ルータ設定
をテンプレートにして作成
[
トップ
] [
新規
|
一覧
|
単語検索
|
最終更新
|
ヘルプ
|
ログイン
]
開始行:
[[計算機環境]]
- manager@133.67.38.1 でログイン
- enable
- configure
- write
* 2023.04.07 [#a9729848]
# CentreCOM ARX640S
#
# 2023/04/07 gw 133.67.39.12
# 2023/03/08 logging level
# 2020/04/10 static NAPT
# 2020/04/09 no NAPT to 133.67.38
# 2020/04/07 NAPT
# 2020/04/01 New servers
# 2019/06/29 Renewed
# 2019/07/16 New ssh server
# 2019/07/22 Closed old ports
# ######################################################...
# recovery
# ^C to stop bootup
# erase setup-config
# ######################################################...
:manager/friend
enable
configure terminal
# ######################################################...
service password-encryption
clock timezone JST 9
hostname archgw
# s/@/&/
enable password 8 $1$En4/b1fT$tmkj9BvgA.CusRBtKIhyx1
manager password 8 $1$kNI1IGSU$S3AqKAfCs9ztTOW1BmHzT.
username ktakagi password 8 $1$E1X1xgtO$41cwWJlge428OPFN...
# crypto key generate hostkey rsa 2048
# ######################################################...
ip name-server 192.168.13.3
ip name-server 192.168.13.9
ip domain list arch.info.mie-u.ac.jp
vlan database
vlan 13
interface gigabitEthernet 0
ip address 133.67.39.12/24
no shutdown
ip napt inside 192.168.13.0/24
ip napt forward tcp 22 192.168.13.7
ip napt forward udp 53 192.168.13.3
ip napt forward tcp 53 192.168.13.3
ip napt forward tcp 80 192.168.13.3
ip napt forward tcp 443 192.168.13.3
ip napt forward tcp 993 192.168.13.3
ip napt forward tcp 995 192.168.13.3
ip napt forward tcp 25 192.168.13.3
ip napt forward tcp 587 192.168.13.3
ip napt forward tcp 9418 192.168.13.3
ip traffic-filter server_only in
ip traffic-filter default_allow out
ip ids in protect
interface gigabitEthernet 1
shutdown
interface gigabitEthernet 2
no shutdown
interface gigabitEthernet 3
switchport access vlan 13
no shutdown
interface gigabitEthernet 4
shutdown
interface gigabitEthernet 5
shutdown
interface loop 0
shutdown
interface loop 1
shutdown
interface vlan 1
ip address 133.67.38.1/24
no shutdown
interface vlan 13
ip address 192.168.13.1/24
no shutdown
ip route default 133.67.39.254
no access-list ip extended default_allow
access-list ip extended default_allow
dynamic permit ip any any
no access-list ip extended server_only
access-list ip extended server_only
# ########## VDEC tools
# Cadence
dynamic permit tcp any any range 5280 5283
# Synopsys
dynamic permit tcp any any range 1700 1701
# Mentor Graphics
dynamic permit tcp any any range 1717 1718
# Agilent
dynamic permit tcp any any range 1750 1751
# ########## ssh @ ikra
# SSH
dynamic permit tcp any host 192.168.13.7 eq 22
# ########## dns/mail/http/git @ kraken
# DOMAIN
dynamic permit tcp any host 192.168.13.3 eq 53
dynamic permit udp any host 192.168.13.3 eq 53
# SMTP
dynamic permit tcp any host 192.168.13.3 eq 25
# SUBMISSION
dynamic permit tcp any host 192.168.13.3 eq 587
# IMAPS
dynamic permit tcp any host 192.168.13.3 eq 993
# POP3S
dynamic permit tcp any host 192.168.13.3 eq 995
# HTTP/HTTPS
dynamic permit tcp any host 192.168.13.3 eq 80
dynamic permit tcp any host 192.168.13.3 eq 443
# GIT
dynamic permit tcp any host 192.168.13.3 eq 9418
# ########## Otherwise deny
#dynamic deny ip any any
access-list ip cache timer tcp-timeout 518400
# ######################################################...
ntp server 133.67.1.4
ntp client enable
logging module all information
logging module tcp debug
logging module flt warning
logging module nat warning
logging module ntp warning
logging facility local5
logging host 192.168.13.3 debug
logging console none
no dhcp-server ip enable
no http-server username manager
no http-server ip enable
no telnet-server ip enable
ssh-server ip enable
# ######################################################...
copy running-config startup-config
copy running-config flash 20230407.cfg
#backup zip archgw-20230407
* 2023.03.08 [#kc69f276]
# CentreCOM ARX640S
#
# 2023/03/08 logging level
# 2020/04/10 static NAPT
# 2020/04/09 no NAPT to 133.67.38
# 2020/04/07 NAPT
# 2020/04/01 New servers
# 2019/06/29 Renewed
# 2019/07/16 New ssh server
# 2019/07/22 Closed old ports
# ######################################################...
# recovery
# ^C to stop bootup
# erase setup-config
# ######################################################...
:manager/friend
enable
configure terminal
# ######################################################...
service password-encryption
clock timezone JST 9
hostname archgw
# s/@/&/
enable password 8 $1$En4/b1fT$tmkj9BvgA.CusRBtKIhyx1
manager password 8 $1$kNI1IGSU$S3AqKAfCs9ztTOW1BmHzT.
username ktakagi password 8 $1$E1X1xgtO$41cwWJlge428OPFN...
