云南龙网

  1. 首页 > 云知道 > >

路由器VS防火墙 ROUTER典型防火墙设置

云知道


show running-config
version 11.2
service timestamps debug datetime msec
service timestamps log datetime msec
service passWord-encryption
no service udp-small-servers
no service tcp-small-servers
!
hostname fw-rtr
!
enable password cisco
!
username admin password cisco
username chw10.Sydney password cisco
no ip source-route
ip nat pool inside-pool 203.1.1.2 203.1.1.254 netmask 255.255.255.0
ip nat inside source list 99 pool inside-pool
ip domain-list domain.com
ip domain-name domain.com
ip name-server 192.168.1.1
ip inspect name internet smtp
ip inspect name internet http Java-list 42 timeout 60
ip inspect name internet FTP
ip inspect name internet tcp
ip inspect name internet udp
ip inspect name internet realaudio
ip inspect name internet h323
ip inspect name internet cuseeme
isdn switch-type basic-net3
clock timezone AEST 10
!
interface Loopback0
ip address 203.1.1.1 255.255.255.0
!
interface Ethernet0
ip address 192.168.1.253 255.255.255.0
ip nat inside
ip route-cache same-interface
!
interface BRI0
no ip address
encapsulation ppp
dialer pool-member 1
no fair-queue
ppp authentication chap callin
ppp multilink
!
interface Dialer0
description BigPond Dialup Link
ip address 139.130.98.32 255.255.254.0
ip Access-group 169 in
ip access-group 158 out
no ip unreachables
no ip directed-broadcast
no ip proxy-arp
ip nat outside
ip inspect internet out
encapsulation ppp
dialer remote-name chw10.Sydney
dialer idle-timeout 999999
dialer string 84486000
dialer load-threshold 1 either
dialer pool 1
dialer-group 1
no fair-queue
no cdp enable
ppp chap hostname anixte0
ppp multilink
!
ip classless
ip route 0.0.0.0 0.0.0.0 139.130.98.1
ip route 192.168.0.0 255.255.0.0 192.168.1.254
ip http server
ip http access-class 1
logging buffered 16000 debugging
logging 192.168.1.1
access-list 1 permit 192.168.1.0 0.0.0.255
access-list 2 deny any
access-list 42 permit any
access-list 99 permit 192.168.0.0 0.0.255.255
access-list 101 deny udp any any eq rip
access-list 101 permit icmp any any
access-list 101 permit ip any any
access-list 158 permit icmp any any
access-list 158 permit udp any any
access-list 158 permit tcp any any
access-list 158 deny ip any any log-input
access-list 159 permit icmp any any
access-list 159 permit ip any any
access-list 159 permit tcp any any eq smtp
access-list 159 permit tcp any any eq www
access-list 159 permit tcp any any eq telnet
access-list 159 permit tcp any any eq ftp
access-list 159 permit tcp any any eq ftp-data
access-list 159 permit tcp any any eq domain
access-list 159 permit udp any any eq domain
access-list 159 permit tcp any any eq 554
access-list 159 permit tcp any any eq 7070
access-list 159 deny ip any any log-input
access-list 169 permit icmp any any
access-list 169 permit tcp any any eq smtp
access-list 169 permit tcp any any eq www
access-list 169 permit tcp any any eq ftp
access-list 169 permit tcp any any eq domain
access-list 169 permit udp any any eq domain
access-list 169 deny ip any any log-input
access-list 181 permit tcp any any eq www
access-list 181 permit tcp any eq www any
access-list 182 permit tcp any any eq ftp-data
access-list 182 permit tcp any eq ftp-data any
snmp-server community public RO 1
snmp-server community private RW 1

推荐阅读


上一篇:11月份的草莓是反季节水果吗

下一篇:鲨鱼记账是免费的吗