インターネット境界ルーターのテンプレート


############################
# For RTX1200 Rev.10.01.34
############################
#
# < グローバル IPv4 >
# グローバル IPv4 Network ID = [Network ID(IPv4)]
# グローバルIPv4 CIDR = [IPv4 CIDR]
# インターネット境界ルーター = [Internet-router(IPv4)]
# LAN境界ルーター = [LAN-Router(IPv4)]
# ファイアウォール = [firewall(IPv4)]
#
# < ローカルIPv4 >
# LAN IPv4 = [LAN-IP(IPv4)]
# NAPT = [NAPT]
#
# < IPv6 >
# GUA Prefix = [GUA Prefix]
# ULA Prefix = [ULA Prefix]
# DMZ サブネットID = [DMZ-Subnet]
#
# < その他 >
# syslog server = [Syslog]
# DNS1 = [DNS-1]
# DNS2 = [DNS-2]
# Domain Name = [Domain]
# ルーターパスワード = [RT-Password]
#
# < PPPoE >
# IPv4 PPPoE ID = [IPv4 PPPoE ID]
# IPv4 PPPoE Password = [IPv4 PPPoE Password]
# IPv6 PPPoE ID = [IPv6 PPPoE ID]
# IPv6 PPPoE Password = [IPv6 PPPoE Password]
#
#
############################
# default 設定の削除
no ip lan1 address
no dhcp service server
no dhcp server rfc2131 compliant except remain-silent
no dhcp scope 1
############################
login password

