路由器典型防火墙设置

作者: 出处:Cisco.com　 ( ) 砖 ( ) 好评论 ( ) 条　进入论坛

更新时间：2006-07-04 16:14
关键词：Cisco配置实例
阅读提示：

 show running-config                               
version 11.2                                                     
service timestamps debug datetime msec 
service timestamps log datetime msec     
service password-encryption                       
no service udp-small-servers                     
no service tcp-small-servers                     
!                                                                           
hostname fw-rtr                                               
!                                                                           
enable password cisco                                   
!                                                                           
username admin password cisco                   
username chw10.Sydney password cisco     
no ip source-route                                         
ip nat pool inside-p
ool 203.1.1.2 203.1.1.254 ne
tmask 255.255.255.0 

ip nat inside source
list 99 pool inside-pool 
ip domain-list domain.com                           
ip domain-name domain.com                           
ip name-server 192.168.1.1                         
ip inspect name internet smtp                   
ip inspect name inte
rnet http java-list 42 timeo
ut 60 
ip inspect name internet ftp                     
ip inspect name internet tcp                     
ip inspect name internet udp                     
ip inspect name internet realaudio         
ip inspect name internet h323                   
ip inspect name internet cuseeme             
isdn switch-type basic-net3                       
clock timezone AEST 10                                 
!                                                                           
interface Loopback0                                       
ip address 203.1.1.1 255.255.255.0         
!                                                                           
interface Ethernet0                                       
ip address 192.168.1.253 255.255.255.0 
ip nat inside                                                   
ip route-cache same-interface                   
!                                                                           
interface BRI0                                                 
no ip address                                                   
encapsulation ppp                                           
dialer pool-member 1                                     
no fair-queue                                                   
ppp authentication chap callin                 
ppp multilink                                                   
!                                                                           
interface Dialer0                                           
description BigPond Dialup Link               
ip address 139.130.98.32 255.255.254.0 
ip access-group 169 in                                 
ip access-group 158 out                               
no ip unreachables                                         
no ip directed-broadcast                             
no ip proxy-arp                                               
ip nat outside                                                 
ip inspect internet out                               
encapsulation ppp                                           
dialer remote-name chw10.Sydney               
dialer idle-timeout 999999                         
dialer string 84486000                                 
dialer load-threshold 1 either                 
dialer pool 1                                                   
dialer-group 1                                                 
no fair-queue                                                   
no cdp enable                                                   
ppp chap hostname anixte0                           
ppp multilink                                                   
!                                                                           
ip classless                                                     
ip route 0.0.0.0 0.0.0.0 139.130.98.1   
ip route 192.168.0.0 255.255.0.0
192.168.1.254 
ip http server                                                 
ip http access-class 1                                 
logging buffered 16000 debugging             
logging 192.168.1.1                                       
access-list 1 permit 192.168.1.0
0.0.0.255 
access-list 2 deny any                                 
access-list 42 permit any                           

access-list 99 permi
t 192.168.0.0 0.0.255.255 
access-list 101 deny udp any any
eq rip 
access-list 101 permit icmp any any       
access-list 101 permit ip any any           
access-list 158 permit icmp any any       
access-list 158 permit udp any any         
access-list 158 permit tcp any any         

access-list 158 deny
ip any any log-input 
access-list 159 permit icmp any any       
access-list 159 permit ip any any           

access-list 159 perm
it tcp any any eq smtp 

access-list 159 perm
it tcp any any eq www 
access-list 159 permit tcp any a
ny eq telnet 
access-list 159 permit tcp any a
ny eq ftp 

access-list 159 perm
it tcp any any eq ftp-data 

access-list 159 perm
it tcp any any eq domain 
access-list 159 permit udp any a
ny eq domain 

access-list 159 perm
it tcp any any eq 554 

access-list 159 perm
it tcp any any eq 7070 
access-list 159 deny ip any any 
log-input 
access-list 169 permit icmp any any       

access-list 169 perm
it tcp any any eq smtp 
access-list 169 permit tcp any a
ny eq www 

access-list 169 perm
it tcp any any eq ftp 

access-list 169 perm
it tcp any any eq domain 
access-list 169 permit udp any a
ny eq domain 

access-list 169 deny
ip any any log-input 
access-list 181 permit tcp any a
ny eq www 
access-list 181 permit tcp any e
q www any 

