

　　access-list 169 perm

it tcp any any eq smtp

　　access-list 169 permit tcp any a

ny eq www

　　access-list 169 perm

it tcp any any eq ftp

　　access-list 169 perm

it tcp any any eq domain

　　access-list 169 permit udp any a

ny eq domain

　　access-list 169 deny

ip any any log-input

　　access-list 181 permit tcp any a

ny eq www

　　access-list 181 permit tcp any e

q www any

　　access-list 182 perm

it tcp any any eq ftp-data

　　access-list 182 perm

it tcp any eq ftp-data any

　　snmp-server community public RO 1

　　snmp-server community private RW 1

　　snmp-server trap-source Ethernet0

　　snmp-server contact Keith Sinclair

　　snmp-server host 192.168.1.1 public

　　dialer-list 1 protocol ip permit

　　dialer-list 2 protocol ip list 101

　　banner motd #

　　********************************

*************************************

　　* *

　　* Firewall Router. RESTRICTED ACCESS *

　　* *

　　* No Unauthorised Access. *

　　* *

　　* No Hackers, Phreaks, Crackers

or so called security *

　　* experts allowed! *

　　* *

　　* Contact(s): http://www.net130.com *

　　* *

　　********************

****************************

*********************

　　line con 0

　　line vty 0 4

　　access-class 1 in

　　access-class 2 out

　　exec-timeout 15 0

　　end

　　show version

　　Cisco Internetwork O

perating System Software

　　IOS (tm) 1600 Softwa

re (C1600-OY-L), Version 11.

2(17)P, RELEASE SOFTWARE (fc1)

999 by cisco Systems, Inc.

　　Compiled Tue 12-Jan-99 14:25 by pwade

　　Image text-base: 0x0

801FC84, data-base: 0x020050

　　ROM: System Bootstrap, Version 1
(fc

1.1(10)AA, EARLY DEPLOYMENT RELEASE SOFTWARE

　　ROM: 1600 Software (
RELEASE

C1600-BOOT-R), Version 11.1(

10)AA, EARLY DEPLOYMENT

　　SOFTWARE (fc1)

　　fw-rtr uptime is 4 w

eeks, 5 hours, 47 minutes

　　System restarted by reload

　　System image file is "flash:c160

0-oy-l_112-17_P.bin", booted via flash

　　cisco 1603 (68360) p

rocessor (revision C) with 3

584K/512K bytes of memory.

　　Processor board ID 07064947, wit

h hardware revision 00000000

　　Bridging software.

　　X.25 software, Versi

on 2.0, NET2, BFE and GOSIP

compliant.

　　Basic Rate ISDN software, Version 1.0.

　　1 Ethernet/IEEE 802.3 interface(s)

　　1 ISDN Basic Rate interface(s)

　　System/IO memory with parity disabled

　　2048K bytes of DRAM

onboard 2048K bytes of DRAM

on SIMM

　　System running from FLASH

　　8K bytes of non-volatile configu

ration memory.

　　4096K bytes of proce

ssor board PCMCIA flash (Rea

d ONLY)

　　Configuration register is 0x2102

转载地址：http://www.net130.com/CMS/Pub/Tech/tech_instance/183210.htm

关注我们