melove
*********************************************************
* All rights reserved (1997-2004) *
* Without the owner's prior written consent, *
*no decompiling or reverse-engineering shall be allowed.*
*********************************************************
Login authentication
Username:xxzx8152
Password:
Note: The max number of VTY users is 5, and the current number
of VTY users on line is 1.
#
sysname DLJ-Eudemon100
#
FTP server enable
#
l2tp enable
#
firewall packet-filter default permit interzone local trust direction inbound
firewall packet-filter default permit interzone local trust direction outbound
firewall packet-filter default permit interzone local untrust direction inbound
firewall packet-filter default permit interzone local untrust direction outboun
d
firewall packet-filter default permit interzone local DMZ direction inbound
firewall packet-filter default permit interzone local DMZ direction outbound
firewall packet-filter default permit interzone trust untrust direction inbound
firewall packet-filter default permit interzone trust untrust direction outboun
d
firewall packet-filter default permit interzone trust DMZ direction inbound
firewall packet-filter default permit interzone trust DMZ direction outbound
firewall packet-filter default permit interzone DMZ untrust direction inbound
firewall packet-filter default permit interzone DMZ untrust direction outbound
#
nat server protocol tcp global 218.28.85.98 3000 inside 10.66.81.52 3000
nat server protocol tcp global 218.28.85.98 2011 inside 10.66.80.5 2011
nat server protocol tcp global 218.28.85.98 8888 inside 30.0.0.11 8888
nat server protocol tcp global 218.28.85.98 8889 inside 30.0.0.11 3389
nat server protocol tcp global 218.28.85.98 8890 inside 30.0.0.11 1433
nat server protocol tcp global 218.28.85.98 7010 inside 30.0.0.13 7010
nat server protocol tcp global 218.28.85.98 777 inside 10.66.80.29 telnet
nat server protocol tcp global 218.28.85.98 778 inside 10.66.80.30 telnet
nat server protocol tcp global 218.28.85.98 8891 inside 30.0.0.11 ftp
nat server protocol tcp global 218.28.85.98 9000 inside 192.168.5.31 9000
nat server protocol tcp global 218.28.85.98 7115 inside 30.0.0.138 7115
nat server protocol tcp global 218.28.85.98 9024 inside 192.168.1.170 9024
nat server protocol tcp global 218.28.85.98 3030 inside 30.0.0.12 3030
nat server protocol tcp global 218.28.85.98 9999 inside 30.0.0.11 9999
nat server protocol tcp global 218.28.85.98 3031 inside 30.0.0.139 3031
nat server protocol tcp global 218.28.85.98 7777 inside 30.0.0.30 3389
nat server protocol tcp global 218.28.85.98 8893 inside 30.0.0.29 3389
nat server protocol tcp global 218.28.85.98 8892 inside 30.0.0.31 3389
nat server protocol udp global 218.28.85.98 6688 inside 30.0.0.33 6688
nat server protocol tcp global 218.28.85.98 8000 insid
e 192.168.5.30 8000
nat server protocol tcp global 218.28.85.98 8012 inside 192.168.5.30 8012
nat server protocol tcp global 218.28.85.98 8894 inside 10.66.80.45 3389
nat server protocol tcp global 218.28.85.98 8895 inside 30.0.0.9 3389
nat server protocol tcp global 218.28.85.98 9001 inside 20.0.0.181 3389
nat server protocol tcp global 218.28.85.98 8801 inside 30.0.0.41 3389
#
firewall statistic system enable
#
interface Aux0
async mode flow
link-protocol ppp
#
interface Ethernet0/0
ip address 192.168.2.1 255.255.255.240
#
interface Ethernet1/0
ip address 218.28.85.98 255.255.255.252
#
interface Virtual-Template1
ppp authentication-mode pap
ip address 172.16.0.1 255.255.255.0
remote address pool 1
#
interface NULL0
#
acl number 2000
rule 0 deny source 192.168.1.0 0.0.0.127
rule 1 deny source 192.168.5.0 0.0.0.255
rule 2 deny source 192.168.4.0 0.0.0.255 time-range shangwang
rule 3 deny source 192.168.7.0 0.0.0.255 time-range shangwang
rule 4 deny source 192.168.8.0 0.0.0.255
rule 5 deny source 192.168.6.0 0.0.0.255 time-range xs
rule 6 deny source 192.168.9.0 0.0.0.255
rule 7 deny source 192.168.10.0 0.0.0.255
rule 8 deny source 192.168.11.0 0.0.0.255
rule 9 deny source 192.168.12.0 0.0.0.255
rule 10 deny source 192.168.13.0 0.0.0.255
rule 11 deny source 192.168.14.0 0.0.0.255
rule 12 deny source 192.168.15.0 0.0.0.255
rule 13 deny source 192.168.16.0 0.0.0.255
rule 14 deny source 192.168.17.0 0.0.0.255
rule 15 deny source 192.168.18.0 0.0.0.255
rule 16 deny source 192.168.19.0 0.0.0.255
rule 17 deny source 192.168.20.0 0.0.0.255
