## Last changed: 2010-01-21 15:34:18 UTCversion 10.0R2.10;interfaces { ge-0/0/0 { unit 0 { family inet { address 192.168.1.1/24; } } } ge-0/0/7 { unit 0 { family inet { address 10.190.0.11/24; } } } ge-0/0/8 { unit 0 { family inet { address 192.168.10.1/24; } } } ge-0/0/14 { unit 0 { description 192.168.11.1/24; family inet { address 192.168.11.1/24; } } } ge-0/0/15 { unit 0 { family inet { address xxx.xxx.xxx.xxx; } } } lo0 { unit 0 { family inet { address 127.0.0.1/32; } } }}routing-options { static { route 0.0.0.0/0 next-hop xxx.xxx.xxx.xxxx; route 10.190.0.0/24 next-hop 10.190.0.10; }}security { nat { source { pool SNAT_Pool_1 { address { 192.168.1.0/24; } } pool SNAT_Pool_2 { address { 10.190.0.0/24; } } pool SNAT_Pool_3 { address { 192.168.10.0/24; } } rule-set SNAT_Office_To_Inet { from interface ge-0/0/0.0; to interface ge-0/0/15.0; rule SNAT_Office_To_Inet_Rulle { match { source-address 192.168.1.0/24; destination-address 0.0.0.0/0; } then { source-nat { interface; } } } } rule-set SNAT_Shops_To_Inet { from interface ge-0/0/7.0; to interface ge-0/0/15.0; rule SNAT_Shops_To_Inet_Rulle { match { source-address 10.190.0.0/24; destination-address 0.0.0.0/0; } then { source-nat { interface; } } } } rule-set SNAT_10_To_Inet { from interface ge-0/0/8.0; to interface ge-0/0/15.0; rule SNAT_10_To_Inet_Rulle { match { source-address 192.168.10.0/24; destination-address 0.0.0.0/0; } then { source-nat { interface; } } } } } destination { pool 10_190_0_16 { address 10.190.0.16/32 port 3389; } rule-set RDP_To_fs { from interface ge-0/0/15.0; rule DNAT_Rullis_1 { match { source-address 0.0.0.0/0; destination-address 10.190.0.16/32; destination-port 3389; } then { destination-nat off; } } } } } screen { ids-option untrust-screen { icmp { ping-death; } ip { source-route-option; tear-drop; } tcp { syn-flood { alarm-threshold 1024; attack-threshold 200; source-threshold 1024; destination-threshold 2048; queue-size 2000; timeout 20; } land; } } } zones { functional-zone management { interfaces { ge-0/0/14.0; } host-inbound-traffic { system-services { any-service; } protocols { all; } } } security-zone trust { tcp-rst; address-book { address LV_Office 10.190.0.0/24; address Test_LAN 192.168.1.0/24; address-set 10.190.0.0/24 { address LV_Office; } address-set 192.168.1.0/24 { address Test_LAN; } } } security-zone untrust { address-book { address 192.168.1.0/24 192.168.1.0/24; } screen untrust-screen; host-inbound-traffic { system-services { ssh; } } interfaces { ge-0/0/15.0; } } security-zone LV_Shops { host-inbound-traffic { system-services { any-service; } protocols { all; } } interfaces { ge-0/0/7.0; } } security-zone LV_Office { host-inbound-traffic { system-services { all; } protocols { all; } } interfaces { ge-0/0/0.0; } } security-zone LV_TO_ASW_GWAY_AT_LATTELECOM { host-inbound-traffic { system-services { all; } protocols { all; } } } security-zone ASW { host-inbound-traffic { system-services { any-service; } protocols { all; } } } security-zone LV_10 { address-book { address 192.168.10.0/24 192.168.10.0/24; } host-inbound-traffic { system-services { any-service; } protocols { all; } } interfaces { ge-0/0/8.0; } } } policies { from-zone trust to-zone trust { policy default-permit { match { source-address any; destination-address any; application any; } then { permit; } } } from-zone trust to-zone untrust { policy default-permit { match { source-address any; destination-address any; application any; } then { permit; } } } from-zone untrust to-zone trust { policy default-deny { match { source-address any; destination-address any; application any; } then { permit; } } } from-zone LV_Shops to-zone LV_Office { policy From_LV_Shops_to_trust { match { source-address any; destination-address any; application any; } then { permit; } } } from-zone LV_Office to-zone LV_Shops { policy LV_Office_To_SHops { match { source-address any; destination-address any; application any; } then { permit; } } } from-zone LV_Office to-zone untrust { policy From_Office_to_Inet { match { source-address any; destination-address any; application any; } then { permit; } } } from-zone LV_Shops to-zone untrust { policy LV_Shops_To_Untrust { match { source-address any; destination-address any; application any; } then { permit; } } } from-zone LV_10 to-zone untrust { policy LV_10_to_Inet { match { source-address 192.168.10.0/24; destination-address any; application any; } then { permit; } } } from-zone LV_10 to-zone LV_Office { policy From_LV_10_to_LV_LAN { match { source-address any; destination-address any; application any; } then { permit; } } } from-zone LV_Office to-zone LV_10 { policy From_LV_LAN_to_10 { match { source-address any; destination-address any; application any; } then { permit; } } } from-zone LV_Shops to-zone LV_10 { policy Shops_to_10 { match { source-address any; destination-address any; application any; } then { permit; } } } from-zone LV_10 to-zone LV_Shops { policy 10-to_lv_Shops { match { source-address any; destination-address any; application any; } then { permit; } } } from-zone untrust to-zone LV_Office { policy From_inet_To_Office { match { source-address any; destination-address any; application any; } then { permit; } } } default-policy { deny-all; } }}
ext_if="re0"int_if="em0"real_ip=83.241.10.127internal_ip=192.168.0.1internal_network="192.168.0.0/24"slackware="192.168.0.2"abit_server="192.168.0.4"migs_wifi="192.168.0.13"migs_lan="192.168.0.14"set require-order noset skip on loscrub in# NAT/filter rules and anchors for ftp-proxy(8)#nat-anchor "ftp-proxy/*"#rdr-anchor "ftp-proxy/*"#rdr pass on ! egress proto tcp to port ftp -> 127.0.0.1 port 8021#anchor "ftp-proxy/*"#pass out proto tcp from $proxy to any port ftp# NAT/filter rules and anchors for relayd(8)#rdr-anchor "relayd/*"#anchor "relayd/*"##### NAT To internet ! #####nat on $ext_if from $internal_network to any -> $real_ip##### MIGs Desktop PC ( Slackware ) configuration ! #####rdr pass on $ext_if proto tcp from any to any port 2222 -> $slackware port 22rdr pass on $ext_if proto tcp from any to any port 60163:60173 -> $slackware port 60163:60173rdr pass on $ext_if proto udp from any to any port 60163:60173 -> $slackware port 60163:60173##### MIGs Laptop configuration ! #####rdr pass on $ext_if proto tcp from any to any port 3389 -> $migs_wifi port 3389#######rdr pass on $ext_if proto tcp from any to any port 3389 -> 192.168.0.119 port 3389rdr pass on $ext_if proto tcp from any to any port 3555 -> $migs_wifi port 3555rdr pass on $ext_if proto tcp from any to any port 5555 -> $migs_wifi port 5555rdr pass on $ext_if proto tcp from any to any port 5900 -> $migs_wifi port 5900######rdr pass on $ext_if proto tcp from any to any port 3389 -> 192.168.0.119 port 5900#####Abit servera porti ...2401 3050 3690 5999# NAT rules and anchors for spamd(8)#table <spamd-white> persist#table <nospamd> persist file "/etc/mail/nospamd"#no rdr on egress proto tcp from <nospamd> to any port smtp#no rdr on egress proto tcp from <spamd-white> to any port smtp#rdr pass on egress proto tcp from any to any port smtp -> 127.0.0.1 port spamdpass in # to establish keep-state#block in quick from urpf-failed to any # use with care# By default, do not permit remote connections to X11block in on ! lo0 proto tcp from any to any port 6000
K-K un citi, kur atrast kā Nokia 6610i ieslēgt Bluetooth !?Karoče sasists displejs
security { ike { proposal sha1_un_3des { authentication-method pre-shared-keys; dh-group group2; authentication-algorithm sha1; encryption-algorithm 3des-cbc; } policy IKE_Policy_1 { mode aggressive; description IKE_Policy_1; proposals sha1_un_3des; pre-shared-key ascii-text "xxxxx"; } gateway juniper2ee { ike-policy IKE_Policy_1; address xxx.xxx.xxx.xxx; external-interface ge-0/0/15; } } ipsec { proposal IPSec_Propsal_mainigais { protocol esp; authentication-algorithm hmac-sha1-96; encryption-algorithm 3des-cbc; } policy Ipsec_policy { perfect-forward-secrecy { keys group2; } proposals IPSec_Propsal_mainigais; } vpn juniper2ee { ike { gateway juniper2ee; ipsec-policy Ipsec_policy; } establish-tunnels immediately; } }
ike esp from 10.0.0.0/24 to 10.1.1.0/24 peer 1.1.1.1
K-k vari pastāstīt precīzāk WTF tu tur dari ?! :?
Kodeeshu es tikai crawleri / harvesteri.Prieksh interpreteeshanas ir daudz tuulji.Nee nav prieksh darba. Nejaushi radaas vajadziiba, papeetiiju, afigenna iientreseeja.