# crypto key generate hostkey rsa 2048
# ######################################################...
ip name-server 192.168.13.3
ip name-server 192.168.13.9
ip domain list arch.info.mie-u.ac.jp
vlan database
vlan 13
interface gigabitEthernet 0
ip address 133.67.36.12/24
no shutdown
ip napt inside 192.168.13.0/24
ip napt forward tcp 22 192.168.13.7
ip napt forward udp 53 192.168.13.3
ip napt forward tcp 53 192.168.13.3
ip napt forward tcp 80 192.168.13.3
ip napt forward tcp 443 192.168.13.3
ip napt forward tcp 993 192.168.13.3
ip napt forward tcp 995 192.168.13.3
ip napt forward tcp 25 192.168.13.3
ip napt forward tcp 587 192.168.13.3
ip napt forward tcp 9418 192.168.13.3
ip traffic-filter server_only in
ip traffic-filter default_allow out
ip ids in protect
interface gigabitEthernet 1
shutdown
interface gigabitEthernet 2
no shutdown
interface gigabitEthernet 3
switchport access vlan 13
no shutdown
interface gigabitEthernet 4
shutdown
interface gigabitEthernet 5
shutdown
interface loop 0
shutdown
interface loop 1
shutdown
interface vlan 1
ip address 133.67.38.1/24
no shutdown
interface vlan 13
ip address 192.168.13.1/24
no shutdown
ip route default 133.67.36.254
no access-list ip extended default_allow
access-list ip extended default_allow
dynamic permit ip any any
no access-list ip extended server_only
access-list ip extended server_only
# ########## VDEC tools
# Cadence
dynamic permit tcp any any range 5280 5283
# Synopsys
dynamic permit tcp any any range 1700 1701
# Mentor Graphics
dynamic permit tcp any any range 1717 1718
# Agilent
dynamic permit tcp any any range 1750 1751
# ########## ssh @ ikra
# SSH
dynamic permit tcp any host 192.168.13.7 eq 22
# ########## dns/mail/http/git @ kraken
# DOMAIN
dynamic permit tcp any host 192.168.13.3 eq 53
dynamic permit udp any host 192.168.13.3 eq 53
# SMTP
dynamic permit tcp any host 192.168.13.3 eq 25
# SUBMISSION
dynamic permit tcp any host 192.168.13.3 eq 587
# IMAPS
dynamic permit tcp any host 192.168.13.3 eq 993
# POP3S
dynamic permit tcp any host 192.168.13.3 eq 995
# HTTP/HTTPS
dynamic permit tcp any host 192.168.13.3 eq 80
dynamic permit tcp any host 192.168.13.3 eq 443
# GIT
dynamic permit tcp any host 192.168.13.3 eq 9418
# ########## Otherwise deny
#dynamic deny ip any any
access-list ip cache timer tcp-timeout 518400
# ######################################################...
ntp server 133.67.1.4
ntp client enable
logging module all information
logging module tcp debug
logging module flt warning
logging module nat warning
logging module ntp warning
logging facility local5
logging host 192.168.13.3 debug
logging host 192.168.13.9 debug
no dhcp-server ip enable
no http-server username manager
no http-server ip enable
no telnet-server ip enable
ssh-server ip enable
# ######################################################...
copy running-config startup-config
copy running-config flash 20230308.cfg
backup zip archgw-20230308
* 2020.07.16 [#p9b4ce28]
# CentreCOM ARX640S
#
# 2020/04/10 static NAPT
# 2020/04/09 no NAPT to 133.67.38
# 2020/04/07 NAPT
# 2020/04/01 New servers
# 2019/06/29 Renewed
# 2019/07/16 New ssh server
# ######################################################...
# recovery
# ^C to stop bootup
# erase setup-config
# ######################################################...
:manager/friend
enable
configure terminal
# ######################################################...
service password-encryption
clock timezone JST 9
hostname archgw
# s/@/&/
enable password 8 $1$En4/b1fT$tmkj9BvgA.CusRBtKIhyx1
manager password 8 $1$kNI1IGSU$S3AqKAfCs9ztTOW1BmHzT.
username ktakagi password 8 $1$E1X1xgtO$41cwWJlge428OPFN...
# crypto key generate hostkey rsa 2048
# ######################################################...
ip name-server 192.168.13.3
ip name-server 192.168.13.9
ip domain list arch.info.mie-u.ac.jp
vlan database
vlan 13
interface gigabitEthernet 0
ip address 133.67.36.12/24
no shutdown
ip napt inside 192.168.13.0/24
ip napt forward tcp 22 192.168.13.7
ip napt forward udp 53 192.168.13.3
ip napt forward tcp 53 192.168.13.3
ip napt forward tcp 80 192.168.13.3
ip napt forward tcp 443 192.168.13.3
ip napt forward tcp 993 192.168.13.3
ip napt forward tcp 995 192.168.13.3
ip napt forward tcp 25 192.168.13.3
ip napt forward tcp 587 192.168.13.3
ip napt forward tcp 9418 192.168.13.3
ip traffic-filter server_only in
ip traffic-filter default_allow out
ip ids in protect
interface gigabitEthernet 1
shutdown
interface gigabitEthernet 2
no shutdown
interface gigabitEthernet 3
switchport access vlan 13
no shutdown
interface gigabitEthernet 4
shutdown
interface gigabitEthernet 5
shutdown
interface loop 0
shutdown
interface loop 1
shutdown
interface vlan 1
ip address 133.67.38.1/24
no shutdown
interface vlan 13
ip address 192.168.13.1/24
no shutdown
ip route default 133.67.36.254
no access-list ip extended default_allow
access-list ip extended default_allow
dynamic permit ip any any
no access-list ip extended server_only
access-list ip extended server_only
# ########## VDEC tools
# Cadence
dynamic permit tcp any any range 5280 5283
# Synopsys
dynamic permit tcp any any range 1700 1701
# Mentor Graphics
dynamic permit tcp any any range 1717 1718
# Agilent
dynamic permit tcp any any range 1750 1751
# ########## ssh @ ikra
# SSH
dynamic permit tcp any host 192.168.13.7 eq 22
# ########## dns/mail/http/git @ kraken
# DOMAIN
dynamic permit tcp any host 192.168.13.3 eq 53
dynamic permit udp any host 192.168.13.3 eq 53
# SMTP
dynamic permit tcp any host 192.168.13.3 eq 25
# SUBMISSION
dynamic permit tcp any host 192.168.13.3 eq 587
# IMAPS
dynamic permit tcp any host 192.168.13.3 eq 993
# POP3S
dynamic permit tcp any host 192.168.13.3 eq 995
# HTTP/HTTPS
dynamic permit tcp any host 192.168.13.3 eq 80
dynamic permit tcp any host 192.168.13.3 eq 443
# GIT
dynamic permit tcp any host 192.168.13.3 eq 9418
# ########## ssh/dns @ leviathan-38 __to_be_closed_soon__
# SSH
dynamic permit tcp any host 133.67.38.32 eq 22
# DOMAIN
dynamic permit tcp any host 133.67.38.32 eq 53
dynamic permit udp any host 133.67.38.32 eq 53
# ########## dns/mail/http @ kraken-38 __to_be_closed_so...
# DOMAIN
dynamic permit udp any host 133.67.38.103 eq 53
dynamic permit tcp any host 133.67.38.103 eq 53
# SMTP
dynamic permit tcp any host 133.67.38.103 eq 25
# SUBMISSION
dynamic permit tcp any host 133.67.38.103 eq 587
# IMAPS
dynamic permit tcp any host 133.67.38.103 eq 993
# POP3S
dynamic permit tcp any host 133.67.38.103 eq 995
# HTTP/HTTPS
dynamic permit tcp any host 133.67.38.103 eq 80
dynamic permit tcp any host 133.67.38.103 eq 443
# ########## Otherwise deny
#dynamic deny ip any any
access-list ip cache timer tcp-timeout 518400
# ######################################################...
ntp server 133.67.1.4
ntp client enable
logging module all information
logging module flt warning
logging module ntp warning
logging facility local5
logging host 192.168.13.3 debug
logging host 192.168.13.9 debug
no dhcp-server ip enable
no http-server username manager
no http-server ip enable
no telnet-server ip enable
ssh-server ip enable
# ######################################################...
copy running-config startup-config
copy running-config flash 20200716.cfg
backup zip archgw-20200716
* 2020.04.10 [#n58b01bf]
# CentreCOM ARX640S
#
# 2020/04/10 static NAPT
# 2020/04/09 no NAPT to 133.67.38
# 2020/04/07 NAPT
# 2020/04/01 New servers
# 2019/06/29 Renewed
# ######################################################...
# recovery
# ^C to stop bootup
# erase setup-config
# ######################################################...
:manager/friend
enable
configure terminal
# ######################################################...
service password-encryption
clock timezone JST 9
hostname archgw
# s/@/&/
enable password 8 $1$En4/b1fT$tmkj9BvgA.CusRBtKIhyx1
manager password 8 $1$kNI1IGSU$S3AqKAfCs9ztTOW1BmHzT.
username ktakagi password 8 $1$E1X1xgtO$41cwWJlge428OPFN...
