标准的网吧IP接入配置
lishicheng] dis cu
Now create configuration...
Current configuration
!
version 1.74
local-user hw service-type administrator password cipher ]N[.>\EP=83-JEXJQ<!
sysname lishicheng
nat fragbuffer enable
nat fragbuffer length 200
firewall enable
aaa-enable
aaa accounting-scheme optional
!
acl 1 match-order auto
rule normal permit source 192.168.5.0 0.0.0.255
rule normal deny source any
!
acl 101 match-order auto
rule normal deny icmp source any destination any
rule normal deny tcp source any destination any destination-port equal 4444
rule normal deny tcp source any destination any destination-port equal 135
rule normal deny tcp source any destination any destination-port equal 139
rule normal deny tcp source any destination any destination-port equal 137
rule normal deny udp source any destination any destination-port equal 445
rule normal deny tcp source any destination any destination-port equal 593
rule normal deny udp source any destination any destination-port equal 593
rule normal deny udp source any destination any destination-port equal 1434
rule normal deny tcp source any destination any destination-port equal 1434
rule normal deny tcp source any destination any destination-port equal 5800
rule normal deny tcp source any destination any destination-port equal 6667
rule normal deny tcp source any destination any destination-port equal 2500
rule normal deny tcp source any destination any destination-port equal 6346
rule normal deny tcp source any destination any destination-port equal 5554
rule normal deny tcp source any destination any destination-port equal 9996
rule normal deny udp source any destination any destination-port equal 135
rule normal deny udp source any destination any destination-port equal netbn
rule normal deny tcp source any destination any destination-port equal 445
rule normal deny tcp source any destination any destination-port equal 9393
rule normal deny udp source any destination any destination-port equal tftp
rule normal deny tcp source any destination any destination-port equal 1068
!
interface Aux0
async mode flow
link-protocol ppp
!
interface Ethernet0
ip address 192.168.5.254 255.255.255.0
!
interface Ethernet1
ip address 218.90.160.10 255.255.255.248
nat outbound 1 interface
firewall packet-filter 101 inbound
firewall packet-filter 101 outbound
!
interface Serial0
link-protocol ppp
shutdown
!
interface Serial1
link-protocol ppp
shutdown
!
quit
ip route-static 0.0.0.0 0.0.0.0 218.90.160.9 preference 60
!
return
[lishicheng]dis system cpu
Current CPU load: 17%
[lishicheng]dis acl 1
Using normal packet-filtering access rules now.
1 permit 192.168.5.0 0.0.0.255 (no matches -- rule 1)
1 deny any (no matches -- rule 2)
[lishicheng]dis acl 101
Using normal packet-filtering access rules now.
101 deny icmp any any (6328727 matches, 356684705 bytes -- rule 1)
101 deny tcp any any equal 4444 (2 matches, 80 bytes -- rule 2)
101 deny tcp any any equal 135 (5696 matches, 278728 bytes -- rule 3)
101 deny tcp any any equal 139 (828 matches, 39824 bytes -- rule 4)
101 deny tcp any any equal 137 (no matches -- rule 5)
101 deny udp any any equal 445 (no matches -- rule 6)
101 deny tcp any any equal 593 (293 matches, 14064 bytes -- rule 7)
101 deny udp any any equal 593 (no matches -- rule 8)
101 deny udp any any equal 1434 (2665 matches, 103930 bytes -- rule 9)
101 deny tcp any any equal 1434 (no matches -- rule 10)
101 deny tcp any any equal 5800 (no matches -- rule 11)
101 deny tcp any any equal 6667 (24 matches, 1152 bytes -- rule 12)
101 deny tcp any any equal 2500 (2 matches, 80 bytes -- rule 13)
101 deny tcp any any equal 6346 (283 matches, 13584 bytes -- rule 14)
101 deny tcp any any equal 5554 (124 matches, 5968 bytes -- rule 15)
101 deny tcp any any equal 9996 (no matches -- rule 16)
101 deny udp any any equal 135 (10 matches, 3942 bytes -- rule 17)
101 deny udp any any equal netbios-ssn (6 matches, 198 bytes -- rule 18)
101 deny tcp any any equal 445 (6207 matches, 301579 bytes -- rule 19)
101 deny tcp any any equal 9393 (39 matches, 1872 bytes -- rule 20)
101 deny udp any any equal tftp (no matches -- rule 21)
101 deny tcp any any equal 1068 (no matches -- rule 22)
[lishicheng]dis int e 0
Ethernet0 current state:up, line protocol current state:up
Description: Ethernet interface, Ethernet0 Interface
The Maximum Transmit Unit is 1500
Internet Address is 192.168.5.254(24)
IP Sending Frames' Format is Ethernet_II,Hardware address is 00-e0-fc-2d-f3-fe
Media type is twisted pair, loopback is not set, promiscuous mode not set
Full-duplex mode, 100Mbps-speed mode, link type is autonegotiation
Input queue : (size/max/drops) 0/200/0
FIFO queueing: FIFO
(Outbound queue:Size/Length/Discards)
FIFO: 0/75/0
Last 5 minutes input rate 101135.39 bytes/sec, 902.03 packets/sec
Last 5 minutes output rate 470317.96 bytes/sec, 1009.21 packets/sec
Input: 159778280 packets, 3101743776 bytes
30145767 broadcasts, 3101935 multicasts
107 errors, 0 runts, 0 giants
0 CRC,0 frame errors, 107 overrunners
0 aborted sequences 0 no buffers
0 packets with dribble condition detected
Output:145529472 packets, 2762357774 bytes
0 broadcasts, 0 multicasts
0 errors, 0 underruns, 0 collisions
0 packets had been deferred
[lishicheng]dis int e 1
Ethernet1 current state:up, line protocol current state:up
Description: Ethernet interface, Ethernet1 Interface
The Maximum Transmit Unit is 1500
Internet Address is 218.90.160.10(29)
IP Sending Frames' Format is Ethernet_II,Hardware address is 00-e0-fc-2d-f3-fd
Media type is twisted pair, loopback is not set, promiscuous mode not set
Full-duplex mode, 100Mbps-speed mode, link type is autonegotiation
Input queue : (size/max/drops) 0/200/0
FIFO queueing: FIFO
(Outbound queue:Size/Length/Discards)
FIFO: 0/75/0
Last 5 minutes input rate 472550.93 bytes/sec, 1041.38 packets/sec
Last 5 minutes output rate 99412.74 bytes/sec, 874.57 packets/sec
Input: 159643936 packets, 3981864782 bytes
55658 broadcasts, 2136 multicasts
76 errors, 0 runts, 0 giants
3 CRC,0 frame errors, 73 overrunners
0 aborted sequences 0 no buffers
0 packets with dribble condition detected
Output:128041404 packets, 2796760486 bytes
0 broadcasts, 0 multicasts
0 errors, 0 underruns, 0 collisions
0 packets had been deferred
