Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- =~=~=~=~=~=~=~=~=~=~=~= PuTTY log 2020.12.18 14:47:06 =~=~=~=~=~=~=~=~=~=~=~=
- [edit]
- reno@rtfw-vpn-01# show no
- Configuration path: [no] is not valid
- [edit]
- reno@rtfw-vpn-01# show no
- Configuration path: [no] is not valid
- [edit]
- reno@rtfw-vpn-01# show no[K[K[?1h=
- [m
- Possible completions:[m
- > firewall Firewall[m
- > interfaces Network interfaces[m
- > nat Network Address Translation (NAT) parameters[m
- > protocols Routing protocol parameters[m
- > service <No help text available>[m
- > system System parameters[m
- > vpn Virtual Private Network (VPN)[m
- [K[?1l>
- [edit]
- reno@rtfw-vpn-01# show [?1h=
- [m
- Possible completions:[m
- > firewall Firewall[m
- > interfaces Network interfaces[m
- > nat Network Address Translation (NAT) parameters[m
- > protocols Routing protocol parameters[m
- > service <No help text available>[m
- > system System parameters[m
- > vpn Virtual Private Network (VPN)[m
- [K[?1l>
- [edit]
- reno@rtfw-vpn-01# show | [?1h=
- [m
- Possible completions:[m
- count Count the number of lines in the output[m
- match Only output lines that match specified pattern[m
- no-match Only output lines that do not match specified pattern[m
- more Paginate the output[m
- no-more Do not paginate the output[m
- strip-private[m
- Remove private information from the config[m
- commands Convert config to set commands[m
- [K[?1l>
- [edit]
- reno@rtfw-vpn-01# show | no-more
- firewall {
- all-ping enable
- broadcast-ping disable
- config-trap disable
- group {
- port-group ark-ports {
- port 7777
- port 7778
- port 27015
- port 27016
- }
- port-group mail-server {
- port 25
- port 80
- port 443
- port 465
- port 587
- }
- port-group q-mc-1 {
- port 25565
- }
- port-group q-mc-2 {
- port 25566
- }
- port-group web-ports {
- port 80
- port 443
- }
- port-group wow-ports {
- port 3724
- port 3725
- port 8085
- port 8086
- port 8087
- }
- }
- ipv6-receive-redirects disable
- ipv6-src-route disable
- ip-src-route disable
- log-martians enable
- name eth0-in {
- default-action drop
- rule 1000 {
- action accept
- description "Mail server"
- destination {
- address 10.1.10.5
- group {
- port-group mail-server
- }
- }
- protocol tcp
- state {
- new enable
- }
- }
- rule 2000 {
- action accept
- description wow-335-server
- destination {
- address 10.1.20.10
- port 3724,8085-8087
- }
- protocol tcp_udp
- state {
- new enable
- }
- }
- rule 2100 {
- action accept
- description web-server
- destination {
- address 10.1.20.50
- port 80,443
- }
- protocol tcp_udp
- state {
- new enable
- }
- }
- rule 3000 {
- action accept
- description q-server-mc
- destination {
- address 10.1.30.10
- port 25565,25566
- }
- protocol tcp_udp
- state {
- new enable
- }
- }
- rule 3100 {
- action accept
- description ark-ports
- destination {
- address 10.1.30.10
- port 7777-7778,27015-27016
- }
- protocol tcp_udp
- state {
- new enable
- }
- }
- }
- name eth0-local {
- default-action drop
- rule 10 {
- action accept
- destination {
- address wan.subnet.1.204
- port 2200
- }
- protocol tcp
- state {
- new enable
- }
- }
- rule 5000 {
- action accept
- source {
- address home.ip.1.106
- }
- }
- }
- name eth1-in {
- default-action drop
- }
- name eth1-local {
- default-action drop
- }
- receive-redirects disable
- send-redirects enable
- source-validation disable
- state-policy {
- established {
- action accept
- }
- invalid {
- action drop
- }
- related {
- action accept
- }
- }
- syn-cookies enable
- twa-hazards-protection disable
- }
- interfaces {
- ethernet eth0 {
- address wan.subnet.1.203/29
- address wan.subnet.1.204/29
- address wan.subnet.1.205/29
- address wan.subnet.1.206/29
- duplex auto
- firewall {
- in {
- name eth0-in
- }
- local {
- name eth0-local
- }
- }
- hw-id 00:0c:29:e4:f3:f9
- smp-affinity auto
- speed auto
- }
- ethernet eth1 {
- address wan.subnet.2.202/29
- address wan.subnet.2.203/29
- address wan.subnet.2.204/29
- address wan.subnet.2.205/29
- address wan.subnet.2.206/29
- duplex auto
- firewall {
- in {
- name eth1-in
- }
- local {
- name eth1-local
- }
- }
- hw-id 00:0c:29:e4:f3:03
- smp-affinity auto
- speed auto
- }
- ethernet eth2 {
- duplex auto
- hw-id 00:0c:29:e4:f3:0d
- smp-affinity auto
- speed auto
- vif 10 {
- address 10.1.10.1/24
- }