# crypto key generate hostkey rsa 2048
# ######################################################...
ip name-server 192.168.13.3
ip name-server 192.168.13.9
ip domain list arch.info.mie-u.ac.jp
vlan database
vlan 13
interface gigabitEthernet 0
ip address 133.67.36.12/24
no shutdown
ip napt inside 192.168.13.0/24
ip napt forward tcp 22 192.168.13.9
ip napt forward udp 53 192.168.13.3
ip napt forward tcp 53 192.168.13.3
ip napt forward tcp 80 192.168.13.3
ip napt forward tcp 443 192.168.13.3
ip napt forward tcp 993 192.168.13.3
ip napt forward tcp 995 192.168.13.3
ip napt forward tcp 25 192.168.13.3
ip napt forward tcp 587 192.168.13.3
ip napt forward tcp 9418 192.168.13.3
ip traffic-filter server_only in
ip traffic-filter default_allow out
ip ids in protect
interface gigabitEthernet 1
shutdown
interface gigabitEthernet 2
no shutdown
interface gigabitEthernet 3
switchport access vlan 13
no shutdown
interface gigabitEthernet 4
shutdown
interface gigabitEthernet 5
shutdown
interface loop 0
shutdown
interface loop 1
shutdown
interface vlan 1
ip address 133.67.38.1/24
no shutdown
interface vlan 13
ip address 192.168.13.1/24
no shutdown
ip route default 133.67.36.254
no access-list ip extended default_allow
access-list ip extended default_allow
dynamic permit ip any any
no access-list ip extended server_only
access-list ip extended server_only
# ########## VDEC tools
# Cadence
dynamic permit tcp any any range 5280 5283
# Synopsys
dynamic permit tcp any any range 1700 1701
# Mentor Graphics
dynamic permit tcp any any range 1717 1718
# Agilent
dynamic permit tcp any any range 1750 1751
# ########## ssh @ leviathan
# SSH
dynamic permit tcp any host 192.168.13.9 eq 22
# ########## dns/mail/http/git @ kraken
# DOMAIN
dynamic permit tcp any host 192.168.13.3 eq 53
dynamic permit udp any host 192.168.13.3 eq 53
# SMTP
dynamic permit tcp any host 192.168.13.3 eq 25
# SUBMISSION
dynamic permit tcp any host 192.168.13.3 eq 587
# IMAPS
dynamic permit tcp any host 192.168.13.3 eq 993
# POP3S
dynamic permit tcp any host 192.168.13.3 eq 995
# HTTP/HTTPS
dynamic permit tcp any host 192.168.13.3 eq 80
dynamic permit tcp any host 192.168.13.3 eq 443
# GIT
dynamic permit tcp any host 192.168.13.3 eq 9418
# ########## ssh/dns @ leviathan-38 __to_be_closed_soon__
# SSH
dynamic permit tcp any host 133.67.38.32 eq 22
# DOMAIN
dynamic permit tcp any host 133.67.38.32 eq 53
dynamic permit udp any host 133.67.38.32 eq 53
# ########## dns/mail/http @ kraken-38 __to_be_closed_so...
# DOMAIN
dynamic permit udp any host 133.67.38.103 eq 53
dynamic permit tcp any host 133.67.38.103 eq 53
# SMTP
dynamic permit tcp any host 133.67.38.103 eq 25
# SUBMISSION
dynamic permit tcp any host 133.67.38.103 eq 587
# IMAPS
dynamic permit tcp any host 133.67.38.103 eq 993
# POP3S
dynamic permit tcp any host 133.67.38.103 eq 995
# HTTP/HTTPS
dynamic permit tcp any host 133.67.38.103 eq 80
dynamic permit tcp any host 133.67.38.103 eq 443
# ########## Otherwise deny
#dynamic deny ip any any
access-list ip cache timer tcp-timeout 518400
# ######################################################...
ntp server 133.67.1.4
ntp client enable
logging module all information
logging module flt warning
logging module ntp warning
logging facility local5
logging host 192.168.13.3 debug
logging host 192.168.13.9 debug
no dhcp-server ip enable
no http-server username manager
no http-server ip enable
no telnet-server ip enable
ssh-server ip enable
# ######################################################...
copy running-config startup-config
copy running-config flash 190704.cfg
backup zip
* 2020.04.07 [#gad5971b]
# CentreCOM ARX640S
#
# 2020/04/07 NAPT
# 2020/04/01 New servers
# 2019/06/29 Renewed
# ######################################################...
# recovery
# ^C to stop bootup
# erase setup-config
# ######################################################...
:manager/friend
enable
configure terminal
# ######################################################...
service password-encryption
clock timezone JST 9
hostname archgw
# s/@/&/
enable password 8 $1$En4/b1fT$tmkj9BvgA.CusRBtKIhyx1
manager password 8 $1$kNI1IGSU$S3AqKAfCs9ztTOW1BmHzT.
username ktakagi password 8 $1$E1X1xgtO$41cwWJlge428OPFN...
# crypto key generate hostkey rsa 2048
# ######################################################...
ip name-server 133.67.38.103
ip name-server 133.67.38.32
ip domain list arch.info.mie-u.ac.jp
vlan database
vlan 13
interface gigabitEthernet 0
ip address 133.67.36.12/24
no shutdown
ip napt inside 192.168.13.0/24
ip traffic-filter server_only in
ip traffic-filter default_allow out
ip ids in protect
interface gigabitEthernet 1
shutdown
interface gigabitEthernet 2
no shutdown
interface gigabitEthernet 3
switchport access vlan 13
no shutdown
interface gigabitEthernet 4
shutdown
interface gigabitEthernet 5
shutdown
interface loop 0
shutdown
interface loop 1
shutdown
interface vlan 1
ip address 133.67.38.1/24
no shutdown
ip napt inside 192.168.13.0/24
interface vlan 13
ip address 192.168.13.1/24
no shutdown
ip route default 133.67.36.254
no access-list ip extended default_allow
access-list ip extended default_allow
dynamic permit ip any any
no access-list ip extended server_only
access-list ip extended server_only
# ########## ssh/dns @ leviathan
# SSH
dynamic permit tcp any host 133.67.38.32 eq 22
# DOMAIN
dynamic permit tcp any host 133.67.38.32 eq 53
dynamic permit udp any host 133.67.38.32 eq 53
# ########## dns/mail/http @ kraken
# DOMAIN
dynamic permit udp any host 133.67.38.103 eq 53
dynamic permit tcp any host 133.67.38.103 eq 53
# SMTP
dynamic permit tcp any host 133.67.38.103 eq 25
# SUBMISSION
dynamic permit tcp any host 133.67.38.103 eq 587
# IMAPS
dynamic permit tcp any host 133.67.38.103 eq 993
# POP3S
dynamic permit tcp any host 133.67.38.103 eq 995
# HTTP/HTTPS
dynamic permit tcp any host 133.67.38.103 eq 80
dynamic permit tcp any host 133.67.38.103 eq 443
# ########## VDEC tools
# Cadence
dynamic permit tcp any any range 5280 5283
# Synopsys
dynamic permit tcp any any range 1700 1701
# Mentor Graphics
dynamic permit tcp any any range 1717 1718
# Agilent
dynamic permit tcp any any range 1750 1751
# ########## Otherwise deny
#dynamic deny ip any any
access-list ip cache timer tcp-timeout 518400
# ######################################################...
ntp server 133.67.1.4
ntp client enable
logging module all information
logging module flt warning
logging module ntp warning
logging facility local5
logging host 133.67.38.32 debug
logging host 133.67.38.103 debug
no dhcp-server ip enable
no http-server username manager
no http-server ip enable
no telnet-server ip enable
ssh-server ip enable
# ######################################################...
copy running-config startup-config
copy running-config flash 190704.cfg
backup zip
* 2020.04.01 [#f272d114]
