#
sysname router
#
clock timezone BeiJing add 08:00:00
#
firewall enable
firewall fragments-inspect
#
dns resolve
dns server 1.2.3.4
dns domain router
#
web set-package force flash:/http.zip
#
radius scheme system
radius scheme router
server-type standard
#
domain router.com.cn
domain system
#
acl number 2000 match-order auto
rule 0 permit
rule 1 deny
#
acl number 3000
rule 0 deny tcp destination-port eq telnet
rule 1 deny tcp destination-port eq 22
rule 2 deny udp destination-port eq 22
rule 3 permit tcp destination-port eq smtp
rule 4 permit tcp destination-port eq pop3
rule 5 permit tcp destination-port eq www
rule 6 permit tcp destination-port eq 8080
rule 7 permit tcp destination-port eq 31208
acl number 3002
rule 0 permit ip source 192.168.0.0 0.0.0.255
rule 1 deny ip
#
interface Ethernet1/0
tcp mss 1024
ip address 208.21.137.69 255.255.255.192
nat outbound 2000
firewall packet-filter 3000 inbound
nat server protocol tcp global 208.21.137.69 smtp inside 192.168.0.25 smtp
nat server protocol tcp global 208.21.137.69 pop3 inside 192.168.0.25 pop3
nat server protocol tcp global 208.21.137.69 31208 inside 192.168.0.25 31208
nat server protocol tcp global 208.21.137.69 www inside 192.168.0.177 www
nat server protocol tcp global 208.21.137.69 8080 inside 192.168.0.143 8080
#
interface Ethernet2/0
tcp mss 1024
ip address 100.4.133.45 255.255.254.0
nat outbound 2000
firewall packet-filter 3000 inbound
nat server protocol tcp global 100.4.133.45 smtp inside 192.168.0.25 smtp
nat server protocol tcp global 100.4.133.45 pop3 inside 192.168.0.25 pop3
nat server protocol tcp global 100.4.133.45 31208 inside 192.168.0.25 31208
nat server protocol tcp global 100.4.133.45 www inside 192.168.0.177 www
nat server protocol tcp global 100.4.133.45 8080 inside 192.168.0.143 8080
#
interface Ethernet3/0
tcp mss 1024
ip address 192.168.0.1 255.255.0.0
firewall packet-filter 3000 inbound
firewall packet-filter 3002 inbound
#
interface Ethernet3/1
#
interface Ethernet3/2
#
interface Ethernet3/3
#
interface Ethernet3/4
#
interface Ethernet3/5
#
interface Ethernet3/6
#
interface Ethernet3/7
#
interface Ethernet3/8
#
interface Ethernet3/9
#
interface Ethernet3/10
#
interface Ethernet3/11
#
interface Ethernet3/12
#
interface Ethernet3/13
#
interface Ethernet3/14
#
interface Ethernet3/15
#
interface Ethernet3/16
#
interface Ethernet3/17
#
interface Ethernet3/18
#
interface Ethernet3/19
#
interface Ethernet3/20
#
interface Ethernet3/21
#
interface Ethernet3/22
#
interface Ethernet3/23
#
interface Ethernet3/24
#
interface NULL0
#
dhcp server forbidden-ip 10.0.0.2 10.0.0.100
undo dhcp enable
dhcp server detect
#
ip route-static 0.0.0.0 0.0.0.0 Ethernet 1/0 21.22.125.61 preference 60
#
user-interface con 0
user-interface vty 0 4
authentication-mode scheme
#