IT运维管理,创造商业价值!
网站地图 | RSS订阅 | 设为首页 | 加入收藏
中国IT运维网首页 | 资讯中心 | 运维管理 | 信息安全 | CIO视界 | 云计算 | 最佳案例 | 运维资源 | 专题策划 | 知识库 | 论坛
中国IT运维网 > 运维管理 > 安全运维 > 正文

路由器典型防火墙设置

2006年07月04日
/ 

 show running-config                               
version 11.2                                                     
service timestamps debug datetime msec 
service timestamps log datetime msec     
service password-encryption                       
no service udp-small-servers                     
no service tcp-small-servers                     
!                                                                           
hostname fw-rtr                                               
!                                                                           
enable password cisco                                   
!                                                                           
username admin password cisco                   
username chw10.Sydney password cisco     
no ip source-route                                         
ip nat pool inside-p
ool 203.1.1.2 203.1.1.254 ne
tmask 255.255.255.0 

ip nat inside source
list 99 pool inside-pool 
ip domain-list domain.com                           
ip domain-name domain.com                           
ip name-server 192.168.1.1                         
ip inspect name internet smtp                   
ip inspect name inte
rnet http java-list 42 timeo
ut 60 
ip inspect name internet ftp                     
ip inspect name internet tcp                     
ip inspect name internet udp                     
ip inspect name internet realaudio         
ip inspect name internet h323                   
ip inspect name internet cuseeme             
isdn switch-type basic-net3                       
clock timezone AEST 10                                 
!                                                                           
interface Loopback0                                       
ip address 203.1.1.1 255.255.255.0         
!                                                                           
interface Ethernet0                                       
ip address 192.168.1.253 255.255.255.0 
ip nat inside                                                   
ip route-cache same-interface                   
!                                                                           
interface BRI0                                                 
no ip address                                                   
encapsulation ppp                                           
dialer pool-member 1                                     
no fair-queue                                                   
ppp authentication chap callin                 
ppp multilink                                                   
!                                                                           
interface Dialer0                                           
description BigPond Dialup Link               
ip address 139.130.98.32 255.255.254.0 
ip access-group 169 in                                 
ip access-group 158 out                               
no ip unreachables                                         
no ip directed-broadcast                             
no ip proxy-arp                                               
ip nat outside                                                 
ip inspect internet out                               
encapsulation ppp                                           
dialer remote-name chw10.Sydney               
dialer idle-timeout 999999                         
dialer string 84486000                                 
dialer load-threshold 1 either                 
dialer pool 1                                                   
dialer-group 1                                                 
no fair-queue                                                   
no cdp enable                                                   
ppp chap hostname anixte0                           
ppp multilink                                                   
!                                                                           
ip classless                                                     
ip route 0.0.0.0 0.0.0.0 139.130.98.1   
ip route 192.168.0.0 255.255.0.0
192.168.1.254 
ip http server                                                 
ip http access-class 1                                 
logging buffered 16000 debugging             
logging 192.168.1.1                                       
access-list 1 permit 192.168.1.0
0.0.0.255 
access-list 2 deny any                                 
access-list 42 permit any                           

access-list 99 permi
t 192.168.0.0 0.0.255.255 
access-list 101 deny udp any any
eq rip 
access-list 101 permit icmp any any       
access-list 101 permit ip any any           
access-list 158 permit icmp any any       
access-list 158 permit udp any any         
access-list 158 permit tcp any any         

access-list 158 deny
ip any any log-input 
access-list 159 permit icmp any any       
access-list 159 permit ip any any           

access-list 159 perm
it tcp any any eq smtp 

access-list 159 perm
it tcp any any eq www 
access-list 159 permit tcp any a
ny eq telnet 
access-list 159 permit tcp any a
ny eq ftp 

access-list 159 perm
it tcp any any eq ftp-data 

access-list 159 perm
it tcp any any eq domain 
access-list 159 permit udp any a
ny eq domain 

access-list 159 perm
it tcp any any eq 554 

access-list 159 perm
it tcp any any eq 7070 
access-list 159 deny ip any any 
log-input 
access-list 169 permit icmp any any       

access-list 169 perm
it tcp any any eq smtp 
access-list 169 permit tcp any a
ny eq www 

access-list 169 perm
it tcp any any eq ftp 

access-list 169 perm
it tcp any any eq domain 
access-list 169 permit udp any a
ny eq domain 