access-list 182 perm
it tcp any any eq ftp-data 

access-list 182 perm
it tcp any eq ftp-data any 
snmp-server community public RO 1           
snmp-server community private RW 1         
snmp-server trap-source Ethernet0           
snmp-server contact Keith Sinclair         
snmp-server host 192.168.1.1 public       
dialer-list 1 protocol ip permit             
dialer-list 2 protocol ip list 101         
banner motd #                                                   
********************************
************************************* 
* *                                                                       
* Firewall Router. RESTRICTED ACCESS * 
* *                                                                       
* No Unauthorised Access. *                       
* *                                                                       
* No Hackers, Phreaks, Crackers 
or so called security * 
* experts allowed! *                                     
* *                                                                       
* Contact(s): http://www.net130.com *   
* *                                                                       
********************
****************************
********************* 
#                                                                           
!                                                                           
line con 0                                                         
login local                                                       
line vty 0 4                                                     
access-class 1 in                                           
access-class 2 out                                         
exec-timeout 15 0                                           
login local                                                       
!                                                                           
end                                                                       

show version                                                     

Cisco Internetwork O
perating System Software 
IOS (tm) 1600 Softwa
re (C1600-OY-L), Version 11.
2(17)P, RELEASE SOFTWARE (fc1)

Copyright (c) 1986-1
999 by cisco Systems, Inc. 
Compiled Tue 12-Jan-99 14:25 by pwade   
Image text-base: 0x0
801FC84, data-base: 0x020050
00 

ROM: System Bootstrap, Version 1
(fc 
1.1(10)AA, EARLY DEPLOYMENT RELEASE SOFTWARE 
1)                                                                         
ROM: 1600 Software (
RELEASE 
C1600-BOOT-R), Version 11.1(
10)AA, EARLY DEPLOYMENT 
SOFTWARE (fc1)                                                 

fw-rtr uptime is 4 w
eeks, 5 hours, 47 minutes 
System restarted by reload                         
System image file is "flash:c160
0-oy-l_112-17_P.bin", booted via flash

cisco 1603 (68360) p
rocessor (revision C) with 3
584K/512K bytes of memory. 
Processor board ID 07064947, wit
h hardware revision 00000000 
Bridging software.                                         
X.25 software, Versi
on 2.0, NET2, BFE and GOSIP 
compliant. 
Basic Rate ISDN software, Version 1.0. 
1 Ethernet/IEEE 802.3 interface(s)         
1 ISDN Basic Rate interface(s)                 
System/IO memory with parity disabled   
2048K bytes of DRAM 
onboard 2048K bytes of DRAM 
on SIMM 
System running from FLASH                           
8K bytes of non-volatile configu
ration memory. 
4096K bytes of proce
ssor board PCMCIA flash (Rea
d ONLY) 

Configuration register is 0x2102

（责任编辑：城尘 68476636-8003）

滚动新闻　术语词典　问题悬赏

发表

共条查看

评价

叫个好

拍一砖

我也说两句

中国领先的 IT 技术网站 ·
技术成就梦想

·教你使用Anti ARP Sniffer查找ARP..
·网络嗅探教程：使用Sniffer Pro监..

· 教你使用Anti ARP Snif..
· 网络嗅探教程：使用Sni..
· 时代亿信企业级信息安..
· ISA Server、虚拟机、..
· Windows年底再现图片漏..
· MBSA本地审核策略建议

· 企业局域网安全访问控..
· 常见病毒手工清除方法..
· 网络技术经典基础教程
· CISCO配置实例学习
· 如何破解加密的压缩文件
· 东方标准－病毒防护技..

