API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Dec 18th, 2020
146
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 13.27 KB | None | 0 0
raw download clone embed print report
  1. =~=~=~=~=~=~=~=~=~=~=~= PuTTY log 2020.12.18 14:47:06 =~=~=~=~=~=~=~=~=~=~=~=
  2.  
  3. [edit]
  4.  
  5. reno@rtfw-vpn-01# show no
  6.  
  7. Configuration path: [no] is not valid
  8.  
  9. [edit]
  10.  
  11. reno@rtfw-vpn-01# show no
  12.  
  13. Configuration path: [no] is not valid
  14.  
  15. [edit]
  16.  
  17. reno@rtfw-vpn-01# show no[?1h=
  18. 
  19. Possible completions:
  20. > firewall Firewall
  21. > interfaces Network interfaces
  22. > nat Network Address Translation (NAT) parameters
  23. > protocols Routing protocol parameters
  24. > service <No help text available>
  25. > system System parameters
  26. > vpn Virtual Private Network (VPN)
  27.  
  28. [?1l>
  29.  
  30. [edit]
  31.  
  32. reno@rtfw-vpn-01# show [?1h=
  33. 
  34. Possible completions:
  35. > firewall Firewall
  36. > interfaces Network interfaces
  37. > nat Network Address Translation (NAT) parameters
  38. > protocols Routing protocol parameters
  39. > service <No help text available>
  40. > system System parameters
  41. > vpn Virtual Private Network (VPN)
  42.  
  43. [?1l>
  44.  
  45. [edit]
  46.  
  47. reno@rtfw-vpn-01# show | [?1h=
  48. 
  49. Possible completions:
  50. count Count the number of lines in the output
  51. match Only output lines that match specified pattern
  52. no-match Only output lines that do not match specified pattern
  53. more Paginate the output
  54. no-more Do not paginate the output
  55. strip-private
  56. Remove private information from the config
  57. commands Convert config to set commands
  58.  
  59. [?1l>
  60.  
  61. [edit]
  62.  
  63. reno@rtfw-vpn-01# show | no-more
  64. firewall {
  65. all-ping enable
  66. broadcast-ping disable
  67. config-trap disable
  68. group {
  69. port-group ark-ports {
  70. port 7777
  71. port 7778
  72. port 27015
  73. port 27016
  74. }
  75. port-group mail-server {
  76. port 25
  77. port 80
  78. port 443
  79. port 465
  80. port 587
  81. }
  82. port-group q-mc-1 {
  83. port 25565
  84. }
  85. port-group q-mc-2 {
  86. port 25566
  87. }
  88. port-group web-ports {
  89. port 80
  90. port 443
  91. }
  92. port-group wow-ports {
  93. port 3724
  94. port 3725
  95. port 8085
  96. port 8086
  97. port 8087
  98. }
  99. }
  100. ipv6-receive-redirects disable
  101. ipv6-src-route disable
  102. ip-src-route disable
  103. log-martians enable
  104. name eth0-in {
  105. default-action drop
  106. rule 1000 {
  107. action accept
  108. description "Mail server"
  109. destination {
  110. address 10.1.10.5
  111. group {
  112. port-group mail-server
  113. }
  114. }
  115. protocol tcp
  116. state {
  117. new enable
  118. }
  119. }
  120. rule 2000 {
  121. action accept
  122. description wow-335-server
  123. destination {
  124. address 10.1.20.10
  125. port 3724,8085-8087
  126. }
  127. protocol tcp_udp
  128. state {
  129. new enable
  130. }
  131. }
  132. rule 2100 {
  133. action accept
  134. description web-server
  135. destination {
  136. address 10.1.20.50
  137. port 80,443
  138. }
  139. protocol tcp_udp
  140. state {
  141. new enable
  142. }
  143. }
  144. rule 3000 {
  145. action accept
  146. description q-server-mc
  147. destination {
  148. address 10.1.30.10
  149. port 25565,25566
  150. }
  151. protocol tcp_udp
  152. state {
  153. new enable
  154. }
  155. }
  156. rule 3100 {
  157. action accept
  158. description ark-ports
  159. destination {
  160. address 10.1.30.10
  161. port 7777-7778,27015-27016
  162. }
  163. protocol tcp_udp
  164. state {
  165. new enable
  166. }
