# ルータのログインパスワード = [ログインパスワード] # ルータの管理パスワード = [管理パスワード] # ルータのIPアドレス = [ルータ] # PPPoEの接続ID = [PPPoE ID] # PPPoEのパスワード = [PPPoEパスワード] # ドメイン名 = [ドメイン名] # グローバルアドレス空間のCIDR = [CIDR] # グローバルアドレスのネットワークID = [ネットワークID] # DNSサーバのIPアドレス = [DNSサーバ] # FTPサーバのIPアドレス = [FTPサーバ] # WebサーバのIPアドレス = [Webサーバ] # インターネットサーバのIPアドレス = [インターネットサーバ] # SMTPサーバのIPアドレス = [smtpサーバ] # IMAPサーバのIPアドレス = [imapサーバ] # POPサーバのIPアドレス = [popサーバ] # WebメールサーバのIPアドレス = [WebMailサーバ] # WebコンソールサーバのIPアドレス = [WebConsoleサーバ] # セカンダリDNSサーバのIPアドレス = [セカンダリDNSサーバ] # NTPサーバのIPアドレス = [ntpサーバ] # SYSLOGサーバのIPアドレス = [syslogサーバ] # LANアドレス空間のCIDR = [LANCIDR] # LANのネットワークID = [LANID] # LAN側ルータIPアドレス = [LANIP] # NAPT対象IPアドレス(先頭) = [NAPT-START] # NAPT対象IPアドレス(末尾) = [NAPT-END] # ドメインコントローラのIPアドレス = [DC] # # 複数のIPアドレスを指定する時はカンマで区切って記述する事が可能 # login password [ログインパスワード] [ログインパスワード] administrator password [管理パスワード] [管理パスワード] security class 1 on on console columns 200 console lines infinity ip route default gateway pp 1 ip filter source-route on ip filter directed-broadcast on ip lan1 address [ルータ]/[CIDR] ip lan1 rip send off ip lan1 rip receive off ip lan2 rip send off ip lan2 rip receive off ip lan3 address [LANIP]/[LANCIDR] ip lan3 rip send on version 1 ip lan3 rip receive on version 1 ip lan3 secure filter in 3051 3053 3055 3061 3063 3072 3082 4001 dynamic 3052 3054 3056 ip lan3 secure filter out 3062 3064 3071 3081 4001 pp select 1 pp always-on on pppoe use lan2 pppoe auto connect on pp auth accept pap chap pp auth myname [PPPoE ID] [PPPoEパスワード] ppp lcp mru on 1454 ppp ccp type none ip pp mtu 1454 ip pp secure filter in 1 2 201 202 203 1001 1011 1021 1031 1041 1051 1061 1071 1074 1081 1091 2011 3032 ip pp secure filter out 1 2 101 103 105 201 202 1002 1012 1022 1042 1052 1062 1072 1073 1082 1092 2012 3001 3011 3021 3031 3041 dynamic 102 104 106 3003 3012 3014 3023 ip pp nat descriptor 1 pp enable 1 ip filter 1 reject-nolog * * tcp,udp * 69,135,137-139,445 ip filter 2 reject-nolog * * tcp,udp 69,135,137-139,445 * ip filter 101 pass [LANID]/[LANCIDR] * tcp * 21 ip filter dynamic 102 [LANID]/[LANCIDR] * ftp syslog=off ip filter 103 pass [LANID]/[LANCIDR] * tcp * * ip filter dynamic 104 [LANID]/[LANCIDR] * tcp syslog=off ip filter 105 pass [LANID]/[LANCIDR] * udp * * ip filter dynamic 106 [LANID]/[LANCIDR] * udp syslog=off ip filter 201 reject 10.0.0.0/8,172.16.0.0/12,192.168.0.0/16,127.0.0.0/24 * * * * ip filter 202 reject * 10.0.0.0/8,172.16.0.0/12,192.168.0.0/16,127.0.0.0/24 * * * ip filter 203 reject [ネットワークID]/[CIDR] * * * * ip filter 1001 pass * [DNSサーバ] udp * 53 ip filter 1002 pass [DNSサーバ] * udp 