rule 18 deny source 192.168.21.0 0.0.0.255
rule 19 deny source 192.168.22.0 0.0.0.255
rule 20 deny source 192.168.23.0 0.0.0.255
rule 21 deny source 192.168.24.0 0.0.0.255
rule 22 deny source 192.168.25.0 0.0.0.255
rule 23 deny source 10.0.0.0 0.0.0.3
rule 24 deny source 20.0.0.0 0.0.0.255
rule 25 permit source 30.0.0.0 0.0.0.255
rule 26 permit source 192.168.100.0 0.0.0.255
#
acl number 3000
rule 40 deny tcp destination-port eq 6881
rule 41 deny tcp destination-port eq 6882
rule 42 deny tcp destination-port eq 6883
rule 43 deny tcp destination-port eq 6884
rule 44 deny tcp destination-port eq 6885
rule 45 deny tcp destination-port eq 6886
rule 46 deny tcp destination-port eq 6887
rule 47 deny tcp destination-port eq 6888
rule 48 deny tcp destination-port eq 6889
acl number 3001
rule 0 deny udp destination-port eq tftp
rule 1 deny tcp destination-port eq 135
rule 2 deny udp destination-port eq 135
rule 3 deny udp destination-port eq netbios-ns
rule 4 deny udp destination-port eq netbios-dgm
rule 5 deny tcp destination-port eq 139
rule 6 deny udp destination-port eq netbios-ssn
rule 7 deny tcp destination-port eq 445
rule 8 deny udp destination-port eq 445
rule 9 deny tcp destination-port eq 539
rule 10 deny udp destination-port eq 539
rule 11 deny udp destination-port eq 593
rule 1
2 deny tcp destination-port eq 593
rule 13 deny udp destination-port eq 1434
rule 14 deny tcp destination-port eq 4444
rule 15 deny tcp destination-port eq 9996
rule 16 deny tcp destination-port eq 5554
rule 17 deny udp destination-port eq 9996
rule 18 deny udp destination-port eq 5554
rule 19 deny tcp destination-port eq 137
rule 20 deny tcp destination-port eq 138
rule 21 deny tcp destination-port eq 1025
rule 22 deny udp destination-port eq 1025
rule 23 deny tcp destination-port eq 9995
rule 24 deny udp destination-port eq 9995
rule 25 deny tcp destination-port eq 1068
rule 26 deny udp destination-port eq 1068
rule 27 deny tcp destination-port eq 1023
rule 28 deny udp destination-port eq 1023
rule 29 deny tcp destination-port eq 6667
rule 30 deny tcp destination-port eq 113
rule 31 deny tcp destination-port eq 3067
rule 32 deny tcp destination-port eq 389
rule 33 deny tcp destination-port eq 136
rule 34 deny udp destination-port eq 1433
rule 35 deny tcp destination-port eq echo
rule 36 deny tcp destination-port eq CHARgen
rule 38 deny udp destination-port eq 136
rule 39 deny udp destination-port eq 389
#
time-range xs 09:00 to 15:30 daily
time-range shangwang 07:00 to 23:59 daily
#
firewall zone local
set priority 100
#
firewall zone trust
add interface Ethernet0/0
set priority 85
#
firewall zone untrust
add interface Ethernet1/0
add interface Virtual-Template1
set priority 5
#
firewall zone DMZ
set priority 50
#
firewall interzone local trust
#
firewall interzone local untrust
#
firewall interzone local DMZ
#
firewall interzone trust untrust
nat outbound 2000 interface Ethernet1/0
#
firewall interzone trust DMZ
#
firewall interzone DMZ untrust
#
l2tp-group 1
undo tunnel authentication
mandatory-lcp
allow l2tp virtual-template 1
#
aaa
authentication-scheme default
#
authorization-scheme default
#
accounting-scheme default
#
domain default
#
local-user 12huawei password simple Quidway001
local-user 12huawei service-type ppp
local-user xxzx password simple DYJXJJ
local-user xxzx service-type ftp
local-user xxzx ftp-directory flash:/
local-user xxzx8152 password simple 2portmain028
local-user xxzx8152 service-type telnet
local-user itwjk password simple itwjkitwjk
local-user itwjk service-type ppp
local-user xxzx123 password simple 1mainxjjxxzx
local-user xxzx123 service-type ppp
local-user pyxdyjvpn password simple vpnpyxdyj001
local-user pyxdyjvpn service-type ppp
local-user pyxdlvpn password simple XKL!@#<>
local-user pyxdlvpn service-type ppp
ip pool 1 172.16.0.2 172.16.0.100
#
ip route-static 0.0.0.0 0.0.0.0 218.28.85.97
ip route-static 10.0.0.0 255.255.255.252 192.168.2.2
ip route-static 10.66.80.0 255.255.255.192 192.168.2.2
ip route-static 10.66.81.0 255.255.255.128 192.168.2.2
ip route-static 20.0.0.0 255.255.255.0 192.168.2.2
ip route-static 30.0.0.0 255.255.255.0 192.168.2.2
i
p route-static 80.0.0.0 255.255.255.240 192.168.2.2
ip route-static 192.168.5.30 255.255.255.255 192.168.2.2
ip route-static 192.168.100.0 255.255.255.0 192.168.2.2
#
user-interface con 0
user-interface aux 0
user-interface vty 0 4
authentication-mode aaa
user privilege level 3
#
return