Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- ## Last changed: 2013-03-26 12:53:33 GMT+4
- version 11.2R4.3;
- system {
- host-name godnet;
- time-zone GMT+4;
- root-authentication {
- encrypted-password "$1$VefloaO/$sKiqNrllv5T5n6e.TdXMT0"; ## SECRET-DATA
- }
- name-server {
- 10.0.10.254;
- 10.0.1.254;
- 8.8.8.8;
- 8.8.4.4;
- }
- services {
- ssh;
- telnet;
- xnm-clear-text;
- web-management {
- http {
- interface [ vlan.0 vlan.1 vlan.2 vlan.3 ];
- }
- https {
- system-generated-certificate;
- interface [ vlan.0 ge-0/0/0.0 ge-0/0/15.0 ge-0/0/1.0 vlan.3 vlan.2 vlan.1 ];
- }
- }
- dhcp {
- pool 192.168.1.0/24 {
- address-range low 192.168.1.2 high 192.168.1.254;
- router {
- 192.168.1.1;
- }
- propagate-settings vlan.0;
- }
- pool 192.168.11.0/24 {
- address-range low 192.168.11.1 high 192.168.11.253;
- maximum-lease-time 86400;
- default-lease-time 86400;
- router {
- 192.168.11.254;
- }
- propagate-settings vlan.1;
- }
- pool 192.168.22.0/24 {
- address-range low 192.168.22.1 high 192.168.22.253;
- maximum-lease-time 86400;
- router {
- 192.168.22.254;
- }
- propagate-settings vlan.2;
- }
- pool 192.168.33.0/24 {
- address-range low 192.168.33.1 high 192.168.33.253;
- maximum-lease-time 86400;
- domain-name cbuh.karelia.pro;
- router {
- 192.168.33.254;
- }
- propagate-settings vlan.3;
- }
- }
- }
- syslog {
- archive size 100k files 3;
- user * {
- any emergency;
- }
- file messages {
- any critical;
- authorization info;
- }
- file interactive-commands {
- interactive-commands error;
- }
- }
- max-configurations-on-flash 5;
- max-configuration-rollbacks 5;
- license {
- autoupdate {
- url https://ae1.juniper.net/junos/key_retrieval;
- }
- }
- }
- interfaces {
- ge-0/0/0 {
- unit 0 {
- family inet {
- address 178.19.246.156/29;
- }
- }
- }
- ge-0/0/1 {
- unit 0 {
- family inet {
- address 178.19.242.225/29;
- }
- }
- }
- ge-0/0/2 {
- unit 0 {
- family ethernet-switching {
- vlan {
- members vlan-trust;
- }
- }
- }
- }
- ge-0/0/3 {
- unit 0 {
- family ethernet-switching {
- vlan {
- members vlan-trust;
- }
- }
- }
- }
- ge-0/0/4 {
- unit 0 {
- family ethernet-switching {
- vlan {
- members server;
- }
- }
- }
- }
- ge-0/0/5 {
- unit 0 {
- family ethernet-switching {
- vlan {
- members minedu;
- }
- }
- }
- }
- ge-0/0/6 {
- unit 0 {
- family ethernet-switching {
- vlan {
- members cbedu;
- }
- }
- }
- }
- ge-0/0/7 {
- unit 0 {
- family ethernet-switching {
- vlan {
- members vlan-trust;
- }
- }
- }
- }
- ge-0/0/8 {
- unit 0 {
- family ethernet-switching {
- vlan {
- members vlan-trust;
- }
- }
- }
- }
- ge-0/0/9 {
- unit 0 {
- family ethernet-switching {
- vlan {
- members vlan-trust;
- }
- }
- }
- }
- ge-0/0/10 {
- unit 0 {
- family ethernet-switching {
- vlan {
- members vlan-trust;
- }
- }
- }
- }
- ge-0/0/11 {
- unit 0 {
- family ethernet-switching {
- vlan {
- members vlan-trust;
- }
- }
- }
- }
- ge-0/0/12 {
- unit 0 {
- family ethernet-switching {
- vlan {
- members vlan-trust;
- }
- }
- }
- }
- ge-0/0/13 {
- unit 0 {
- family ethernet-switching {
- vlan {
- members vlan-trust;
- }
- }
- }
- }
- ge-0/0/14 {
- unit 0 {
- family ethernet-switching {
- vlan {
- members vlan-trust;
- }
- }
- }
- }
- ge-0/0/15 {
- unit 0 {
- family inet {
- address 192.168.26.237/24;
- }
- }
- }
- vlan {
- unit 0 {
- family inet {
- address 192.168.1.1/24;
- }
- }
- unit 1 {
- family inet {
- address 192.168.11.254/24;
- }
- }
- unit 2 {
- family inet {
- address 192.168.22.254/24;
- }
- }
- unit 3 {
- family inet {
- address 192.168.33.254/24;
- }
- }
- }
- }
- routing-options {
- static {
- route 0.0.0.0/0 next-hop 178.19.246.158;
- route 192.168.26.0/24 next-hop 192.168.11.254;
- }
- }
- protocols {
- stp;
- }
- security {
- flow {
- allow-dns-reply;
- }
- screen {
- ids-option untrust-screen {
- icmp {
- ping-death;
- }
- ip {
- source-route-option;
- tear-drop;
- }
- tcp {
- syn-flood {
- alarm-threshold 1024;
- attack-threshold 200;
- source-threshold 1024;
- destination-threshold 2048;
- timeout 20;
- }
- land;
- }
- }
- }
- nat {
- source {
- pool snat-pool1 {
- address {
- 178.19.246.153/32 to 178.19.246.156/32;
- }
- }
- pool snat-pool2 {
- address {
- 217.77.50.129/32 to 217.77.50.131/32;
- }
- }
- rule-set trust-to-untrust {
- from zone trust;
- to zone untrust;
- rule source-nat-rule {
- match {
- source-address 0.0.0.0/0;
- }
- then {
- source-nat {
- pool {
- snat-pool1;
- }
- }
- }
- }
- }
- rule-set srv-untrast {
- from zone server;
- to zone untrust;
- rule srv-pool2 {
- match {
- source-address 192.168.11.0/24;
- destination-address 0.0.0.0/0;
- }
- then {
- source-nat {
- pool {
- snat-pool1;
- }
- }
- }
- }
- }
- rule-set srv-trust {
- from zone server;
- to interface ge-0/0/15.0;
- rule srv-trust {
- match {
- source-address 192.168.11.0/24;
- destination-address 192.168.26.0/24;
- }
- then {
- source-nat {
- interface;
- }
- }
- }
- }
- }
- proxy-arp {
- interface ge-0/0/0.0 {
- address {
- 178.19.246.154/32 to 178.19.246.156/32;
- }
- }
- }
- }
- policies {
- from-zone trust to-zone untrust {
- policy trust-to-untrust {
- match {
- source-address any;
- destination-address any;
- application any;
- }
- then {
- permit;
- }
- }
- }
- from-zone server to-zone untrust {
- policy srv-untrast {
- match {
- source-address srv-net;
- destination-address any;
- application any;
- }
- then {
- permit;
- }
- }
- }
- from-zone minedu to-zone untrust {
- policy min-untrast {
- match {
- source-address min-net;
- destination-address any;
- application any;
- }
- then {
- permit;
- }
- }
- }
- from-zone edubuh to-zone untrust {
- policy buh-untrast {
- match {
- source-address buh-net;
- destination-address any;
- application any;
- }
- then {
- permit;
- }
- }
- }
- from-zone server to-zone trust {
- policy srv-trust {
- match {
- source-address any;
- destination-address old-net;
- application any;
- }
- then {
- permit;
- }
- }
- }
- }
- zones {
- security-zone trust {
- address-book {
- address old-net 192.168.26.0/24;
- }
- host-inbound-traffic {
- system-services {
- all;
- }
- protocols {
- all;
- }
- }
- interfaces {
- vlan.0;
- ge-0/0/15.0;
- }
- }
- security-zone untrust {
- screen untrust-screen;
- interfaces {
- ge-0/0/0.0 {
- host-inbound-traffic {
- system-services {
- tftp;
- http;
- ping;
- ssh;
- }
- protocols {
- bgp;
- ospf;
- rip;
- }
- }
- }
- ge-0/0/1.0 {
- host-inbound-traffic {
- system-services {
- tftp;
- http;
- ping;
- ssh;
- }
- protocols {
- bgp;
- ospf;
- rip;
- }
- }
- }
- }
- }
- security-zone server {
- address-book {
- address srv-net 192.168.11.0/24;
- }
- host-inbound-traffic {
- system-services {
- all;
- }
- protocols {
- all;
- }
- }
- interfaces {
- vlan.1;
- }
- }
- security-zone minedu {
- address-book {
- address min-net 192.168.22.0/24;
- }
- host-inbound-traffic {
- system-services {
- all;
- }
- protocols {
- all;
- }
- }
- interfaces {
- vlan.2;
- }
- }
- security-zone edubuh {
- address-book {
- address buh-net 192.168.33.0/24;
- }
- host-inbound-traffic {
- system-services {
- all;
- }
- protocols {
- all;
- }
- }
- interfaces {
- vlan.3;
- }
- }
- }
- }
- vlans {
- cbedu {
- vlan-id 33;
- l3-interface vlan.3;
- }
- minedu {
- vlan-id 22;
- l3-interface vlan.2;
- }
- server {
- vlan-id 11;
- l3-interface vlan.1;
- }
- vlan-trust {
- vlan-id 3;
- l3-interface vlan.0;
- }
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