access-list 169 deny
ip any any log-input 
access-list 181 permit tcp any a
ny eq www 
access-list 181 permit tcp any e
q www any 

access-list 182 perm
it tcp any any eq ftp-data 

access-list 182 perm
it tcp any eq ftp-data any 
snmp-server community public RO 1           
snmp-server community private RW 1         
snmp-server trap-source Ethernet0           
snmp-server contact Keith Sinclair         
snmp-server host 192.168.1.1 public       
dialer-list 1 protocol ip permit             
dialer-list 2 protocol ip list 101         
banner motd #                                                   
********************************
************************************* 
* *                                                                       
* Firewall Router. RESTRICTED ACCESS * 
* *                                                                       
* No Unauthorised Access. *                       
* *                                                                       
* No Hackers, Phreaks, Crackers 
or so called security * 
* experts allowed! *                                     
* *                                                                       
* Contact(s): http://www.net130.com *   
* *                                                                       
********************
****************************
********************* 
#                                                                           
!                                                                           
line con 0                                                         
login local                                                       
line vty 0 4                                                     
access-class 1 in                                           
access-class 2 out                                         
exec-timeout 15 0                                           
login local                                                       
!                                                                           
end                                                                       

show version                                                     

Cisco Internetwork O
perating System Software 
IOS (tm) 1600 Softwa
re (C1600-OY-L), Version 11.
2(17)P, RELEASE SOFTWARE (fc1)

Copyright (c) 1986-1
999 by cisco Systems, Inc. 
Compiled Tue 12-Jan-99 14:25 by pwade   
Image text-base: 0x0
801FC84, data-base: 0x020050
00 

ROM: System Bootstrap, Version 1
(fc 
1.1(10)AA, EARLY DEPLOYMENT RELEASE SOFTWARE 
1)                                                                         
ROM: 1600 Software (
RELEASE 
C1600-BOOT-R), Version 11.1(
10)AA, EARLY DEPLOYMENT 
SOFTWARE (fc1)                                                 

fw-rtr uptime is 4 w
eeks, 5 hours, 47 minutes 
System restarted by reload                         
System image file is "flash:c160
0-oy-l_112-17_P.bin", booted via flash

cisco 1603 (68360) p
rocessor (revision C) with 3
584K/512K bytes of memory. 
Processor board ID 07064947, wit
h hardware revision 00000000 
Bridging software.                                         
X.25 software, Versi
on 2.0, NET2, BFE and GOSIP 
compliant. 
Basic Rate ISDN software, Version 1.0. 
1 Ethernet/IEEE 802.3 interface(s)         
1 ISDN Basic Rate interface(s)                 
System/IO memory with parity disabled   
2048K bytes of DRAM 
onboard 2048K bytes of DRAM 
on SIMM 
System running from FLASH                           
8K bytes of non-volatile configu
ration memory. 
4096K bytes of proce
ssor board PCMCIA flash (Rea
d ONLY) 

Configuration register is 0x2102     


上一篇:Cisco防火墙的安装流程

下一篇:配置带有NAT的PIX实现IPSec VPN连接

声明:中国IT运维网登载此文出于传递更多信息之目的,并不意味着本站赞同其观点或证实其描述。其原创性以及文中陈述 文字和内容未经本站证实,对本文以及其中全部或者部分内容、文字的真实性、完整性、及时性本站不作任何保证或 承诺,请网友及读者仅作参考,并请自行核实相关内容。如原作者不同意在本网站刊登内容,请及时通知本站予以删除。凡本网站注明"来源:中国IT运维网"的作品,在授权范围内使用时,请保留注明"来源:中国IT运维网"。
发表评论请到:http://bbs.cnitom.com

相关阅读

图文热点

Power架构产品创新 IBM推动其本土化发展
Power架构产品创新 IBM推动其本土化发展自从1990年,IBM推出基于RISC系统的新产品线RS/6000(现称eServer p系列)之后,...
WAF:高校Web应用安全守护者
WAF:高校Web应用安全守护者最近几年高校网站被攻击的事件时有发生,造成了不良影响,因此越来越多的高校开始...

本类热点

关于我们 | 欢迎投稿 | 服务条款 | 免责声明 | 隐私保护 | 友情链接

CopyRight © 2009-2012 [中国IT运维网 www.cnitom.com] All Rights Reserved.

IT运维管理,创造商业价值!

京ICP备10047140号

联系邮箱:;QQ联络:1360095750。