53 * ip filter 1011 pass * [FTPサーバ] tcp * 20,21 ip filter 1012 pass [FTPサーバ] * tcp 20,21 * ip filter 1021 pass * [Webサーバ] tcp * 80,443 ip filter 1022 pass [Webサーバ] * tcp 80,443 * ip filter 1031 pass * [インターネットサーバ] icmp-error * * ip filter 1041 pass * [smtpサーバ] tcp * 113 ip filter 1042 pass [smtpサーバ] * tcp 113 * ip filter 1051 pass * [imapサーバ] tcp * 143 ip filter 1052 pass [imapサーバ] * tcp 143 * ip filter 1061 pass * [popサーバ] tcp * 110 ip filter 1062 pass [popサーバ] * tcp 110 * ip filter 1071 pass * [smtpサーバ] tcp * 25 ip filter 1072 pass [smtpサーバ] * tcp 25 * ip filter 1073 pass [smtpサーバ] * tcp * 25 ip filter 1074 pass * [smtpサーバ] tcp 25 * ip filter 1081 pass * [WebMailサーバ] tcp * 8383 ip filter 1082 pass [WebMailサーバ] * tcp 8383 * ip filter 1091 pass * [WebConsoleサーバ] tcp * 8181 ip filter 1092 pass [WebConsoleサーバ] * tcp 8181 * ip filter 2011 pass [セカンダリDNSサーバ] [DNSサーバ] tcp * 53 ip filter 2012 pass [DNSサーバ] [セカンダリDNSサーバ] tcp 53 * ip filter 3001 pass [インターネットサーバ] * udp,tcp * 53 ip filter 3002 pass * * tcp,udp * 53 ip filter dynamic 3003 [インターネットサーバ] * filter 3002 syslog=off ip filter 3011 pass [インターネットサーバ] * tcp * 80,443 ip filter dynamic 3012 [インターネットサーバ] * www ip filter 3013 pass * * tcp * 443 ip filter dynamic 3014 [インターネットサーバ] * filter 3013 ip filter 3021 pass [ntpサーバ] * udp * 123 ip filter 3022 pass * * udp * 123 ip filter dynamic 3023 [ntpサーバ] * filter 3022 syslog=off ip filter 3031 pass [ルータ] * icmp ip filter 3032 pass * [ルータ] icmp ip filter 3041 pass [ルータ] * udp 32768- 33435- ip filter 3051 pass [LANID]/[LANCIDR] * tcp * 21 ip filter dynamic 3052 [LANID]/[LANCIDR] * ftp syslog=off ip filter 3053 pass [LANID]/[LANCIDR] * tcp * * ip filter dynamic 3054 [LANID]/[LANCIDR] * tcp syslog=off ip filter 3055 pass [LANID]/[LANCIDR] * udp * * ip filter dynamic 3056 [LANID]/[LANCIDR] * udp syslog=off ip filter 3061 pass * * udp * 520 ip filter 3062 pass * * udp 520 * ip filter 3063 pass * * udp 520 * ip filter 3064 pass * * udp * 520 ip filter 3071 pass [Webサーバ] [DC] udp,tcp * 53,88,123,135,389,445,1025 ip filter 3072 pass [DC] [Webサーバ] udp,tcp 53,88,123,135,389,445,1025 * ip filter 3081 pass [Webサーバ] [DC] icmp ip filter 3082 pass [DC] [Webサーバ] icmp ip filter 4001 reject-nolog * * udp * 67,68 nat descriptor type 1 masquerade nat descriptor address outer 1 [ルータ] nat descriptor address inner 1 [ルータ] [NAPT-START]-[NAPT-END] syslog host [syslogサーバ] syslog notice on tftp host none dns server [DNSサーバ] dns domain [ドメイン名] dns syslog resolv on schedule at 1 */* *:00 * ntpdate [ntpサーバ] syslog pptp service off save #---- # Copyright (C)2005 MURA All rights reserved.