电脑技术学习

路由器VS防火墙 ROUTER典型防火墙设置

dn001

  show running-config
  
  version 11.2
  service timestamps debug datetime msec
  service timestamps log datetime msec
  service passWord-encryption
  no service udp-small-servers
  no service tcp-small-servers
  !
  hostname fw-rtr
  !
  enable password cisco
  !
  username admin password cisco
  username chw10.Sydney password cisco
  no ip source-route
  ip nat pool inside-pool 203.1.1.2 203.1.1.254 netmask 255.255.255.0
  ip nat inside source list 99 pool inside-pool
  ip domain-list domain.com
  ip domain-name domain.com
  ip name-server 192.168.1.1
  ip inspect name internet smtp
  ip inspect name internet http Java-list 42 timeout 60
  ip inspect name internet FTP
  ip inspect name internet tcp
  ip inspect name internet udp
  ip inspect name internet realaudio
  ip inspect name internet h323
  ip inspect name internet cuseeme
  isdn switch-type basic-net3
  clock timezone AEST 10
  !
  interface Loopback0
  ip address 203.1.1.1 255.255.255.0
  !
  interface Ethernet0
  ip address 192.168.1.253 255.255.255.0
  ip nat inside
  ip route-cache same-interface
  !
  interface BRI0
  no ip address
  encapsulation ppp
  dialer pool-member 1
  no fair-queue
  ppp authentication chap callin
  ppp multilink
  !
  interface Dialer0
  description BigPond Dialup Link
  ip address 139.130.98.32 255.255.254.0
  ip Access-group 169 in
  ip access-group 158 out
  no ip unreachables
  no ip directed-broadcast
  no ip proxy-arp
  ip nat outside
  ip inspect internet out
  encapsulation ppp
  dialer remote-name chw10.Sydney
  dialer idle-timeout 999999
  dialer string 84486000
  dialer load-threshold 1 either
  dialer pool 1
  dialer-group 1
  no fair-queue
  no cdp enable
  ppp chap hostname anixte0
  ppp multilink
  !
  ip classless
  ip route 0.0.0.0 0.0.0.0 139.130.98.1
  ip route 192.168.0.0 255.255.0.0 192.168.1.254
  ip http server
  ip http access-class 1
  logging buffered 16000 debugging
  logging 192.168.1.1
  access-list 1 permit 192.168.1.0 0.0.0.255
  access-list 2 deny any
  access-list 42 permit any
  access-list 99 permit 192.168.0.0 0.0.255.255
  access-list 101 deny udp any any eq rip
  access-list 101 permit icmp any any
  access-list 101 permit ip any any
  access-list 158 permit icmp any any
  access-list 158 permit udp any any
  access-list 158 permit tcp any any
  access-list 158 deny ip any any log-input
  access-list 159 permit icmp any any
  access-list 159 permit ip any any
  access-list 159 permit tcp any any eq smtp
  access-list 159 permit tcp any any eq www
  access-list 159 permit tcp any any eq telnet
  access-list 159 permit tcp any any eq ftp
  access-list 159 permit tcp any any eq ftp-data
  access-list 159 permit tcp any any eq domain
  access-list 159 permit udp any any eq domain
  access-list 159 permit tcp any any eq 554
  access-list 159 permit tcp any any eq 7070
  access-list 159 deny ip any any log-input
  access-list 169 permit icmp any any
  access-list 169 permit tcp any any eq smtp
  access-list 169 permit tcp any any eq www
  access-list 169 permit tcp any any eq ftp
  access-list 169 permit tcp any any eq domain
  access-list 169 permit udp any any eq domain
  access-list 169 deny ip any any log-input
  access-list 181 permit tcp any any eq www
  access-list 181 permit tcp any eq www any
  access-list 182 permit tcp any any eq ftp-data
  access-list 182 permit tcp any eq ftp-data any
  snmp-server community public RO 1
  snmp-server community private RW 1
  snmp-server trap-source Ethernet0
  snmp-server contact Keith Sinclair
  snmp-server host 192.168.1.1 public
  dialer-list 1 protocol ip permit
  dialer-list 2 protocol ip list 101
  banner motd #
  *********************************************************************
  * *
  * Firewall Router. RESTRICTED ACCESS *
  * *
  * No Unauthorised Access. *
  * *
  * No Hackers, Phreaks, Crackers or so called security *
  * eXPerts allowed! *
  * *
  * Contact(s): http://www.net130.com *
  * *
  *********************************************************************
  #
  !
  line con 0
  login local
  line vty 0 4
  access-class 1 in
  access-class 2 out
  exec-timeout 15 0
  login local
  !
  end
  
  show version
  
  Cisco Internetwork Operating System Software
  IOS (tm) 1600 Software (C1600-OY-L), Version 11.2(17)P, RELEASE SOFTWARE (fc1)
  
  Copyright (c) 1986-1999 by cisco Systems, Inc.
  Compiled Tue 12-Jan-99 14:25 by pwade
  Image text-base: 0x0801FC84, data-base: 0x02005000
  
  ROM: System Bootstrap, Version 11.1(10)AA, EARLY DEPLOYMENT RELEASE SOFTWARE (fc
  1)
  ROM: 1600 Software (C1600-BOOT-R), Version 11.1(10)AA, EARLY DEPLOYMENT RELEASE
  SOFTWARE (fc1)
  
  fw-rtr uptime is 4 weeks, 5 hours, 47 minutes
  System restarted by reload
  System image file is "flash:c1600-oy-l_112-17_P.bin", booted via flash
  
  cisco 1603 (68360) processor (revision C) with 3584K/512K bytes of memory.
  Processor board ID 07064947, with hardware revision 00000000
  Bridging software.
  X.25 software, Version 2.0, NET2, BFE and GOSIP compliant.
  Basic Rate ISDN software, Version 1.0.
  1 Ethernet/IEEE 802.3 interface(s)
  1 ISDN Basic Rate interface(s)
  System/IO memory with parity disabled
  2048K bytes of DRAM onboard 2048K bytes of DRAM on SIMM
  System running from FLASH
  8K bytes of non-volatile configuration memory.
  4096K bytes of processor board PCMCIA flash (Read ONLY)
  
  Configuration register is 0x2102