排行榜

·ARP攻击防范与解决方案 (查看73331次)
·ARP病毒攻击技术分析与防御 (查看30317次)
·远程控制软件VNC教程和对内网机.. (查看27782次)
·江民“熊猫烧香”专杀工具 (查看27405次)
·ARP病毒解决办法 (查看23334次)

·ARP攻击防范与解决方案 (529个砖)
·51CTO安全专访：信息安全的基石—安全操作系统 (443个砖)
·51CTO调查：七成技术人员不相信“可杀未知病毒” (431个砖)
·病毒查杀专题 (168个砖)
·51CTO专访：优秀杀毒产品应该具备的特征 (163个砖)

·清除流氓软件——51CTO特别专题 (701个好)
·ARP攻击防范与解决方案 (498个好)
·51CTO调查：七成技术人员不相信“可杀未知病毒” (483个好)
·51CTO安全专访：信息安全的基石—安全操作系统 (460个好)
·深入了解PGP加密技术 (182个好)

·网络技术经典基础教程 (09月)
·CISSP认证成长之路 (09月)
·国内安全厂商新排名出炉谁是你心中的第一 (08月)
·垃圾邮件新对策：远程定制托管服务 (08月)
·冷眼旁观2007年半年安全报告 (07月)

·国庆充电之IT培训认证
·51CTO主编推荐经典专题

· 51CTO“十·一”特别专..
· 对应需求如何选择最合..
· SPEC：AMD四核浮点性能..
· FB-DIMM、RDDR3谁是服..
· Avaya股东批准私募基金..
· 未来游戏设计将要面临..
· 微软发布全新FTP7.0
· 网络嗅探教程：用Sniff..

· 能够改变IT格局的五大..
· 微软统一沟通系列视频..
· 专家教你理解ARP欺骗攻..
· 微软屈从用户PC厂商压..
· 企业如何对付DDoS攻击 ..
· 思科称三年后网真系统..
· 北京歌华出现网络故障 ..
· 苹果与黑客大斗法破解..

订阅技术快讯

电子杂志下载

名称：网络安全精品应用黄皮书
简介：《2007精品网络安全黄皮书》包括了9个大类24个小类， 800余篇文章，内容包含了熊猫烧香病毒、DDOS攻击、ARP病等热点问题的介绍及解决方案。从病毒查杀、防范、系统、数据等各方面的安全设置到黑客技术的了解、防范，涉及到了安全应用的全部领域, 由浅至深内容全面。

名称：Vista精品应用黄皮书
简介：《Vista精品应用黄皮书》囊括了Vista的各方面内容。此次的精简版，是将里面的内容做了提取，便于用户下载和使用。内容包含了各种Vista的安装与实施、技巧与解析以及各种Vista相关学习文档和相关软件的安全下载。该电子书是了解和应用Vista人员必备的工具手册，并且也是第一本

名称：2006中国IT论坛精品集合
简介：本书由“51CTO论坛推广联盟”制作完成。书中所有内容均来自各联盟成员的论坛（网站）。制作本书的目的是为了集中大家的优势资源，将更多更精彩的内容带给广大技术爱好者。本书是联盟成立以来制作的第一本书。

专题

最多好

最多砖

DB2 9技术资源中.. 推荐阅读
·DB2 Viper快速入门 ·DB2 9数据库的镜像分割与..	·将XML应用程序从DB2 8.x.. ·DB2 9中的pureXML：如何..
51CTO.com编辑部.. 推荐阅读
·服务器中的“傻瓜机”在.. ·盖茨也喜欢登录Youtube看..	· ·

张振伦的博客
·拯救系统管理员 ·美国选民：我为什么选布什	·VMware公司中文命名挑战赛 ·我们真缺乏创新吗?
梁林的博客
·J0ker的CISSP之路：复习-.. ·J0ker的CISSP之路:复习-I..	·9月第3周安全回顾内网安.. ·教你几招识别和防御Web网..

组网建网	安全频道
· NGN:下一代网络 · 网络访问中断大排查 · FTTx光纤接入	· 教你使用Anti ARP Sniff.. · 网络嗅探教程：使用Snif.. · 常见病毒手工清除方法大..
编程频道	前沿技术
· C++是垃圾语言？！ · 2007年IT界七大抄袭事件 · Java实用开发全集	· 解析Ajax开发框架走进A.. · 基于Google Maps与Ajax.. · 基于Google Maps与Ajax..
操作系统	服务器
· 热门 IT 培训认证官方资.. · Ubuntu 中文开源频道 · Solaris基础知识入门	· 费力不讨好数据中心主.. · AMD Phenom三核处理器解.. · 51CTO主编推荐经典专题
数据库	存储频道
· 甲骨文Oracle 11g正式发.. · Oracle数据库开发之PL/S.. · Oracle数据库开发基础教..	· 存储2006，一个并购的大.. · IDC宣布浪潮蝉联存储市.. · 双机热备技术