RTA54iの設定

   # RTA54i Rev.4.05.06 (beta version) (Thu May 9 12:00:08 2002)
   # MAC Address : xx:xx:xx:xx:xx:xx, xx:xx:xx:xx:xx:xx
   # Memory 8Mbytes, 2LAN, 1BRI
   login password *
   administrator password *
   ip filter 100000 reject * * udp,tcp 135 *
   ip filter comment 100000 "Windows: DCE RPC"
   ip filter 100001 reject * * udp,tcp * 135
   ip filter comment 100001 "Windows: DCE RPC"
   ip filter 100002 reject-nolog * * udp,tcp netbios_ns-netbios_dgm *
   ip filter comment 100002 "Windows: NetBIOS (NS,Datagram)"
   ip filter 100003 reject-nolog * * udp,tcp * netbios_ns-netbios_dgm
   ip filter comment 100003 "Windows: NetBIOS (NS,Datagram)"
   ip filter 100004 reject * * udp,tcp netbios_ssn *
   ip filter comment 100004 "Windows: NetBIOS (SSN)"
   ip filter 100005 reject * * udp,tcp * netbios_ssn
   ip filter comment 100005 "Windows: NetBIOS (SSN)"
   ip filter 100006 reject * * udp,tcp 445 *
   ip filter comment 100006 "Windows: Direct Hosting SMB"
   ip filter 100007 reject * * udp,tcp * 445
   ip filter comment 100007 "Windows: Direct Hosting SMB"
   ip filter 100008 reject * * tcp,udp at_rtmp-at_8 *
   ip filter comment 100008 MAC
   ip filter 100009 reject * * tcp,udp * at_rtmp-at_8
   ip filter 100099 pass * * * * *
   ip filter comment 100099 "pass all"
   ip filter 200000 reject 10.0.0.0/8 * * * *
   ip filter comment 200000 "Ingress/in: Private A"
   ip filter 200001 reject 172.16.0.0/12 * * * *
   ip filter comment 200001 "Ingress/in: Private B"
   ip filter 200002 reject 192.168.0.0/16 * * * *
   ip filter comment 200002 "Ingress/in: Private C"
   ip filter 200003 reject 10.0.0.0/24 * * * *
   ip filter comment 200003 "Ingress/in: LAN1 Primary"
   ip filter 200010 reject * 10.0.0.0/8 * * *
   ip filter comment 200010 "Ingress/out: Private A"
   ip filter 200011 reject * 172.16.0.0/12 * * *
   ip filter comment 200011 "Ingress/out: Private B"
   ip filter 200012 reject * 192.168.0.0/16 * * *
   ip filter comment 200012 "Ingress/out: Private C"
   ip filter 200013 reject * 10.0.0.0/24 * * *
   ip filter comment 200013 "Ingress/out: LAN1 Primary"
   ip filter 200020 reject * * udp,tcp 135 *
   ip filter comment 200020 "Windows: DCE RPC"
   ip filter 200021 reject * * udp,tcp * 135
   ip filter comment 200021 "Windows: DCE RPC"
   ip filter 200022 reject * * udp,tcp netbios_ns-netbios_ssn *
   ip filter comment 200022 "Windows: NetBIOS"
   ip filter 200023 reject * * udp,tcp * netbios_ns-netbios_ssn
   ip filter comment 200023 "Windows: NetBIOS"
   ip filter 200024 reject * * udp,tcp 445 *
   ip filter comment 200024 "Windows: Direct Hosting SMB"
   ip filter 200025 reject * * udp,tcp * 445
   ip filter comment 200025 "Windows: Direct Hosting SMB"
   ip filter 200030 pass-log * 10.0.0.0/24 icmp * *
   ip filter comment 200030 "LAN1 Primary/in: ICMP (ping,traceroute,...)"