# CentreCOM ARX640S
#
# 2020/04/01 New servers
# 2019/06/29 Renewed
# ######################################################...
# recovery
# ^C to stop bootup
# erase setup-config
# ######################################################...
:manager/friend
enable
configure terminal
# ######################################################...
service password-encryption
clock timezone JST 9
hostname archgw
# s/@/&/
enable password 8 $1$En4/b1fT$tmkj9BvgA.CusRBtKIhyx1
manager password 8 $1$kNI1IGSU$S3AqKAfCs9ztTOW1BmHzT.
username ktakagi password 8 $1$E1X1xgtO$41cwWJlge428OPFN...
# crypto key generate hostkey rsa 2048
# ######################################################...
ip name-server 133.67.38.103
ip name-server 133.67.38.32
ip domain list arch.info.mie-u.ac.jp
interface gigabitEthernet 0
ip address 133.67.36.12/24
no shutdown
ip traffic-filter server_only in
ip traffic-filter default_allow out
ip ids in protect
interface gigabitEthernet 1
shutdown
interface gigabitEthernet 2
no shutdown
interface gigabitEthernet 3
no shutdown
interface gigabitEthernet 4
shutdown
interface gigabitEthernet 5
shutdown
interface loop 0
shutdown
interface loop 1
shutdown
interface vlan 1
ip address 133.67.38.1/24
no shutdown
ip route default 133.67.36.254
no access-list ip extended default_allow
access-list ip extended default_allow
dynamic permit ip any any
no access-list ip extended server_only
access-list ip extended server_only
# ########## ssh/dns @ leviathan
# SSH
dynamic permit tcp any host 133.67.38.32 eq 22
# DOMAIN
dynamic permit tcp any host 133.67.38.32 eq 53
dynamic permit udp any host 133.67.38.32 eq 53
# ########## dns/mail/http @ kraken
# DOMAIN
dynamic permit udp any host 133.67.38.103 eq 53
dynamic permit tcp any host 133.67.38.103 eq 53
# SMTP
dynamic permit tcp any host 133.67.38.103 eq 25
# SUBMISSION
dynamic permit tcp any host 133.67.38.103 eq 587
# IMAPS
dynamic permit tcp any host 133.67.38.103 eq 993
# POP3S
dynamic permit tcp any host 133.67.38.103 eq 995
# HTTP/HTTPS
dynamic permit tcp any host 133.67.38.103 eq 80
dynamic permit tcp any host 133.67.38.103 eq 443
# ########## VDEC tools
# Cadence
dynamic permit tcp any any range 5280 5283
# Synopsys
dynamic permit tcp any any range 1700 1701
# Mentor Graphics
dynamic permit tcp any any range 1717 1718
# Agilent
dynamic permit tcp any any range 1750 1751
# ########## Otherwise deny
#dynamic deny ip any any
access-list ip cache timer tcp-timeout 518400
# ######################################################...
ntp server 133.67.1.4
ntp client enable
logging module all information
logging module flt warning
logging module ntp warning
logging facility local5
logging host 133.67.38.32 debug
logging host 133.67.38.103 debug
no dhcp-server ip enable
no http-server username manager
no http-server ip enable
no telnet-server ip enable
ssh-server ip enable
# ######################################################...
copy running-config startup-config
copy running-config flash 190704.cfg
backup zip
* 2019.06.29 [#cf52d843]
# CentreCOM ARX640S
#
# 2019/06/29 Renewed
# ######################################################...
ip name-server 133.67.38.32
ip name-server 133.67.38.37
ip domain list arch.info.mie-u.ac.jp
interface gigabitEthernet 0
ip address 133.67.36.12/24
no shutdown
ip traffic-filter server_only in
ip traffic-filter default_allow out
ip ids in protect
interface gigabitEthernet 1
shutdown
interface gigabitEthernet 2
no shutdown
interface gigabitEthernet 3
no shutdown
interface gigabitEthernet 4
shutdown
interface gigabitEthernet 5
shutdown
interface loop 0
shutdown
interface loop 1
shutdown
interface vlan 1
ip address 133.67.38.1/24
no shutdown
ip route default 133.67.36.254
no access-list ip extended default_allow
access-list ip extended default_allow
dynamic permit ip any any
no access-list ip extended server_only
access-list ip extended server_only
# ########## ssh/dns @ leviathan
# SSH
dynamic permit tcp any host 133.67.38.32 eq 22
# DOMAIN
dynamic permit tcp any host 133.67.38.32 eq 53
dynamic permit udp any host 133.67.38.32 eq 53
# ########## dns @ mussel
# DOMAIN
dynamic permit udp any host 133.67.38.37 eq 53
dynamic permit tcp any host 133.67.38.37 eq 53
# ########## imap/pop @ abalone
# SMTP
dynamic permit tcp any host 133.67.38.36 eq 25
# HTTP
dynamic permit tcp any host 133.67.38.36 eq 80
# IMAPS
dynamic permit tcp any host 133.67.38.36 eq 993
# SUBMISSION
dynamic permit tcp any host 133.67.38.36 eq 587
# POP3S
dynamic permit tcp any host 133.67.38.36 eq 995
# ########## www @ narwal
# HTTP/HTTPS
dynamic permit tcp any host 133.67.38.39 eq 80
dynamic permit tcp any host 133.67.38.39 eq 443
# ########## gitlab
# HTTP/HTTPS
dynamic permit tcp any host 133.67.38.107 eq 80
dynamic permit tcp any host 133.67.38.107 eq 443
# ########## aipo8
# HTTP/HTTPS
dynamic permit tcp any host 133.67.38.177 eq 80
dynamic permit tcp any host 133.67.38.177 eq 443
# ########## rdp @ penguin ?
dynamic permit tcp any host 133.67.38.99 eq 3389
# ########## VDEC tools
# Cadence
dynamic permit tcp any any range 5280 5283
# Synopsys
dynamic permit tcp any any range 1700 1701
# Mentor Graphics
dynamic permit tcp any any range 1717 1718
# Agilent
dynamic permit tcp any any range 1750 1751
# ########## Otherwise deny
#dynamic deny ip any any
access-list ip cache timer tcp-timeout 518400
# ######################################################...
ntp server 133.67.1.4
ntp client enable
logging module all information
logging module flt warning
logging module ntp warning
logging facility local5
logging host 133.67.38.32 debug
logging host 133.67.38.38 debug
no dhcp-server ip enable
no http-server username manager
no http-server ip enable
no telnet-server ip enable
ssh-server ip enable
終了行:
[[計算機環境]]
- manager@133.67.38.1 でログイン
- enable
- configure
- write
* 2023.04.07 [#a9729848]
# CentreCOM ARX640S
#
# 2023/04/07 gw 133.67.39.12
# 2023/03/08 logging level
# 2020/04/10 static NAPT
# 2020/04/09 no NAPT to 133.67.38
# 2020/04/07 NAPT
# 2020/04/01 New servers
# 2019/06/29 Renewed
# 2019/07/16 New ssh server
# 2019/07/22 Closed old ports
# ######################################################...
# recovery
# ^C to stop bootup
# erase setup-config
# ######################################################...
:manager/friend
enable
configure terminal
# ######################################################...
service password-encryption
clock timezone JST 9
hostname archgw
# s/@/&/
enable password 8 $1$En4/b1fT$tmkj9BvgA.CusRBtKIhyx1
manager password 8 $1$kNI1IGSU$S3AqKAfCs9ztTOW1BmHzT.
