路由器典型防火墙设置
简单三步解决企业垃圾邮件难题
version 11.2
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
no service udp-small-servers
no service tcp-small-servers
!
hostname fw-rtr
!
enable password cisco
!
username admin password cisco
username chw10.Sydney password cisco
no ip source-route
ip nat pool inside-pool 203.1.1.2 203.1.1.254 netmask 255.255.255.0
ip nat inside source list 99 pool inside-pool
ip domain-list domain.com
ip domain-name domain.com
ip name-server 192.168.1.1
ip inspect name internet smtp
ip inspect name internet http java-list 42 timeout 60
ip inspect name internet ftp
ip inspect name internet tcp
ip inspect name internet udp
ip inspect name internet realaudio
ip inspect name internet h323
ip inspect name internet cuseeme
isdn switch-type basic-net3
clock timezone AEST 10
!
interface Loopback0
ip address 203.1.1.1 255.255.255.0
!
interface Ethernet0
ip address 192.168.1.253 255.255.255.0
ip nat inside
ip route-cache same-interface
!
interface BRI0
no ip address
encapsulation ppp
dialer pool-member 1
no fair-queue
ppp authentication chap callin
ppp multilink
!
interface Dialer0
description BigPond Dialup Link
ip address 139.130.98.32 255.255.254.0
ip access-group 169 in
ip access-group 158 out
no ip unreachables
no ip directed-broadcast
no ip proxy-arp
ip nat outside
ip inspect internet out
encapsulation ppp
dialer remote-name chw10.Sydney
dialer idle-timeout 999999
dialer string 84486000
dialer load-threshold 1 either
dialer pool 1
dialer-group 1
no fair-queue
no cdp enable
ppp chap hostname anixte0
ppp multilink
!
ip classless
ip route 0.0.0.0 0.0.0.0 139.130.98.1
ip route 192.168.0.0 255.255.0.0 192.168.1.254
ip http server
ip http access-class 1
logging buffered 16000 debugging
logging 192.168.1.1
access-list 1 permit 192.168.1.0 0.0.0.255
access-list 2 deny any
access-list 42 permit any
access-list 99 permit 192.168.0.0 0.0.255.255
access-list 101 deny udp any any eq rip
access-list 101 permit icmp any any
access-list 101 permit ip any any
access-list 158 permit icmp any any
access-list 158 permit udp any any
access-list 158 permit tcp any any
access-list 158 deny ip any any log-input
access-list 159 permit icmp any any
access-list 159 permit ip any any
access-list 159 permit tcp any any eq smtp
access-list 159 permit tcp any any eq www
access-list 159 permit tcp any any eq telnet
access-list 159 permit tcp any any eq ftp
access-list 159 permit tcp any any eq ftp-data
access-list 159 permit tcp any any eq domain
access-list 159 permit udp any any eq domain
access-list 159 permit tcp any any eq 554
access-list 159 permit tcp any any eq 7070
access-list 159 deny ip any any log-input
access-list 169 permit icmp any any
access-list 169 permit tcp any any eq smtp
access-list 169 permit tcp any any eq www
access-list 169 permit tcp any any eq ftp
access-list 169 permit tcp any any eq domain
access-list 169 permit udp any any eq domain
access-list 169 deny ip any any log-input
access-list 181 permit tcp any any eq www
access-list 181 permit tcp any eq www any
access-list 182 permit tcp any any eq ftp-data
access-list 182 permit tcp any eq ftp-data any
snmp-server community public RO 1
snmp-server community private RW 1
snmp-server trap-source Ethernet0
snmp-server contact Keith Sinclair
snmp-server host 192.168.1.1 public
dialer-list 1 protocol ip permit
dialer-list 2 protocol ip list 101
banner motd #
*********************************************************************
* *
* Firewall Router. RESTRICTED ACCESS *
* *
* No Unauthorised Access. *
* *
* No Hackers, Phreaks, Crackers or so called security *
* experts allowed! *
* *
* Contact(s): http://www.net130.com *
* *
*********************************************************************
#
!
line con 0
login local
line vty 0 4
access-class 1 in
access-class 2 out
exec-timeout 15 0
login local
!
end
show version
Cisco Internetwork Operating System Software
IOS (tm) 1600 Software (C1600-OY-L), Version 11.2(17)P, RELEASE SOFTWARE (fc1)
Copyright (c) 1986-1999 by cisco Systems, Inc.
Compiled Tue 12-Jan-99 14:25 by pwade
Image text-base: 0x0801FC84, data-base: 0x02005000
ROM: System Bootstrap, Version 11.1(10)AA, EARLY DEPLOYMENT RELEASE SOFTWARE (fc
1)
ROM: 1600 Software (C1600-BOOT-R), Version 11.1(10)AA, EARLY DEPLOYMENT RELEASE
SOFTWARE (fc1)
fw-rtr uptime is 4 weeks, 5 hours, 47 minutes
System restarted by reload
System image file is "flash:c1600-oy-l_112-17_P.bin", booted via flash
cisco 1603 (68360) processor (revision C) with 3584K/512K bytes of memory.
Processor board ID 07064947, with hardware revision 00000000
Bridging software.
X.25 software, Version 2.0, NET2, BFE and GOSIP compliant.
Basic Rate ISDN software, Version 1.0.
1 Ethernet/IEEE 802.3 interface(s)
1 ISDN Basic Rate interface(s)
System/IO memory with parity disabled
2048K bytes of DRAM onboard 2048K bytes of DRAM on SIMM
System running from FLASH
8K bytes of non-volatile configuration memory.
4096K bytes of processor board PCMCIA flash (Read ONLY)
Configuration register is 0x2102
,| 自由广告区 |
 |
 |
| 分类导航 |
| 邮件新闻资讯: IT业界 | 邮件服务器 | 邮件趣闻 | 移动电邮 电子邮箱 | 反垃圾邮件|邮件客户端|网络安全 行业数据 | 邮件人物 | 网站公告 | 行业法规 网络技术: 邮件原理 | 网络协议 | 网络管理 | 传输介质 线路接入 | 路由接口 | 邮件存储 | 华为3Com CISCO技术 | 网络与服务器硬件 操作系统: Windows 9X | Linux&Uinx | Windows NT Windows Vista | FreeBSD | 其它操作系统 邮件服务器: 程序与开发 | Exchange | Qmail | Postfix Sendmail | MDaemon | Domino | Foxmail KerioMail | JavaMail | Winwebmail |James Merak&VisNetic | CMailServer | WinMail 金笛邮件系统 | 其它 | 反垃圾邮件: 综述| 客户端反垃圾邮件|服务器端反垃圾邮件 邮件客户端软件: Outlook | Foxmail | DreamMail| KooMail The bat | 雷鸟 | Eudora |Becky! |Pegasus IncrediMail |其它 电子邮箱: 个人邮箱 | 企业邮箱 |Gmail 移动电子邮件:服务器 | 客户端 | 技术前沿 邮件网络安全: 软件漏洞 | 安全知识 | 病毒公告 |防火墙 攻防技术 | 病毒查杀| ISA | 数字签名 邮件营销: Email营销 | 网络营销 | 营销技巧 |营销案例 邮件人才:招聘 | 职场 | 培训 | 指南 | 职场 解决方案: 邮件系统|反垃圾邮件 |安全 |移动电邮 |招标 产品评测: 邮件系统 |反垃圾邮件 |邮箱 |安全 |客户端 |