  167. }
  168. }
  169. name eth0-local {
  170. default-action drop
  171. rule 10 {
  172. action accept
  173. destination {
  174. address wan.subnet.1.204
  175. port 2200
  176. }
  177. protocol tcp
  178. state {
  179. new enable
  180. }
  181. }
  182. rule 5000 {
  183. action accept
  184. source {
  185. address home.ip.1.106
  186. }
  187. }
  188. }
  189. name eth1-in {
  190. default-action drop
  191. }
  192. name eth1-local {
  193. default-action drop
  194. }
  195. receive-redirects disable
  196. send-redirects enable
  197. source-validation disable
  198. state-policy {
  199. established {
  200. action accept
  201. }
  202. invalid {
  203. action drop
  204. }
  205. related {
  206. action accept
  207. }
  208. }
  209. syn-cookies enable
  210. twa-hazards-protection disable
  211. }
  212. interfaces {
  213. ethernet eth0 {
  214. address wan.subnet.1.203/29
  215. address wan.subnet.1.204/29
  216. address wan.subnet.1.205/29
  217. address wan.subnet.1.206/29
  218. duplex auto
  219. firewall {
  220. in {
  221. name eth0-in
  222. }
  223. local {
  224. name eth0-local
  225. }
  226. }
  227. hw-id 00:0c:29:e4:f3:f9
  228. smp-affinity auto
  229. speed auto
  230. }
  231. ethernet eth1 {
  232. address wan.subnet.2.202/29
  233. address wan.subnet.2.203/29
  234. address wan.subnet.2.204/29
  235. address wan.subnet.2.205/29
  236. address wan.subnet.2.206/29
  237. duplex auto
  238. firewall {
  239. in {
  240. name eth1-in
  241. }
  242. local {
  243. name eth1-local
  244. }
  245. }
  246. hw-id 00:0c:29:e4:f3:03
  247. smp-affinity auto
  248. speed auto
  249. }
  250. ethernet eth2 {
  251. duplex auto
  252. hw-id 00:0c:29:e4:f3:0d
  253. smp-affinity auto
  254. speed auto
  255. vif 10 {
  256. address 10.1.10.1/24
  257. }
  258. vif 20 {
  259. address 10.1.20.1/24
  260. }
  261. vif 30 {
  262. address 10.1.30.1/24
  263. }
  264. }
  265. ethernet eth3 {
  266. duplex auto
  267. hw-id 00:0c:29:e4:f3:17
  268. smp-affinity auto
  269. speed auto
  270. vif 110 {
  271. address 172.16.110.1/24
  272. }
  273. vif 120 {
  274. address 172.16.120.1/24
  275. }
  276. vif 130 {
  277. address 172.16.130.1/24
  278. }
  279. vif 140 {
  280. address 172.16.140.1/24
  281. }
  282. }
  283. loopback lo {
  284. }
  285. tunnel tun0 {
  286. address 10.10.10.1/30
  287. encapsulation gre
  288. local-ip wan.subnet.1.204
  289. remote-ip home.ip.1.106
  290. }
  291. }
  292. nat {
  293. destination {
  294. rule 1000 {
  295. description mail-server
  296. destination {
  297. address wan.subnet.1.203
  298. port 25,80,443,465,587
  299. }
  300. inbound-interface eth0
  301. protocol tcp
  302. translation {
  303. address 10.1.10.5
  304. }
  305. }
  306. rule 2000 {
  307. description wow
  308. destination {
  309. address wan.subnet.1.204
  310. port 3724,8085
  311. }
  312. inbound-interface eth0
  313. protocol tcp_udp
  314. translation {
  315. address 10.1.20.10
  316. }
  317. }
  318. rule 2100 {
  319. description web-in
  320. destination {
  321. address wan.subnet.1.204
  322. port 80,443
  323. }
  324. inbound-interface eth0
  325. protocol tcp
  326. translation {
  327. address 10.1.20.50
  328. }
  329. }
  330. rule 3000 {
  331. description q-mc
  332. destination {
  333. address wan.subnet.1.205
  334. port 25565,25566
  335. }
  336. inbound-interface eth0
  337. protocol tcp_udp
  338. translation {
  339. address 10.1.30.10
  340. }
  341. }
  342. }
  343. source {
  344. rule 110 {
  345. description 110-out
  346. outbound-interface eth1
  347. protocol all
  348. source {
  349. address 172.16.110.0/24
  350. }
  351. translation {
  352. address wan.subnet.2.202
  353. }
  354. }
  355. rule 120 {
  356. description 120-out
