Web application, infrastructure, system design.
IX2015設定ファイルダンプ
IX2015の設定ファイルコピペ。
設定の方向性:
- NAPT環境
- 不要なパケットは外に出さない
- LANからのみtelnet接続可能
! NEC Portable Internetwork Core Operating System Software ! IX Series IX2010 (magellan-sec) Software, Version 8.3.44, RELEASE SOFTWARE ! Compiled Oct 20-Tue-2009 13:28:55 JST #1 ! Current time Jan 05-Tue-2010 14:53:33 JST ! ! timezone +09 00 ! ! ! ! ! ! ntp ip enable ntp server 133.27.4.121 ntp server 210.173.160.27 ntp retry 3 ntp interval 3600 ! ! ! ! ! ip dhcp enable ip access-list all-pass permit ip src any dest any ip access-list mynetwork permit ip src 192.168.0.0/24 dest any ip access-list specialuse deny ip src 10.0.0.0/8 dest any ip access-list specialuse deny ip src 172.16.0.0/12 dest any ip access-list specialuse deny ip src 192.168.0.0/16 dest any ip access-list specialuse deny ip src 127.0.0.0/8 dest any ip access-list specialuse deny ip src 169.254.0.0/16 dest any ip access-list specialuse deny ip src 192.0.2.0/24 dest any ip access-list specialuse deny ip src 224.0.0.0/3 dest any ip access-list specialuse deny ip src 198.18.0.0/15 dest any ip access-list strict-block deny tcp src any sport any dest any dport eq 137 ip access-list strict-block deny udp src any sport any dest any dport eq 137 ip access-list strict-block deny udp src any sport any dest any dport eq 138 ip access-list strict-block deny tcp src any sport any dest any dport eq 139 ip access-list strict-block deny tcp src any sport any dest any dport eq 445 ip access-list strict-block deny udp src any sport any dest any dport eq 445 ip access-list weak-block deny tcp src any sport any dest any dport eq 1 ip access-list weak-block deny udp src any sport any dest any dport eq 1 ip access-list weak-block deny tcp src any sport any dest any dport eq 11 ip access-list weak-block deny udp src any sport any dest any dport eq 11 ip access-list weak-block deny tcp src any sport any dest any dport eq 15 ip access-list weak-block deny udp src any sport any dest any dport eq 15 ip access-list weak-block deny tcp src any sport any dest any dport eq 67 ip access-list weak-block deny tcp src any sport any dest any dport eq 68 ip access-list weak-block deny tcp src any sport any dest any dport eq 70 ip access-list weak-block deny udp src any sport any dest any dport eq 70 ip access-list weak-block deny tcp src any sport any dest any dport eq 79 ip access-list weak-block deny udp src any sport any dest any dport eq 79 ip access-list weak-block deny tcp src any sport any dest any dport eq 87 ip access-list weak-block deny udp src any sport any dest any dport eq 87 ip access-list weak-block deny tcp src any sport any dest any dport eq 95 ip access-list weak-block deny udp src any sport any dest any dport eq 95 ip access-list weak-block deny tcp src any sport any dest any dport eq 111 ip access-list weak-block deny udp src any sport any dest any dport eq 111 ip access-list weak-block deny tcp src any sport any dest any dport eq 135 ip access-list weak-block deny udp src any sport any dest any dport eq 135 ip access-list weak-block deny tcp src any sport any dest any dport eq 144 ip access-list weak-block deny udp src any sport any dest any dport eq 144 ip access-list weak-block deny tcp src any sport any dest any dport eq 161 ip access-list weak-block deny udp src any sport any dest any dport eq 161 ip access-list weak-block deny tcp src any sport any dest any dport eq 162 ip access-list weak-block deny udp src any sport any dest any dport eq 162 ip access-list weak-block deny tcp src any sport any dest any dport eq 177 ip access-list weak-block deny udp src any sport any dest any dport eq 177 ip access-list weak-block deny tcp src any sport any dest any dport eq 220 ip access-list weak-block deny udp src any sport any dest any dport eq 220 ip access-list weak-block deny tcp src any sport any dest any dport eq 445 ip access-list weak-block deny udp src any sport any dest any dport eq 445 ip access-list weak-block deny tcp src any sport any dest any dport