Created
November 25, 2011 15:41
-
-
Save shamun/1393818 to your computer and use it in GitHub Desktop.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| root> show configuration | |
| ## Last commit: 2011-10-09 08:19:31 UTC by root | |
| version 11.1R3.5; | |
| system { | |
| root-authentication { | |
| encrypted-password "$1$dvnlnMG"; ## SECRET-DATA | |
| } | |
| name-server { | |
| 208.67.222.222; | |
| 208.67.220.220; | |
| } | |
| services { | |
| ssh; | |
| telnet; | |
| xnm-clear-text; | |
| web-management { | |
| http { | |
| interface vlan.0; | |
| } | |
| https { | |
| system-generated-certificate; | |
| interface vlan.0; | |
| } | |
| } | |
| dhcp { | |
| router { | |
| 192.168.1.1; | |
| } | |
| pool 192.168.1.0/24 { | |
| address-range low 192.168.1.2 high 192.168.1.254; | |
| } | |
| propagate-settings ge-0/0/0.0; | |
| } | |
| } | |
| syslog { | |
| archive size 100k files 3; | |
| user * { | |
| any emergency; | |
| } | |
| file messages { | |
| any critical; | |
| authorization info; | |
| } | |
| file interactive-commands { | |
| interactive-commands error; | |
| } | |
| } | |
| max-configurations-on-flash 5; | |
| max-configuration-rollbacks 5; | |
| license { | |
| autoupdate { | |
| url https://ae1.juniper.net/junos/key_retrieval; | |
| } | |
| } | |
| } | |
| interfaces { | |
| ge-0/0/0 { | |
| mac 00:26:88:e6:34:10; | |
| unit 0 { | |
| family inet { | |
| dhcp; | |
| } | |
| } | |
| } | |
| ge-0/0/1 { | |
| unit 0 { | |
| family ethernet-switching { | |
| vlan { | |
| members vlan-trust; | |
| } | |
| } | |
| } | |
| } | |
| fe-0/0/2 { | |
| unit 0 { | |
| family ethernet-switching { | |
| vlan { | |
| members vlan-trust; | |
| } | |
| } | |
| } | |
| } | |
| fe-0/0/3 { | |
| unit 0 { | |
| family ethernet-switching { | |
| vlan { | |
| members vlan-trust; | |
| } | |
| } | |
| } | |
| } | |
| fe-0/0/4 { | |
| unit 0 { | |
| family ethernet-switching { | |
| vlan { | |
| members vlan-trust; | |
| } | |
| } | |
| } | |
| } | |
| fe-0/0/5 { | |
| unit 0 { | |
| family ethernet-switching { | |
| vlan { | |
| members vlan-trust; | |
| } | |
| } | |
| } | |
| } | |
| fe-0/0/6 { | |
| unit 0 { | |
| family ethernet-switching { | |
| vlan { | |
| members vlan-trust; | |
| } | |
| } | |
| } | |
| } | |
| fe-0/0/7 { | |
| unit 0 { | |
| family ethernet-switching { | |
| vlan { | |
| members vlan-trust; | |
| } | |
| } | |
| } | |
| } | |
| vlan { | |
| unit 0 { | |
| family inet { | |
| address 192.168.1.1/24; | |
| } | |
| } | |
| } | |
| } | |
| protocols { | |
| stp; | |
| } | |
| security { | |
| alg { | |
| sip disable; | |
| } | |
| screen { | |
| ids-option untrust-screen { | |
| icmp { | |
| ping-death; | |
| } | |
| ip { | |
| source-route-option; | |
| tear-drop; | |
| } | |
| tcp { | |
| syn-flood { | |
| alarm-threshold 1024; | |
| attack-threshold 200; | |
| source-threshold 1024; | |
| destination-threshold 2048; | |
| timeout 20; | |
| } | |
| land; | |
| } | |
| } | |
| } | |
| nat { | |
| source { | |
| rule-set trust-to-untrust { | |
| from zone trust; | |
| to zone untrust; | |
| rule source-nat-rule { | |
| match { | |
| source-address 0.0.0.0/0; | |
| } | |
| then { | |
| source-nat { | |
| interface; | |
| } | |
| } | |
| } | |
| } | |
| } | |
| destination { | |
| pool pool1 { | |
| address 192.168.1.2/32; | |
| } | |
| pool pool2 { | |
| address 192.168.1.41/32; | |
| } | |
| pool pool3 { | |
| address 192.168.1.1/32; | |
| } | |
| pool pool4 { | |
| address 192.168.1.127/32; | |
| } | |
| rule-set ruleset1 { | |
| from zone untrust; | |
| rule rule1 { | |
| match { | |
| destination-address 0.0.0.0/0; | |
| destination-port 1111; | |
| } | |
| then { | |
| destination-nat pool pool1; | |
| } | |
| } | |
| rule rule2 { | |
| match { | |
| destination-address 0.0.0.0/0; | |
| destination-port 49152; | |
| } | |
| then { | |
| destination-nat pool pool1; | |
| } | |
| } | |
| rule rule3 { | |
| match { | |
| destination-address 0.0.0.0/0; | |
| destination-port 49500; | |
| } | |
| then { | |
| destination-nat pool pool1; | |
| } | |
| } | |
| rule rule4 { | |
| match { | |
| destination-address 0.0.0.0/0; | |
| destination-port 5900; | |
| } | |
| then { | |
| destination-nat pool pool2; | |
| } | |
| } | |
| rule rule5 { | |
| match { | |
| destination-address 0.0.0.0/0; | |
| destination-port 22; | |
| } | |
| then { | |
| destination-nat pool pool3; | |
| } | |
| } | |
| rule rule6 { | |
| match { | |
| destination-address 0.0.0.0/0; | |
| } | |
| then { | |
| destination-nat pool pool4; | |
| } | |
| } | |
| } | |
| } | |
| } | |
| policies { | |
| from-zone trust to-zone untrust { | |
| policy trust-to-untrust { | |
| match { | |
| source-address any; | |
| destination-address any; | |
| application any; | |
| } | |
| then { | |
| permit; | |
| } | |
| } | |
| } | |
| from-zone untrust to-zone trust { | |
| policy server-access { | |
| match { | |
| source-address any; | |
| destination-address mydmz; | |
| application any; | |
| } | |
| then { | |
| permit; | |
| } | |
| } | |
| } | |
| default-policy { | |
| permit-all; | |
| } | |
| } | |
| zones { | |
| security-zone trust { | |
| address-book { | |
| address mydmz 192.168.1.127/32; | |
| } | |
| host-inbound-traffic { | |
| system-services { | |
| all; | |
| } | |
| protocols { | |
| all; | |
| } | |
| } | |
| interfaces { | |
| vlan.0; | |
| } | |
| } | |
| security-zone untrust { | |
| screen untrust-screen; | |
| interfaces { | |
| ge-0/0/0.0 { | |
| host-inbound-traffic { | |
| system-services { | |
| dhcp; | |
| tftp; | |
| ping; | |
| } | |
| } | |
| } | |
| } | |
| } | |
| } | |
| } | |
| vlans { | |
| vlan-trust { | |
| vlan-id 3; | |
| l3-interface vlan.0; | |
| } | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment