# RTA54i Rev.4.05.06 (beta version) (Thu May 9 12:00:08 2002) # MAC Address : xx:xx:xx:xx:xx:xx, xx:xx:xx:xx:xx:xx # Memory 8Mbytes, 2LAN, 1BRI login password * administrator password * ip filter 100000 reject * * udp,tcp 135 * ip filter comment 100000 "Windows: DCE RPC" ip filter 100001 reject * * udp,tcp * 135 ip filter comment 100001 "Windows: DCE RPC" ip filter 100002 reject-nolog * * udp,tcp netbios_ns-netbios_dgm * ip filter comment 100002 "Windows: NetBIOS (NS,Datagram)" ip filter 100003 reject-nolog * * udp,tcp * netbios_ns-netbios_dgm ip filter comment 100003 "Windows: NetBIOS (NS,Datagram)" ip filter 100004 reject * * udp,tcp netbios_ssn * ip filter comment 100004 "Windows: NetBIOS (SSN)" ip filter 100005 reject * * udp,tcp * netbios_ssn ip filter comment 100005 "Windows: NetBIOS (SSN)" ip filter 100006 reject * * udp,tcp 445 * ip filter comment 100006 "Windows: Direct Hosting SMB" ip filter 100007 reject * * udp,tcp * 445 ip filter comment 100007 "Windows: Direct Hosting SMB" ip filter 100008 reject * * tcp,udp at_rtmp-at_8 * ip filter comment 100008 MAC ip filter 100009 reject * * tcp,udp * at_rtmp-at_8 ip filter 100099 pass * * * * * ip filter comment 100099 "pass all" ip filter 200000 reject 10.0.0.0/8 * * * * ip filter comment 200000 "Ingress/in: Private A" ip filter 200001 reject 172.16.0.0/12 * * * * ip filter comment 200001 "Ingress/in: Private B" ip filter 200002 reject 192.168.0.0/16 * * * * ip filter comment 200002 "Ingress/in: Private C" ip filter 200003 reject 10.0.0.0/24 * * * * ip filter comment 200003 "Ingress/in: LAN1 Primary" ip filter 200010 reject * 10.0.0.0/8 * * * ip filter comment 200010 "Ingress/out: Private A" ip filter 200011 reject * 172.16.0.0/12 * * * ip filter comment 200011 "Ingress/out: Private B" ip filter 200012 reject * 192.168.0.0/16 * * * ip filter comment 200012 "Ingress/out: Private C" ip filter 200013 reject * 10.0.0.0/24 * * * ip filter comment 200013 "Ingress/out: LAN1 Primary" ip filter 200020 reject * * udp,tcp 135 * ip filter comment 200020 "Windows: DCE RPC" ip filter 200021 reject * * udp,tcp * 135 ip filter comment 200021 "Windows: DCE RPC" ip filter 200022 reject * * udp,tcp netbios_ns-netbios_ssn * ip filter comment 200022 "Windows: NetBIOS" ip filter 200023 reject * * udp,tcp * netbios_ns-netbios_ssn ip filter comment 200023 "Windows: NetBIOS" ip filter 200024 reject * * udp,tcp 445 * ip filter comment 200024 "Windows: Direct Hosting SMB" ip filter 200025 reject * * udp,tcp * 445 ip filter comment 200025 "Windows: Direct Hosting SMB" ip filter 200030 pass-log * 10.0.0.0/24 icmp * * ip filter comment 200030 "LAN1 Primary/in: ICMP (ping,traceroute,...)" ip filter 200031 pass * 10.0.0.0/24 established * * ip filter comment 200031 "LAN1 Primary/in: TCP Connection (established)" ip filter 200032 pass-log * 10.0.0.0/24 tcp * ident ip filter comment 200032 "LAN1 Primary/in: ident for SMTP,... (e-mail)" ip filter 200033 pass * 10.0.0.0/24 tcp ftpdata * ip filter comment 200033 "LAN1 Primary/in: ftp client (PORT)" ip filter 200034 pass-log * 10.0.0.0/24 tcp,udp * domain ip filter comment 200034 "LAN1 Primary/in: dns server" ip filter 200035 pass * 10.0.0.0/24 udp domain * ip filter comment 200035 "LAN1 Primary/in: dns resolv" ip filter 200036 pass-log * 10.0.0.0/24 udp * ntp ip filter comment 200036 "LAN1 Primary/in: NTP server" ip filter 200037 pass * 