username ktakagi password 8 $1$E1X1xgtO$41cwWJlge428OPFN...
# crypto key generate hostkey rsa 2048
# ######################################################...
ip name-server 192.168.13.3
ip name-server 192.168.13.9
ip domain list arch.info.mie-u.ac.jp
vlan database
vlan 13
interface gigabitEthernet 0
ip address 133.67.39.12/24
no shutdown
ip napt inside 192.168.13.0/24
ip napt forward tcp 22 192.168.13.7
ip napt forward udp 53 192.168.13.3
ip napt forward tcp 53 192.168.13.3
ip napt forward tcp 80 192.168.13.3
ip napt forward tcp 443 192.168.13.3
ip napt forward tcp 993 192.168.13.3
ip napt forward tcp 995 192.168.13.3
ip napt forward tcp 25 192.168.13.3
ip napt forward tcp 587 192.168.13.3
ip napt forward tcp 9418 192.168.13.3
ip traffic-filter server_only in
ip traffic-filter default_allow out
ip ids in protect
interface gigabitEthernet 1
shutdown
interface gigabitEthernet 2
no shutdown
interface gigabitEthernet 3
switchport access vlan 13
no shutdown
interface gigabitEthernet 4
shutdown
interface gigabitEthernet 5
shutdown
interface loop 0
shutdown
interface loop 1
shutdown
interface vlan 1
ip address 133.67.38.1/24
no shutdown
interface vlan 13
ip address 192.168.13.1/24
no shutdown
ip route default 133.67.39.254
no access-list ip extended default_allow
access-list ip extended default_allow
dynamic permit ip any any
no access-list ip extended server_only
access-list ip extended server_only
# ########## VDEC tools
# Cadence
dynamic permit tcp any any range 5280 5283
# Synopsys
dynamic permit tcp any any range 1700 1701
# Mentor Graphics
dynamic permit tcp any any range 1717 1718
# Agilent
dynamic permit tcp any any range 1750 1751
# ########## ssh @ ikra
# SSH
dynamic permit tcp any host 192.168.13.7 eq 22
# ########## dns/mail/http/git @ kraken
# DOMAIN
dynamic permit tcp any host 192.168.13.3 eq 53
dynamic permit udp any host 192.168.13.3 eq 53
# SMTP
dynamic permit tcp any host 192.168.13.3 eq 25
# SUBMISSION
dynamic permit tcp any host 192.168.13.3 eq 587
# IMAPS
dynamic permit tcp any host 192.168.13.3 eq 993
# POP3S
dynamic permit tcp any host 192.168.13.3 eq 995
# HTTP/HTTPS
dynamic permit tcp any host 192.168.13.3 eq 80
dynamic permit tcp any host 192.168.13.3 eq 443
# GIT
dynamic permit tcp any host 192.168.13.3 eq 9418
# ########## Otherwise deny
#dynamic deny ip any any
access-list ip cache timer tcp-timeout 518400
# ######################################################...
ntp server 133.67.1.4
ntp client enable
logging module all information
logging module tcp debug
logging module flt warning
logging module nat warning
logging module ntp warning
logging facility local5
logging host 192.168.13.3 debug
logging console none
no dhcp-server ip enable
no http-server username manager
no http-server ip enable
no telnet-server ip enable
ssh-server ip enable
# ######################################################...
copy running-config startup-config
copy running-config flash 20230407.cfg
#backup zip archgw-20230407
* 2023.03.08 [#kc69f276]
# CentreCOM ARX640S
#
# 2023/03/08 logging level
# 2020/04/10 static NAPT
# 2020/04/09 no NAPT to 133.67.38
# 2020/04/07 NAPT
# 2020/04/01 New servers
# 2019/06/29 Renewed
# 2019/07/16 New ssh server
# 2019/07/22 Closed old ports
# ######################################################...
# recovery
# ^C to stop bootup
# erase setup-config
# ######################################################...
:manager/friend
enable
configure terminal
# ######################################################...
service password-encryption
clock timezone JST 9
hostname archgw
# s/@/&/
enable password 8 $1$En4/b1fT$tmkj9BvgA.CusRBtKIhyx1
manager password 8 $1$kNI1IGSU$S3AqKAfCs9ztTOW1BmHzT.
username ktakagi password 8 $1$E1X1xgtO$41cwWJlge428OPFN...