- vif 20 {
- address 10.1.20.1/24
- }
- vif 30 {
- address 10.1.30.1/24
- }
- }
- ethernet eth3 {
- duplex auto
- hw-id 00:0c:29:e4:f3:17
- smp-affinity auto
- speed auto
- vif 110 {
- address 172.16.110.1/24
- }
- vif 120 {
- address 172.16.120.1/24
- }
- vif 130 {
- address 172.16.130.1/24
- }
- vif 140 {
- address 172.16.140.1/24
- }
- }
- loopback lo {
- }
- tunnel tun0 {
- address 10.10.10.1/30
- encapsulation gre
- local-ip wan.subnet.1.204
- remote-ip home.ip.1.106
- }
- }
- nat {
- destination {
- rule 1000 {
- description mail-server
- destination {
- address wan.subnet.1.203
- port 25,80,443,465,587
- }
- inbound-interface eth0
- protocol tcp
- translation {
- address 10.1.10.5
- }
- }
- rule 2000 {
- description wow
- destination {
- address wan.subnet.1.204
- port 3724,8085
- }
- inbound-interface eth0
- protocol tcp_udp
- translation {
- address 10.1.20.10
- }
- }
- rule 2100 {
- description web-in
- destination {
- address wan.subnet.1.204
- port 80,443
- }
- inbound-interface eth0
- protocol tcp
- translation {
- address 10.1.20.50
- }
- }
- rule 3000 {
- description q-mc
- destination {
- address wan.subnet.1.205
- port 25565,25566
- }
- inbound-interface eth0
- protocol tcp_udp
- translation {
- address 10.1.30.10
- }
- }
- }
- source {
- rule 110 {
- description 110-out
- outbound-interface eth1
- protocol all
- source {
- address 172.16.110.0/24
- }
- translation {
- address wan.subnet.2.202
- }
- }
- rule 120 {
- description 120-out
- outbound-interface eth1
- protocol all
- source {
- address 172.16.120.0/24
- }
- translation {
- address wan.subnet.2.203
- }
- }
- rule 130 {
- description 130-out
- outbound-interface eth1
- protocol all
- source {
- address 172.16.130.0/24
- }
- translation {
- address wan.subnet.2.203
- }
- }
- rule 140 {
- description 140-out
- outbound-interface eth1
- protocol all
- source {
- address 172.16.140.0/24
- }
- translation {
- address wan.subnet.2.204
- }
- }
- rule 150 {
- description 150-out
- outbound-interface eth1
- protocol all
- source {
- address 172.16.150.0/24
- }
- translation {
- address wan.subnet.2.205
- }
- }
- rule 1071 {
- description 107.203.out
- outbound-interface eth0
- protocol all
- source {
- address 10.1.10.0/24
- }
- translation {
- address wan.subnet.1.203
- }
- }
- rule 1072 {
- description 107.204.out
- outbound-interface eth0
- protocol all
- source {
- address 10.1.20.0/24
- }
- translation {
- address wan.subnet.1.204
- }
- }
- rule 1073 {
- description 107.205.out
- outbound-interface eth0
- source {
- address 10.1.30.0/24
- }
- translation {
- address wan.subnet.1.205
- }
- }
- }
- }
- protocols {
- static {
- route 0.0.0.0/0 {
- next-hop wan.subnet.2.201 {
- distance 20
- }
- next-hop wan.subnet.1.201 {
- distance 5
- }
- }
- route 172.16.10.0/24 {
- next-hop 10.10.10.2 {
- }
- }
- }
- }
- service {
- ssh {
- port 2200
- }
- }
- system {
- config-management {
- commit-revisions 100
- }
- console {
- device ttyS0 {
- speed 9600
- }
- }
- domain-name nraq.org
- domain-search {
- domain nraq.orgg
- }
- host-name rtfw-vpn-01
- login {
- user user1 {
- authentication {
- encrypted-password spoopy-poo-password
- plaintext-password ""
- }
- level admin
- }
- user user2 {
- authentication {
- encrypted-password spoopy-poo-password
- plaintext-password ""
- }
- level admin
- }
- }
- name-server 1.1.1.1
- name-server 8.8.8.8
- ntp {
- server 0.pool.ntp.org {
- }
- server 1.pool.ntp.org {
- }
- server 2.pool.ntp.org {
- }
- }
- options {
- ctrl-alt-del-action ignore
- reboot-on-panic true
- }
- syslog {
- global {
- facility all {
- level info
- }
- facility protocols {
- level debug
- }
- }
- }
- time-zone America/Chicago
- }
- vpn {
- ipsec {
- esp-group MyESPGroup {
- proposal 1 {
- encryption aes128
- hash sha1
- }
- }
- ike-group MyIKEGroup {
- proposal 1 {
- dh-group 2
- encryption aes128
- hash sha1
- }
- }
- ipsec-interfaces {
- interface eth0
- }
- site-to-site {
- peer home.ip.1.106 {
- authentication {
- mode rsa
- rsa-key-name home-rsa
- }
- default-esp-group MyESPGroup
- ike-group MyIKEGroup
- local-address wan.subnet.1.204
- tunnel 1 {
- protocol gre
- }
- }
- }
- }
- rsa-keys {
- rsa-key-name home-rsa {
- rsa-key super-secret-key
- }
- }
- }
- [edit]
- reno@rtfw-vpn-01#
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement