RTX810のConfig

日付:

 

NetVolanteDDNS+IPSecVPN

プロバイダ:SB光

PPPoE+IPoE



# RTX810 Rev.11.01.34 (Tue Nov 26 18:39:12 2019)

# MAC Address : , 
# Memory 128Mbytes, 2LAN
# main:  RTX810 ver=00 serial= MAC-Address= MAC-Address=
# Reporting Date: May 26 17:15:24 2022
login password *
administrator password *
login user admin *
ip route default gateway pp 2 filter 500000 gateway pp 2
ipv6 route default gateway dhcp lan2
ipv6 prefix 1 dhcp-prefix@lan2::/64
ip lan1 address 172.16.0.1/16
ip lan1 proxyarp on
ipv6 lan1 address dhcp-prefix@pp2::1/64
ipv6 lan1 address dhcp-prefix@pp2::/48
ipv6 lan1 address dhcp-prefix@lan2::1/64
ipv6 lan1 rtadv send 1 o_flag=on
ipv6 lan1 dhcp service server
ipv6 lan1 mld router
switch control use lan1 on
ip lan2 address 192.168.1.254/24
ipv6 lan2 address dhcp
ipv6 lan2 secure filter in 1010 1011 1012 2000
ipv6 lan2 secure filter out 3000 dynamic 100 101 102 103 104 105 106
ipv6 lan2 dhcp service client
ngn type lan2 ntt
provider type isdn-terminal
provider filter routing connection
provider lan1 name LAN:
provider lan2 name PPPoE/0/1/5/0/0/0:
provider ntpdate ntp.nict.jp
pp select 2
 pp name PRV/1/1/5/0/0/1:
 pp keepalive interval 30 retry-interval=30 count=12
 pppoe use lan2
 pppoe auto disconnect off
 pp auth accept pap chap
 pp auth myname bxxxxxxxxxxx@sbb.ne.jp xccccc
 ppp lcp mru on 1454
 ppp ipcp ipaddress on
 ppp ccp type none
 ip pp secure filter in 201003 201020 201021 201022 201023 201024 201025 201030 201032 201080 201081 201082 201083 201084
 ip pp secure filter out 201013 201020 201021 201022 201023 201024 201025 201026 201027 201099 dynamic 201080 201081 201082 201083 201084 201085 201098 201099
 ip pp nat descriptor 1100
 ipv6 pp rip send off
 ipv6 pp rip receive off
 ipv6 pp secure filter out dynamic 201080 201081 201082 201083 201084 201085 201098 201099
 ipv6 pp dhcp service client
 ipv6 pp mld host
 netvolante-dns hostname host pp server=1 xxxxxxc.aa0.netvolante.jp
 pp enable 2
provider set 2
 provider dns server 2 8.8.8.8 8.8.4.4 2400:2653:54a0:da00:xxxxxxxxxx
 provider ipv6 connect pp 2 on
 provider select 2
pp select anonymous
 pp bind tunnel2
 pp auth request chap-pap
 pp auth username xxxxx xxxxx
 ppp ipcp ipaddress on
 ppp ipcp msext on
 ip pp remote address pool dhcp
 ip pp mtu 1258
 pp enable anonymous
tunnel select 2
 tunnel encapsulation l2tp
 ipsec tunnel 2
  ipsec sa policy 2 2 esp aes-cbc sha-hmac
  ipsec ike keepalive log 2 off
  ipsec ike keepalive use 2 off
  ipsec ike nat-traversal 2 on
  ipsec ike pre-shared-key 2 text somvpn
  ipsec ike remote address 2 any
 l2tp tunnel auth off 
 l2tp tunnel disconnect time 600
 l2tp keepalive use on
 ip tunnel tcp mss limit auto
 tunnel enable 2
ip filter 201000 reject 10.0.0.0/8 * * * *
ip filter 201001 reject 172.16.0.0/12 * * * *
ip filter 201002 reject 192.168.0.0/16 * * * *
ip filter 201003 reject 172.16.0.0/16 * * * *
ip filter 201010 reject * 10.0.0.0/8 * * *
ip filter 201011 reject * 172.16.0.0/12 * * *
ip filter 201012 reject * 192.168.0.0/16 * * *