eq 512 ip access-list weak-block deny udp src any sport any dest any dport eq 512 ip access-list weak-block deny tcp src any sport any dest any dport eq 513 ip access-list weak-block deny udp src any sport any dest any dport eq 513 ip access-list weak-block deny tcp src any sport any dest any dport eq 514 ip access-list weak-block deny udp src any sport any dest any dport eq 514 ip access-list weak-block deny tcp src any sport any dest any dport eq 515 ip access-list weak-block deny udp src any sport any dest any dport eq 515 ip access-list weak-block deny tcp src any sport any dest any dport eq 517 ip access-list weak-block deny udp src any sport any dest any dport eq 517 ip access-list weak-block deny tcp src any sport any dest any dport eq 518 ip access-list weak-block deny udp src any sport any dest any dport eq 518 ip access-list weak-block deny tcp src any sport any dest any dport eq 520 ip access-list weak-block deny udp src any sport any dest any dport eq 520 ip access-list weak-block deny tcp src any sport any dest any dport eq 540 ip access-list weak-block deny udp src any sport any dest any dport eq 540 ip access-list weak-block deny tcp src any sport any dest any dport eq 1025 ip access-list weak-block deny udp src any sport any dest any dport eq 1025 ip access-list weak-block deny tcp src any sport any dest any dport eq 2000 ip access-list weak-block deny udp src any sport any dest any dport eq 2000 ip access-list weak-block deny tcp src any sport any dest any dport eq 2049 ip access-list weak-block deny udp src any sport any dest any dport eq 2049 ip access-list weak-block deny tcp src any sport any dest any dport eq 2766 ip access-list weak-block deny udp src any sport any dest any dport eq 2766 ip access-list weak-block deny tcp src any sport any dest any dport range 6000 6063 ip access-list weak-block deny udp src any sport any dest any dport range 6000 6063 ip access-list weak-block deny tcp src any sport any dest any dport eq 12345 ip access-list weak-block deny udp src any sport any dest any dport eq 12345 ip filter forced-reassembly ! ! ! ! ! ! ! dns cache enable ! proxy-dns ip enable proxy-dns server 8.8.8.8 priority 200 proxy-dns server 8.8.4.4 proxy-dns ipv6 enable ! telnet-server ip enable telnet-server ip access-list mynetwork ! ! ! ! ! ! ! ! ! ip dhcp profile lan assignable-range 192.168.0.100 192.168.0.254 subnet-mask 255.255.255.0 dns-server 192.168.0.1 ! device FastEthernet0/0 ! device FastEthernet0/1 ! device FastEthernet1/0 ! device BRI1/0 isdn switch-type hsd128k ! interface FastEthernet0/0.0 ip address 192.168.0.1/24 ip dhcp binding lan ipv6 address autoconfig no shutdown ! interface FastEthernet0/1.0 ip address dhcp receive-default ip napt enable ip filter strict-block 1 in ip filter weak-block 100 in ip filter specialuse 101 in ip filter all-pass 65000 in ip filter strict-block 1 out ip filter mynetwork 50 out ip filter weak-block 100 out ip filter specialuse 101 out ip filter all-pass 65000 out ipv6 address autoconfig no shutdown ! interface FastEthernet1/0.0 no ip address shutdown ! interface BRI1/0.0 encapsulation ppp no auto-connect no ip address shutdown ! interface Loopback0.0 no ip address ! interface Null0.0 no ip address
| 印刷 | この記事は Yuki Matsukura によって 2010/1/5 火曜日 3:43 PM に投稿されました, IX2015 以下に保存されています。 RSS 2.0 を通してコメントをフォローする。 You can leave a response or trackback from your own site. |
コメント無し
トラックバックはありません。
IX2015設定メモ
約 2 ヶ月前 - 2 comments
主要コマンドのメモ
時間の設定
Router(config)# timezone 9
Router(config)# ntp retry 3
Router(config)# ntp interval 3600
Rout More >
NEC IX2015 初期設定
約 2 ヶ月前 - 2 comments
背景
会社で使っているLinksysのルータが調子悪くて、1日に数回ハングアップするようになった。そこで、2chで評判がいいIX2015をヤフオクで買った。標準価格:120,750円(税込)の製品が5000円以下。
この More >
NECルータ自動再起動
約 4 ヶ月前 - コメント無し
すぐハングアップするルータの対処方法を書きます。
こちらの続きです。http://matsu.tymy.net/blog/2009/09/10/atermbr-745f68/
1,2日に1回NATテーブルがオーバーフ More >
AtermBR-745F68
約 6 ヶ月前 - 1 comment
FiberbitでレンタルしているAtermBRとかいうルータがここ1ヶ月ぐらい調子が悪かった。
ルータを取り替えても、サポートに3回ぐらい電話しても原因が判明せず。。。「PCが悪い!」とか言われたりもした。
結局は、こ More >