   ip filter 200031 pass * 10.0.0.0/24 established * *
   ip filter comment 200031 "LAN1 Primary/in: TCP Connection (established)"
   ip filter 200032 pass-log * 10.0.0.0/24 tcp * ident
   ip filter comment 200032 "LAN1 Primary/in: ident for SMTP,... (e-mail)"
   ip filter 200033 pass * 10.0.0.0/24 tcp ftpdata *
   ip filter comment 200033 "LAN1 Primary/in: ftp client (PORT)"
   ip filter 200034 pass-log * 10.0.0.0/24 tcp,udp * domain
   ip filter comment 200034 "LAN1 Primary/in: dns server"
   ip filter 200035 pass * 10.0.0.0/24 udp domain *
   ip filter comment 200035 "LAN1 Primary/in: dns resolv"
   ip filter 200036 pass-log * 10.0.0.0/24 udp * ntp
   ip filter comment 200036 "LAN1 Primary/in: NTP server"
   ip filter 200037 pass * 10.0.0.0/24 udp ntp *
   ip filter comment 200037 "LAN1 Primary/in: NTP client"
   ip filter 200038 reject * * tcp,udp at_rtmp-at_8 *
   ip filter 200039 reject * * tcp,udp * at_rtmp-at_8
   ip filter 200080 pass * 10.0.0.100 tcp * www
   ip filter 200081 pass * 10.0.0.100 udp * domain
   ip filter 200083 pass * 10.0.0.100 tcp * smtp
   ip filter 200084 pass * 10.0.0.100 tcp * pop3
   ip filter 200085 pass-log * 10.0.0.100 tcp * domain
   ip filter 200099 pass * * * * *
   ip filter comment 200099 "pass all"
   ip filter 500000 restrict * * * * *
   ip filter dynamic 200080 * * ftp
   ip filter dynamic comment 200080 "FTP connection (tcp)"
   ip filter dynamic 200081 * * domain
   ip filter dynamic comment 200081 "DNS resolv,... (tcp,udp)"
   ip filter dynamic 200082 * * www
   ip filter dynamic comment 200082 "WWW Browser,... (tcp)"
   ip filter dynamic 200083 * * smtp
   ip filter dynamic comment 200083 "SMTP connection (tcp)"
   ip filter dynamic 200084 * * pop3
   ip filter dynamic comment 200084 "POP3 connection (tcp)"
   ip filter dynamic 200098 * * tcp
   ip filter dynamic comment 200098 "TCP Connection"
   ip filter dynamic 200099 * * udp
   ip filter dynamic comment 200099 "UDP Connection"
   ip filter source-route on
   ip filter directed-broadcast on
   ip lan1 address 10.0.0.8/24
   ip lan1 routing protocol none
   ip lan1 rip listen none
   ip lan1 secure filter in 100000 100001 100002 100003 100004 100005 100006 100007    100008 100009 100099
   ip lan2 routing protocol none
   ip lan2 rip listen none
   ip route default gateway pp 1 filter 500000 gateway pp 1
   nat descriptor type 1000 masquerade
   nat descriptor masquerade incoming 1000 through ログにのこす為にnatに該当しないパケットを通す設定を入れた
   nat descriptor masquerade static 1000 1 10.0.0.100 tcp www
   nat descriptor masquerade static 1000 2 10.0.0.100 udp domain
   nat descriptor masquerade static 1000 3 10.0.0.100 tcp 22
   nat descriptor masquerade static 1000 4 10.0.0.100 tcp smtp
   nat descriptor masquerade static 1000 5 10.0.0.100 tcp pop3
   nat descriptor masquerade static 1000 6 10.0.0.100 tcp domain
   nat descriptor masquerade static 1000 7 10.0.0.100 icmp *   pingに反応する為に入れたがpingがうるさいのでフィルタでカットしてある
   provider type isdn-terminal
   provider filter routing connection
   provider lan1 name LAN:
   provider lan2 name PPPoE:
   provider ntpdate xxx.xxx.xxx.xxx
   pp select 1
   pp name PRV/1/1/4:WAKWAK
   pppoe use lan2
   pppoe auto disconnect off
   pppoe disconnect time 60
   ip pp secure filter in 200000 200001 200002 200003 200020 200021 200022 200023    200024 200025 200030 200031 200032 200033 200035 200037 200038 200039 200080    200081 200082 200083 200084 200085
   ip pp secure filter out 200010 200011 200012 200013 200020 200021 200022 200023    200024 200025 200038 200039 200099
   ip pp nat descriptor 1000
   pp auth accept pap chap
   pp auth myname xxxxxxxxxxxxxxx  yyyyyyy
   ppp lcp mru on 1454
   ppp ipcp ipaddress on
   ppp ipcp msext on
   ppp ccp type none
   pp enable 1
   provider set on 1 WAKWAK-1P
   provider dns server pp 1 1
   provider select 1
   syslog host 10.0.0.100
   syslog notice on
   httpd frame use on 1
   telnetd host lan
   dhcp service server
   dhcp server rfc2131 compliant except remain-silent
   dhcp scope 1 10.0.x.x-10.0.x.x/24
   dns server pp 1
   dns server select 500001 pp 1 any . restrict pp 1
   dns private address spoof on
   schedule at */* 01:44 * ntpdate xxx.xxx.xxx.xxx
   analog supplementary-service pseudo call-waiting
   analog extension dial prefix line
   analog extension dial prefix sip 9#
   alarm connection data off
   alarm intrusion off