ip filter 201013 reject * 172.16.0.0/16 * * *
ip filter 201020 reject * * udp,tcp 135 *
ip filter 201021 reject * * udp,tcp * 135
ip filter 201022 reject * * udp,tcp netbios_ns-netbios_ssn *
ip filter 201023 reject * * udp,tcp * netbios_ns-netbios_ssn
ip filter 201024 reject * * udp,tcp 445 *
ip filter 201025 reject * * udp,tcp * 445
ip filter 201026 restrict * * tcpfin * www,21,nntp
ip filter 201027 restrict * * tcprst * www,21,nntp
ip filter 201030 pass * 172.16.0.0/16 icmp * *
ip filter 201031 pass * 172.16.0.0/16 established * *
ip filter 201032 pass * 172.16.0.0/16 tcp * ident
ip filter 201033 pass * 172.16.0.0/16 tcp ftpdata *
ip filter 201034 pass * 172.16.0.0/16 tcp,udp * domain
ip filter 201035 pass * 172.16.0.0/16 udp domain *
ip filter 201036 pass * 172.16.0.0/16 udp * ntp
ip filter 201037 pass * 172.16.0.0/16 udp ntp *
ip filter 201080 pass * 172.16.0.1 udp * 1701
ip filter 201081 pass * 172.16.0.1 udp * 500
ip filter 201082 pass * 172.16.0.1 esp * *
ip filter 201083 pass * 172.16.0.1 udp * 4500
ip filter 201084 pass * 172.16.100.1 tcp * https
ip filter 201098 reject-nolog * * established
ip filter 201099 pass * * * * *
ip filter 500000 restrict * * * * *
ip filter dynamic 201080 * * ftp
ip filter dynamic 201081 * * domain
ip filter dynamic 201082 * * www
ip filter dynamic 201083 * * smtp
ip filter dynamic 201084 * * pop3
ip filter dynamic 201085 * * submission
ip filter dynamic 201098 * * tcp
ip filter dynamic 201099 * * udp
nat descriptor type 1100 masquerade
nat descriptor masquerade static 1100 1 172.16.0.1 udp 1701
nat descriptor masquerade static 1100 2 172.16.0.1 udp 500
nat descriptor masquerade static 1100 3 172.16.0.1 esp
nat descriptor masquerade static 1100 4 172.16.0.1 udp 4500
nat descriptor masquerade static 1100 5 172.16.100.1 tcp https
ipsec auto refresh on
ipsec transport 2 2 udp 1701
ipv6 filter 1010 pass * * icmp6 * *
ipv6 filter 1011 pass * * tcp * ident
ipv6 filter 1012 pass * * udp * 546
ipv6 filter 2000 reject * * * * *
ipv6 filter 3000 pass * * * * *
ipv6 filter dynamic 100 * * ftp
ipv6 filter dynamic 101 * * domain
ipv6 filter dynamic 102 * * www
ipv6 filter dynamic 103 * * smtp
ipv6 filter dynamic 104 * * pop3
ipv6 filter dynamic 105 * * tcp
ipv6 filter dynamic 106 * * udp
ipv6 filter dynamic 201080 * * ftp
ipv6 filter dynamic 201081 * * domain
ipv6 filter dynamic 201082 * * www
ipv6 filter dynamic 201083 * * smtp
ipv6 filter dynamic 201084 * * pop3
ipv6 filter dynamic 201085 * * submission
ipv6 filter dynamic 201098 * * tcp
ipv6 filter dynamic 201099 * * udp
syslog notice on
telnetd host lan
dhcp service server
dhcp server rfc2131 compliant except remain-silent
dhcp scope 1 172.16.0.3-172.16.255.253/16
dns server 8.8.8.8 8.8.4.4 2400:2653:54a0:da00:xxxxxxxxxxxxx
dns server select 500002 8.8.8.8 8.8.4.4 any . restrict pp 2
dns private address spoof on
dns static a madoka.local 172.16.100.1
dns static a router 172.16.0.1
schedule at 1 */* 01:53 * ntpdate ntp.nict.jp
l2tp service on
httpd host any
upnp use on
alarm entire off
#

コメント

コメントを投稿