10.0.0.0/24 udp ntp * ip filter comment 200037 "LAN1 Primary/in: NTP client" ip filter 200038 reject * * tcp,udp at_rtmp-at_8 * ip filter 200039 reject * * tcp,udp * at_rtmp-at_8 ip filter 200080 pass * 10.0.0.100 tcp * www ip filter 200081 pass * 10.0.0.100 udp * domain ip filter 200083 pass * 10.0.0.100 tcp * smtp ip filter 200084 pass * 10.0.0.100 tcp * pop3 ip filter 200085 pass-log * 10.0.0.100 tcp * domain ip filter 200099 pass * * * * * ip filter comment 200099 "pass all" ip filter 500000 restrict * * * * * ip filter dynamic 200080 * * ftp ip filter dynamic comment 200080 "FTP connection (tcp)" ip filter dynamic 200081 * * domain ip filter dynamic comment 200081 "DNS resolv,... (tcp,udp)" ip filter dynamic 200082 * * www ip filter dynamic comment 200082 "WWW Browser,... (tcp)" ip filter dynamic 200083 * * smtp ip filter dynamic comment 200083 "SMTP connection (tcp)" ip filter dynamic 200084 * * pop3 ip filter dynamic comment 200084 "POP3 connection (tcp)" ip filter dynamic 200098 * * tcp ip filter dynamic comment 200098 "TCP Connection" ip filter dynamic 200099 * * udp ip filter dynamic comment 200099 "UDP Connection" ip filter source-route on ip filter directed-broadcast on ip lan1 address 10.0.0.8/24 ip lan1 routing protocol none ip lan1 rip listen none ip lan1 secure filter in 100000 100001 100002 100003 100004 100005 100006 100007 100008 100009 100099 ip lan2 routing protocol none ip lan2 rip listen none ip route default gateway pp 1 filter 500000 gateway pp 1 nat descriptor type 1000 masquerade nat descriptor masquerade incoming 1000 through ログにのこす為にnatに該当しないパケットを通す設定を入れた nat descriptor masquerade static 1000 1 10.0.0.100 tcp www nat descriptor masquerade static 1000 2 10.0.0.100 udp domain nat descriptor masquerade static 1000 3 10.0.0.100 tcp 22 nat descriptor masquerade static 1000 4 10.0.0.100 tcp smtp nat descriptor masquerade static 1000 5 10.0.0.100 tcp pop3 nat descriptor masquerade static 1000 6 10.0.0.100 tcp domain nat descriptor masquerade static 1000 7 10.0.0.100 icmp * pingに反応する為に入れたがpingがうるさいのでフィルタでカットしてある provider type isdn-terminal provider filter routing connection provider lan1 name LAN: provider lan2 name PPPoE: provider ntpdate xxx.xxx.xxx.xxx pp select 1 pp name PRV/1/1/4:WAKWAK pppoe use lan2 pppoe auto disconnect off pppoe disconnect time 60 ip pp secure filter in 200000 200001 200002 200003 200020 200021 200022 200023 200024 200025 200030 200031 200032 200033 200035 200037 200038 200039 200080 200081 200082 200083 200084 200085 ip pp secure filter out 200010 200011 200012 200013 200020 200021 200022 200023 200024 200025 200038 200039 200099 ip pp nat descriptor 1000 pp auth accept pap chap pp auth myname xxxxxxxxxxxxxxx yyyyyyy ppp lcp mru on 1454 ppp ipcp ipaddress on ppp ipcp msext on ppp ccp type none pp enable 1 provider set on 1 WAKWAK-1P provider dns server pp 1 1 provider select 1 syslog host 10.0.0.100 syslog notice on httpd frame use on 1 telnetd host lan dhcp service server dhcp server rfc2131 compliant except remain-silent dhcp scope 1 10.0.x.x-10.0.x.x/24 dns server pp 1 dns server select 500001 pp 1 any . restrict pp 1 dns private address spoof on schedule at */* 01:44 * ntpdate xxx.xxx.xxx.xxx analog supplementary-service pseudo call-waiting analog extension dial prefix line analog extension dial prefix sip 9# alarm connection data off alarm intrusion off