# crypto key generate hostkey rsa 2048
# ######################################################...
ip name-server 192.168.13.3
ip name-server 192.168.13.9
ip domain list arch.info.mie-u.ac.jp
vlan database
vlan 13
interface gigabitEthernet 0
ip address 133.67.36.12/24
no shutdown
ip napt inside 192.168.13.0/24
ip napt forward tcp 22 192.168.13.7
ip napt forward udp 53 192.168.13.3
ip napt forward tcp 53 192.168.13.3
ip napt forward tcp 80 192.168.13.3
ip napt forward tcp 443 192.168.13.3
ip napt forward tcp 993 192.168.13.3
ip napt forward tcp 995 192.168.13.3
ip napt forward tcp 25 192.168.13.3
ip napt forward tcp 587 192.168.13.3
ip napt forward tcp 9418 192.168.13.3
ip traffic-filter server_only in
ip traffic-filter default_allow out
ip ids in protect
interface gigabitEthernet 1
shutdown
interface gigabitEthernet 2
no shutdown
interface gigabitEthernet 3
switchport access vlan 13
no shutdown
interface gigabitEthernet 4
shutdown
interface gigabitEthernet 5
shutdown
interface loop 0
shutdown
interface loop 1
shutdown
interface vlan 1
ip address 133.67.38.1/24
no shutdown
interface vlan 13
ip address 192.168.13.1/24
no shutdown
ip route default 133.67.36.254
no access-list ip extended default_allow
access-list ip extended default_allow
dynamic permit ip any any
no access-list ip extended server_only
access-list ip extended server_only
# ########## VDEC tools
# Cadence
dynamic permit tcp any any range 5280 5283
# Synopsys
dynamic permit tcp any any range 1700 1701
# Mentor Graphics
dynamic permit tcp any any range 1717 1718
# Agilent
dynamic permit tcp any any range 1750 1751
# ########## ssh @ ikra
# SSH
dynamic permit tcp any host 192.168.13.7 eq 22
# ########## dns/mail/http/git @ kraken
# DOMAIN
dynamic permit tcp any host 192.168.13.3 eq 53
dynamic permit udp any host 192.168.13.3 eq 53
# SMTP
dynamic permit tcp any host 192.168.13.3 eq 25
# SUBMISSION
dynamic permit tcp any host 192.168.13.3 eq 587
# IMAPS
dynamic permit tcp any host 192.168.13.3 eq 993
# POP3S
dynamic permit tcp any host 192.168.13.3 eq 995
# HTTP/HTTPS
dynamic permit tcp any host 192.168.13.3 eq 80
dynamic permit tcp any host 192.168.13.3 eq 443
# GIT
dynamic permit tcp any host 192.168.13.3 eq 9418
# ########## Otherwise deny
#dynamic deny ip any any
access-list ip cache timer tcp-timeout 518400
# ######################################################...
ntp server 133.67.1.4
ntp client enable
logging module all information
logging module tcp debug
logging module flt warning
logging module nat warning
logging module ntp warning
logging facility local5
logging host 192.168.13.3 debug
logging host 192.168.13.9 debug
no dhcp-server ip enable
no http-server username manager
no http-server ip enable
no telnet-server ip enable
ssh-server ip enable
# ######################################################...
copy running-config startup-config
copy running-config flash 20230308.cfg
backup zip archgw-20230308
* 2020.07.16 [#p9b4ce28]
# CentreCOM ARX640S
#
# 2020/04/10 static NAPT
# 2020/04/09 no NAPT to 133.67.38
# 2020/04/07 NAPT
# 2020/04/01 New servers
# 2019/06/29 Renewed
# 2019/07/16 New ssh server
# ######################################################...
# recovery
# ^C to stop bootup
# erase setup-config
# ######################################################...
:manager/friend
enable
configure terminal
# ######################################################...
service password-encryption
clock timezone JST 9
hostname archgw
# s/@/&/
enable password 8 $1$En4/b1fT$tmkj9BvgA.CusRBtKIhyx1
manager password 8 $1$kNI1IGSU$S3AqKAfCs9ztTOW1BmHzT.
username ktakagi password 8 $1$E1X1xgtO$41cwWJlge428OPFN...
# crypto key generate hostkey rsa 2048
# ######################################################...
ip name-server 192.168.13.3
ip name-server 192.168.13.9
ip domain list arch.info.mie-u.ac.jp
vlan database
vlan 13
interface gigabitEthernet 0
ip address 133.67.36.12/24
no shutdown
ip napt inside 192.168.13.0/24
ip napt forward tcp 22 192.168.13.7
ip napt forward udp 53 192.168.13.3
ip napt forward tcp 53 192.168.13.3
ip napt forward tcp 80 192.168.13.3
ip napt forward tcp 443 192.168.13.3
ip napt forward tcp 993 192.168.13.3
ip napt forward tcp 995 192.168.13.3
ip napt forward tcp 25 192.168.13.3
ip napt forward tcp 587 192.168.13.3
ip napt forward tcp 9418 192.168.13.3
ip traffic-filter server_only in
ip traffic-filter default_allow out
ip ids in protect
interface gigabitEthernet 1
shutdown
interface gigabitEthernet 2
no shutdown
interface gigabitEthernet 3
switchport access vlan 13
no shutdown
interface gigabitEthernet 4
shutdown
interface gigabitEthernet 5
shutdown
interface loop 0
shutdown
interface loop 1
shutdown
interface vlan 1
ip address 133.67.38.1/24
no shutdown
interface vlan 13
ip address 192.168.13.1/24
no shutdown
ip route default 133.67.36.254
no access-list ip extended default_allow
access-list ip extended default_allow
dynamic permit ip any any
no access-list ip extended server_only
access-list ip extended server_only
# ########## VDEC tools
# Cadence
dynamic permit tcp any any range 5280 5283
# Synopsys
dynamic permit tcp any any range 1700 1701
# Mentor Graphics
dynamic permit tcp any any range 1717 1718
# Agilent
dynamic permit tcp any any range 1750 1751
# ########## ssh @ ikra
# SSH
dynamic permit tcp any host 192.168.13.7 eq 22
# ########## dns/mail/http/git @ kraken
# DOMAIN
dynamic permit tcp any host 192.168.13.3 eq 53
dynamic permit udp any host 192.168.13.3 eq 53
# SMTP
dynamic permit tcp any host 192.168.13.3 eq 25
# SUBMISSION
dynamic permit tcp any host 192.168.13.3 eq 587
# IMAPS
dynamic permit tcp any host 192.168.13.3 eq 993
# POP3S
dynamic permit tcp any host 192.168.13.3 eq 995
# HTTP/HTTPS
dynamic permit tcp any host 192.168.13.3 eq 80
dynamic permit tcp any host 192.168.13.3 eq 443
# GIT
dynamic permit tcp any host 192.168.13.3 eq 9418
# ########## ssh/dns @ leviathan-38 __to_be_closed_soon__
# SSH
dynamic permit tcp any host 133.67.38.32 eq 22
# DOMAIN
dynamic permit tcp any host 133.67.38.32 eq 53
dynamic permit udp any host 133.67.38.32 eq 53
# ########## dns/mail/http @ kraken-38 __to_be_closed_so...
# DOMAIN
dynamic permit udp any host 133.67.38.103 eq 53
dynamic permit tcp any host 133.67.38.103 eq 53
# SMTP
dynamic permit tcp any host 133.67.38.103 eq 25
# SUBMISSION
dynamic permit tcp any host 133.67.38.103 eq 587
# IMAPS
dynamic permit tcp any host 133.67.38.103 eq 993
# POP3S
dynamic permit tcp any host 133.67.38.103 eq 995
# HTTP/HTTPS
dynamic permit tcp any host 133.67.38.103 eq 80
dynamic permit tcp any host 133.67.38.103 eq 443
# ########## Otherwise deny
#dynamic deny ip any any
access-list ip cache timer tcp-timeout 518400
# ######################################################...
ntp server 133.67.1.4
ntp client enable
logging module all information
logging module flt warning
logging module ntp warning
logging facility local5
logging host 192.168.13.3 debug
logging host 192.168.13.9 debug
no dhcp-server ip enable
no http-server username manager
no http-server ip enable
no telnet-server ip enable
ssh-server ip enable
# ######################################################...
copy running-config startup-config
copy running-config flash 20200716.cfg
backup zip archgw-20200716
* 2020.04.10 [#n58b01bf]
# CentreCOM ARX640S
#
# 2020/04/10 static NAPT
# 2020/04/09 no NAPT to 133.67.38
# 2020/04/07 NAPT
# 2020/04/01 New servers
# 2019/06/29 Renewed
# ######################################################...
# recovery
# ^C to stop bootup
# erase setup-config
# ######################################################...
:manager/friend
enable
configure terminal
# ######################################################...
service password-encryption
clock timezone JST 9
hostname archgw
# s/@/&/
enable password 8 $1$En4/b1fT$tmkj9BvgA.CusRBtKIhyx1
manager password 8 $1$kNI1IGSU$S3AqKAfCs9ztTOW1BmHzT.
username ktakagi password 8 $1$E1X1xgtO$41cwWJlge428OPFN...