[RT-Password]
[RT-Password]
administrator password

[RT-Password]
[RT-Password]
console columns 200
console lines infinity
ip route default gateway pp 1
ip route [LAN-IP(IPv4)] gateway [LAN-Router(IPv4)]
ip filter source-route on
ip filter directed-broadcast on
ipv6 route [GUA Prefix]::/48 gateway fe80::2%1
ipv6 route default gateway pp 2
ipv6 route [ULA Prefix]::/48 gateway fe80::2%1
ip lan1 address [Internet-router(IPv4)][IPv4 CIDR]
ipv6 lan1 address [GUA Prefix]:[DMZ-Subnet]::1/64
ipv6 lan1 address fe80::1/10
pp select 1
pp always-on on
pppoe use lan2
pppoe auto connect on
pppoe auto disconnect off
pp auth accept pap chap
pp auth myname [IPv4 PPPoE ID] [IPv4 PPPoE Password]
ppp lcp mru on 1454
ppp ccp type none
ip pp mtu 1454
ip pp rip send off
ip pp rip receive off
ip pp secure filter name PPPoEv4
ip pp nat descriptor 1
ip pp tcp mss limit auto
pp enable 1
pp select 2
pp always-on on
pppoe use lan2
pppoe auto connect on
pppoe auto disconnect off
pp auth accept pap chap
pp auth myname [IPv6 PPPoE ID] [IPv6 PPPoE Password]
ppp ccp type none
ppp ipv6cp use on
ipv6 pp rip send off
ipv6 pp rip receive off
ipv6 pp secure filter in 1000 1010 1020 1030 1040 2000 2010 2020 3000 3010 9000 9010
ipv6 pp secure filter out 1001 1011 1021 1031 1041 2001 2011 2021 3001 3011 9001 9011
ipv6 pp dhcp service client
ipv6 pp tcp mss limit auto
pp enable 2
ip filter 10 pass * [firewall(IPv4)] *
ip filter 11 pass [firewall(IPv4)] * *
ip filter 1000 reject * * tcp * telnet,22,netbios_ns-netbios_ssn,445,514,3389
ip filter 1001 reject * * tcp telnet,22,netbios_ns-netbios_ssn,445,514,3389 *
ip filter 1010 reject * * udp * telnet,22,netbios_ns-netbios_ssn,445,syslog,3389
ip filter 1011 reject * * udp telnet,22,netbios_ns-netbios_ssn,445,syslog,3389 *
ip filter 1020 reject * * tcp netbios_ns-netbios_ssn,445,514 *
ip filter 1021 reject * * tcp * netbios_ns-netbios_ssn,445,514
ip filter 1030 reject * * udp netbios_ns-netbios_ssn,445,syslog *
ip filter 1031 reject * * udp * netbios_ns-netbios_ssn,445,syslog
ip filter 1040 reject 10.0.0.0/8,172.16.0.0/12,192.168.0.0/16,[Network ID(IPv4)][IPv4 CIDR] * *
ip filter 1041 reject * 10.0.0.0/8,172.16.0.0/12,192.168.0.0/16,[Network ID(IPv4)][IPv4 CIDR] *
ip filter 2000 pass * * icmp
ip filter 2001 pass * * icmp
ip filter 2100 pass * [LAN-IP(IPv4)],[Network ID(IPv4)][IPv4 CIDR] * * *
ip filter 2101 pass [LAN-IP(IPv4)],[Network ID(IPv4)][IPv4 CIDR] * * * *
ip filter 3000 reject * 10.0.0.0/8,172.16.0.0/12,192.168.0.0/16 *
ip filter 3001 reject 10.0.0.0/8,172.16.0.0/12,192.168.0.0/16 * *
ip filter 3010 reject 10.0.0.0/8,172.16.0.0/12,192.168.0.0/16 *
ip filter 3011 reject * 10.0.0.0/8,172.16.0.0/12,192.168.0.0/16 *
ip filter set PPPoEv4 in 10 1000 1010 1020 1030 1040 2000 2100 3000 3010
ip filter set PPPoEv4 out 11 1001 1011 1021 1031 1041 2001 2101 3001 3011
nat descriptor type 1 nat-masquerade
nat descriptor address outer 1 [Internet-router(IPv4)]
nat descriptor address inner 1 [Internet-router(IPv4)] [NAPT]
ipv6 filter 1000 reject * * tcp * telnet,22,netbios_ns-netbios_ssn,445,514,3389
ipv6 filter 1001 reject * * tcp telnet,22,netbios_ns-netbios_ssn,445,514,3389 *
ipv6 filter 1010 reject * * udp * telnet,22,netbios_ns-netbios_ssn,445,syslog,3389
ipv6 filter 1011 reject * * udp telnet,22,netbios_ns-netbios_ssn,445,syslog,3389 *
ipv6 filter 1020 reject * * tcp netbios_ns-netbios_ssn,445,514 *
ipv6 filter 1021 reject * * tcp * netbios_ns-netbios_ssn,445,514
ipv6 filter 1030 reject * * udp netbios_ns-netbios_ssn,445,syslog *
ipv6 filter 1031 reject * * udp * netbios_ns-netbios_ssn,445,syslog
ipv6 filter 1040 reject fc00::/7,ff05::/16,2001:db8::/32,[GUA Prefix]::/48 * *
ipv6 filter 1041 reject * fc00::/7,ff05::/16,2001:db8::/32,[GUA Prefix]::/48 *
ipv6 filter 2000 pass * * icmp6
ipv6 filter 2001 pass * * icmp6
ipv6 filter 2010 pass * [GUA Prefix]::/48,fe80::/10 *
ipv6 filter 2011 pass [GUA Prefix]::/48,fe80::/10 * *
ipv6 filter 2020 pass fe80::/10 * *
ipv6 filter 2021 pass * fe80::/10 *
ipv6 filter 3000 reject * fc00::/7,ff05::/16,2001:db8::/32,fec0::/10 * * *
ipv6 filter 3001 reject fc00::/7,ff05::/16,2001:db8::/32,fec0::/10 * * * *
ipv6 filter 3010 reject fc00::/7,ff05::/16,2001:db8::/32,fec0::/10 * * *
ipv6 filter 3011 reject * fc00::/7,ff05::/16,2001:db8::/32,fec0::/10 * * *
ipv6 filter 9000 pass * ff00::/8 * * *
ipv6 filter 9001 pass ff00::/8 * * * *
ipv6 filter 9010 pass ff00::/8 * * * *
ipv6 filter 9011 pass * ff00::/8 * * *
syslog host [Syslog]
syslog notice on
syslog info on
dns server [DNS-1] [DNS-2]
dns domain [Domain]
dns host none
schedule at 1 */* *:01 * ntpdate ntp.nict.jp syslog
httpd service off
httpd host none
operation http revision-up permit on

 

Copyright © MURA All rights reserved.