  357. outbound-interface eth1
  358. protocol all
  359. source {
  360. address 172.16.120.0/24
  361. }
  362. translation {
  363. address wan.subnet.2.203
  364. }
  365. }
  366. rule 130 {
  367. description 130-out
  368. outbound-interface eth1
  369. protocol all
  370. source {
  371. address 172.16.130.0/24
  372. }
  373. translation {
  374. address wan.subnet.2.203
  375. }
  376. }
  377. rule 140 {
  378. description 140-out
  379. outbound-interface eth1
  380. protocol all
  381. source {
  382. address 172.16.140.0/24
  383. }
  384. translation {
  385. address wan.subnet.2.204
  386. }
  387. }
  388. rule 150 {
  389. description 150-out
  390. outbound-interface eth1
  391. protocol all
  392. source {
  393. address 172.16.150.0/24
  394. }
  395. translation {
  396. address wan.subnet.2.205
  397. }
  398. }
  399. rule 1071 {
  400. description 107.203.out
  401. outbound-interface eth0
  402. protocol all
  403. source {
  404. address 10.1.10.0/24
  405. }
  406. translation {
  407. address wan.subnet.1.203
  408. }
  409. }
  410. rule 1072 {
  411. description 107.204.out
  412. outbound-interface eth0
  413. protocol all
  414. source {
  415. address 10.1.20.0/24
  416. }
  417. translation {
  418. address wan.subnet.1.204
  419. }
  420. }
  421. rule 1073 {
  422. description 107.205.out
  423. outbound-interface eth0
  424. source {
  425. address 10.1.30.0/24
  426. }
  427. translation {
  428. address wan.subnet.1.205
  429. }
  430. }
  431. }
  432. }
  433. protocols {
  434. static {
  435. route 0.0.0.0/0 {
  436. next-hop wan.subnet.2.201 {
  437. distance 20
  438. }
  439. next-hop wan.subnet.1.201 {
  440. distance 5
  441. }
  442. }
  443. route 172.16.10.0/24 {
  444. next-hop 10.10.10.2 {
  445. }
  446. }
  447. }
  448. }
  449. service {
  450. ssh {
  451. port 2200
  452. }
  453. }
  454. system {
  455. config-management {
  456. commit-revisions 100
  457. }
  458. console {
  459. device ttyS0 {
  460. speed 9600
  461. }
  462. }
  463. domain-name nraq.org
  464. domain-search {
  465. domain nraq.orgg
  466. }
  467. host-name rtfw-vpn-01
  468. login {
  469. user user1 {
  470. authentication {
  471. encrypted-password spoopy-poo-password
  472. plaintext-password ""
  473. }
  474. level admin
  475. }
  476. user user2 {
  477. authentication {
  478. encrypted-password spoopy-poo-password
  479. plaintext-password ""
  480. }
  481. level admin
  482. }
  483. }
  484. name-server 1.1.1.1
  485. name-server 8.8.8.8
  486. ntp {
  487. server 0.pool.ntp.org {
  488. }
  489. server 1.pool.ntp.org {
  490. }
  491. server 2.pool.ntp.org {
  492. }
  493. }
  494. options {
  495. ctrl-alt-del-action ignore
  496. reboot-on-panic true
  497. }
  498. syslog {
  499. global {
  500. facility all {
  501. level info
  502. }
  503. facility protocols {
  504. level debug
  505. }
  506. }
  507. }
  508. time-zone America/Chicago
  509. }
  510. vpn {
  511. ipsec {
  512. esp-group MyESPGroup {
  513. proposal 1 {
  514. encryption aes128
  515. hash sha1
  516. }
  517. }
  518. ike-group MyIKEGroup {
  519. proposal 1 {
  520. dh-group 2
  521. encryption aes128
  522. hash sha1
  523. }
  524. }
  525. ipsec-interfaces {
  526. interface eth0
  527. }
  528. site-to-site {
  529. peer home.ip.1.106 {
  530. authentication {
  531. mode rsa
  532. rsa-key-name home-rsa
  533. }
  534. default-esp-group MyESPGroup
  535. ike-group MyIKEGroup
  536. local-address wan.subnet.1.204
  537. tunnel 1 {
  538. protocol gre
  539. }
  540. }
  541. }
  542. }
  543. rsa-keys {
  544. rsa-key-name home-rsa {
  545. rsa-key super-secret-key
  546. }
  547. }
  548. }
  549. [edit]
  550.  
  551. reno@rtfw-vpn-01#
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!