# crypto key generate hostkey rsa 2048
# ######################################################...
ip name-server 192.168.13.3
ip name-server 192.168.13.9
ip domain list arch.info.mie-u.ac.jp
vlan database
vlan 13
interface gigabitEthernet 0
ip address 133.67.36.12/24
no shutdown
ip napt inside 192.168.13.0/24
ip napt forward tcp 22 192.168.13.9
ip napt forward udp 53 192.168.13.3
ip napt forward tcp 53 192.168.13.3
ip napt forward tcp 80 192.168.13.3
ip napt forward tcp 443 192.168.13.3
ip napt forward tcp 993 192.168.13.3
ip napt forward tcp 995 192.168.13.3
ip napt forward tcp 25 192.168.13.3
ip napt forward tcp 587 192.168.13.3
ip napt forward tcp 9418 192.168.13.3
ip traffic-filter server_only in
ip traffic-filter default_allow out
ip ids in protect
interface gigabitEthernet 1
shutdown
interface gigabitEthernet 2
no shutdown
interface gigabitEthernet 3
switchport access vlan 13
no shutdown
interface gigabitEthernet 4
shutdown
interface gigabitEthernet 5
shutdown
interface loop 0
shutdown
interface loop 1
shutdown
interface vlan 1
ip address 133.67.38.1/24
no shutdown
interface vlan 13
ip address 192.168.13.1/24
no shutdown
ip route default 133.67.36.254
no access-list ip extended default_allow
access-list ip extended default_allow
dynamic permit ip any any
no access-list ip extended server_only
access-list ip extended server_only
# ########## VDEC tools
# Cadence
dynamic permit tcp any any range 5280 5283
# Synopsys
dynamic permit tcp any any range 1700 1701
# Mentor Graphics
dynamic permit tcp any any range 1717 1718
# Agilent
dynamic permit tcp any any range 1750 1751
# ########## ssh @ leviathan
# SSH
dynamic permit tcp any host 192.168.13.9 eq 22
# ########## dns/mail/http/git @ kraken
# DOMAIN
dynamic permit tcp any host 192.168.13.3 eq 53
dynamic permit udp any host 192.168.13.3 eq 53
# SMTP
dynamic permit tcp any host 192.168.13.3 eq 25
# SUBMISSION
dynamic permit tcp any host 192.168.13.3 eq 587
# IMAPS
dynamic permit tcp any host 192.168.13.3 eq 993
# POP3S
dynamic permit tcp any host 192.168.13.3 eq 995
# HTTP/HTTPS
dynamic permit tcp any host 192.168.13.3 eq 80
dynamic permit tcp any host 192.168.13.3 eq 443
# GIT
dynamic permit tcp any host 192.168.13.3 eq 9418
# ########## ssh/dns @ leviathan-38 __to_be_closed_soon__
# SSH
dynamic permit tcp any host 133.67.38.32 eq 22
# DOMAIN
dynamic permit tcp any host 133.67.38.32 eq 53
dynamic permit udp any host 133.67.38.32 eq 53
# ########## dns/mail/http @ kraken-38 __to_be_closed_so...
# DOMAIN
dynamic permit udp any host 133.67.38.103 eq 53
dynamic permit tcp any host 133.67.38.103 eq 53
# SMTP
dynamic permit tcp any host 133.67.38.103 eq 25
# SUBMISSION
dynamic permit tcp any host 133.67.38.103 eq 587
# IMAPS
dynamic permit tcp any host 133.67.38.103 eq 993
# POP3S
dynamic permit tcp any host 133.67.38.103 eq 995
# HTTP/HTTPS
dynamic permit tcp any host 133.67.38.103 eq 80
dynamic permit tcp any host 133.67.38.103 eq 443
# ########## Otherwise deny
#dynamic deny ip any any
access-list ip cache timer tcp-timeout 518400
# ######################################################...
ntp server 133.67.1.4
ntp client enable
logging module all information
logging module flt warning
logging module ntp warning
logging facility local5
logging host 192.168.13.3 debug
logging host 192.168.13.9 debug
no dhcp-server ip enable
no http-server username manager
no http-server ip enable
no telnet-server ip enable
ssh-server ip enable
# ######################################################...
copy running-config startup-config
copy running-config flash 190704.cfg
backup zip
* 2020.04.07 [#gad5971b]
# CentreCOM ARX640S
#
# 2020/04/07 NAPT
# 2020/04/01 New servers
# 2019/06/29 Renewed
# ######################################################...
# recovery
# ^C to stop bootup
# erase setup-config
# ######################################################...
:manager/friend
enable
configure terminal
# ######################################################...
service password-encryption
clock timezone JST 9
hostname archgw
# s/@/&/
enable password 8 $1$En4/b1fT$tmkj9BvgA.CusRBtKIhyx1
manager password 8 $1$kNI1IGSU$S3AqKAfCs9ztTOW1BmHzT.
username ktakagi password 8 $1$E1X1xgtO$41cwWJlge428OPFN...
# crypto key generate hostkey rsa 2048
# ######################################################...
ip name-server 133.67.38.103
ip name-server 133.67.38.32
ip domain list arch.info.mie-u.ac.jp
vlan database
vlan 13
interface gigabitEthernet 0
ip address 133.67.36.12/24
no shutdown
ip napt inside 192.168.13.0/24
ip traffic-filter server_only in
ip traffic-filter default_allow out
ip ids in protect
interface gigabitEthernet 1
shutdown
interface gigabitEthernet 2
no shutdown
interface gigabitEthernet 3
switchport access vlan 13
no shutdown
interface gigabitEthernet 4
shutdown
interface gigabitEthernet 5
shutdown
interface loop 0
shutdown
interface loop 1
shutdown
interface vlan 1
ip address 133.67.38.1/24
no shutdown
ip napt inside 192.168.13.0/24
interface vlan 13
ip address 192.168.13.1/24
no shutdown
ip route default 133.67.36.254
no access-list ip extended default_allow
access-list ip extended default_allow
dynamic permit ip any any
no access-list ip extended server_only
access-list ip extended server_only
# ########## ssh/dns @ leviathan
# SSH
dynamic permit tcp any host 133.67.38.32 eq 22
# DOMAIN
dynamic permit tcp any host 133.67.38.32 eq 53
dynamic permit udp any host 133.67.38.32 eq 53
# ########## dns/mail/http @ kraken
# DOMAIN
dynamic permit udp any host 133.67.38.103 eq 53
dynamic permit tcp any host 133.67.38.103 eq 53
# SMTP
dynamic permit tcp any host 133.67.38.103 eq 25
# SUBMISSION
dynamic permit tcp any host 133.67.38.103 eq 587
# IMAPS
dynamic permit tcp any host 133.67.38.103 eq 993
# POP3S
dynamic permit tcp any host 133.67.38.103 eq 995
# HTTP/HTTPS
dynamic permit tcp any host 133.67.38.103 eq 80
dynamic permit tcp any host 133.67.38.103 eq 443
# ########## VDEC tools
# Cadence
dynamic permit tcp any any range 5280 5283
# Synopsys
dynamic permit tcp any any range 1700 1701
# Mentor Graphics
dynamic permit tcp any any range 1717 1718
# Agilent
dynamic permit tcp any any range 1750 1751
# ########## Otherwise deny
#dynamic deny ip any any
access-list ip cache timer tcp-timeout 518400
# ######################################################...
ntp server 133.67.1.4
ntp client enable
logging module all information
logging module flt warning
logging module ntp warning
logging facility local5
logging host 133.67.38.32 debug
logging host 133.67.38.103 debug
no dhcp-server ip enable
no http-server username manager
no http-server ip enable
no telnet-server ip enable
ssh-server ip enable
# ######################################################...
copy running-config startup-config
copy running-config flash 190704.cfg
backup zip
* 2020.04.01 [#f272d114]
# CentreCOM ARX640S
#
# 2020/04/01 New servers
# 2019/06/29 Renewed
# ######################################################...
# recovery
# ^C to stop bootup
# erase setup-config
# ######################################################...
:manager/friend
enable
configure terminal
# ######################################################...
service password-encryption
clock timezone JST 9
hostname archgw
# s/@/&/
enable password 8 $1$En4/b1fT$tmkj9BvgA.CusRBtKIhyx1
manager password 8 $1$kNI1IGSU$S3AqKAfCs9ztTOW1BmHzT.
username ktakagi password 8 $1$E1X1xgtO$41cwWJlge428OPFN...
# crypto key generate hostkey rsa 2048
# ######################################################...
ip name-server 133.67.38.103
ip name-server 133.67.38.32
ip domain list arch.info.mie-u.ac.jp
interface gigabitEthernet 0
ip address 133.67.36.12/24
no shutdown
ip traffic-filter server_only in
ip traffic-filter default_allow out
ip ids in protect
interface gigabitEthernet 1
shutdown
interface gigabitEthernet 2
no shutdown
interface gigabitEthernet 3
no shutdown
interface gigabitEthernet 4
shutdown
interface gigabitEthernet 5
shutdown
interface loop 0
shutdown
interface loop 1
shutdown
interface vlan 1
ip address 133.67.38.1/24
no shutdown
ip route default 133.67.36.254
no access-list ip extended default_allow
access-list ip extended default_allow
dynamic permit ip any any
no access-list ip extended server_only
access-list ip extended server_only
# ########## ssh/dns @ leviathan
# SSH
dynamic permit tcp any host 133.67.38.32 eq 22
# DOMAIN
dynamic permit tcp any host 133.67.38.32 eq 53
dynamic permit udp any host 133.67.38.32 eq 53
# ########## dns/mail/http @ kraken
# DOMAIN
dynamic permit udp any host 133.67.38.103 eq 53
dynamic permit tcp any host 133.67.38.103 eq 53
# SMTP
dynamic permit tcp any host 133.67.38.103 eq 25
# SUBMISSION
dynamic permit tcp any host 133.67.38.103 eq 587
# IMAPS
dynamic permit tcp any host 133.67.38.103 eq 993
# POP3S
dynamic permit tcp any host 133.67.38.103 eq 995
# HTTP/HTTPS
dynamic permit tcp any host 133.67.38.103 eq 80
dynamic permit tcp any host 133.67.38.103 eq 443
# ########## VDEC tools
# Cadence
dynamic permit tcp any any range 5280 5283
# Synopsys
dynamic permit tcp any any range 1700 1701
# Mentor Graphics
dynamic permit tcp any any range 1717 1718
# Agilent
dynamic permit tcp any any range 1750 1751
# ########## Otherwise deny
#dynamic deny ip any any
access-list ip cache timer tcp-timeout 518400
# ######################################################...
ntp server 133.67.1.4
ntp client enable
logging module all information
logging module flt warning
logging module ntp warning
logging facility local5
logging host 133.67.38.32 debug
logging host 133.67.38.103 debug
no dhcp-server ip enable
no http-server username manager
no http-server ip enable
no telnet-server ip enable
ssh-server ip enable
# ######################################################...
copy running-config startup-config
copy running-config flash 190704.cfg
backup zip
* 2019.06.29 [#cf52d843]
# CentreCOM ARX640S
#
# 2019/06/29 Renewed
# ######################################################...
ip name-server 133.67.38.32
ip name-server 133.67.38.37
ip domain list arch.info.mie-u.ac.jp
interface gigabitEthernet 0
ip address 133.67.36.12/24
no shutdown
ip traffic-filter server_only in
ip traffic-filter default_allow out
ip ids in protect
interface gigabitEthernet 1
shutdown
interface gigabitEthernet 2
no shutdown
interface gigabitEthernet 3
no shutdown
interface gigabitEthernet 4
shutdown
interface gigabitEthernet 5
shutdown
interface loop 0
shutdown
interface loop 1
shutdown
interface vlan 1
ip address 133.67.38.1/24
no shutdown
ip route default 133.67.36.254
no access-list ip extended default_allow
access-list ip extended default_allow
dynamic permit ip any any
no access-list ip extended server_only
access-list ip extended server_only
# ########## ssh/dns @ leviathan
# SSH
dynamic permit tcp any host 133.67.38.32 eq 22
# DOMAIN
dynamic permit tcp any host 133.67.38.32 eq 53
dynamic permit udp any host 133.67.38.32 eq 53
# ########## dns @ mussel
# DOMAIN
dynamic permit udp any host 133.67.38.37 eq 53
dynamic permit tcp any host 133.67.38.37 eq 53
# ########## imap/pop @ abalone
# SMTP
dynamic permit tcp any host 133.67.38.36 eq 25
# HTTP
dynamic permit tcp any host 133.67.38.36 eq 80
# IMAPS
dynamic permit tcp any host 133.67.38.36 eq 993
# SUBMISSION
dynamic permit tcp any host 133.67.38.36 eq 587
# POP3S
dynamic permit tcp any host 133.67.38.36 eq 995
# ########## www @ narwal
# HTTP/HTTPS
dynamic permit tcp any host 133.67.38.39 eq 80
dynamic permit tcp any host 133.67.38.39 eq 443
# ########## gitlab
# HTTP/HTTPS
dynamic permit tcp any host 133.67.38.107 eq 80
dynamic permit tcp any host 133.67.38.107 eq 443
# ########## aipo8
# HTTP/HTTPS
dynamic permit tcp any host 133.67.38.177 eq 80
dynamic permit tcp any host 133.67.38.177 eq 443
# ########## rdp @ penguin ?
dynamic permit tcp any host 133.67.38.99 eq 3389
# ########## VDEC tools
# Cadence
dynamic permit tcp any any range 5280 5283
# Synopsys
dynamic permit tcp any any range 1700 1701
# Mentor Graphics
dynamic permit tcp any any range 1717 1718
# Agilent
dynamic permit tcp any any range 1750 1751
# ########## Otherwise deny
#dynamic deny ip any any
access-list ip cache timer tcp-timeout 518400
# ######################################################...
ntp server 133.67.1.4
ntp client enable
logging module all information
logging module flt warning
logging module ntp warning
logging facility local5
logging host 133.67.38.32 debug
logging host 133.67.38.38 debug
no dhcp-server ip enable
no http-server username manager
no http-server ip enable
no telnet-server ip enable
ssh-server ip enable
ページ名: