slaine
07-12-2008, 11:59
здравствуйте
как открыть/пробросить порт на конкретную машину?
роутер cisco 877
Current configuration : 5802 bytes
!
version 12.4
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
!
hostname myrouter
!
boot-start-marker
boot-end-marker
!
logging buffered 51200
logging console critical
enable secret 5 $1$NZzJ$vkiSlaYnuIW8zAIBThui3.
!
no aaa new-model
clock timezone PCTime 3
clock summer-time PCTime date Mar 30 2003 2:00 Oct 26 2003 3:00
!
crypto pki trustpoint TP-self-signed-1766803642
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-1766803642
revocation-check none
rsakeypair TP-self-signed-1766803642
!
!
crypto pki certificate chain TP-self-signed-1766803642
certificate self-signed 01
3082024F 308201B8 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 31373636 38303336 3432301E 170D3032 30333031 30303039
34305A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D31 37363638
30333634 3230819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
8100B5B0 7DF304D8 12CA7B82 28006AF1 9C51F36C 858D2358 5CF5E4DA EF371570
C13414A2 47DC1B3A 6B3DDFA3 D7FF65CE A7A8C8D8 A95CBE30 354FB13D 3CE41AF4
D0F7FB15 9FCF8900 B9652794 79F544FB 53ABAE33 2B01C370 73B96E6C 9FD490CE
C7A4BA0C D0BB9259 8F2F03E0 E91882F5 EC052466 BD8822AF A7AF5511 7CA816C1
26B50203 010001A3 77307530 0F060355 1D130101 FF040530 030101FF 30220603
551D1104 1B301982 176D7972 6F757465 722E796F 7572646F 6D61696E 2E636F6D
301F0603 551D2304 18301680 1434A24B 02BB2977 E4A0C1FF 8F1C9C67 33452C77
F6301D06 03551D0E 04160414 34A24B02 BB2977E4 A0C1FF8F 1C9C6733 452C77F6
300D0609 2A864886 F70D0101 04050003 8181002D 8C7CA900 6006355F 06BB9707
302B07CD E1776378 B4506B25 E853CC10 F071C0A1 CA6C8817 C436A8D4 C2CDFB5B
94145F41 1E779FC6 3B1A7911 9E298AC9 45709487 392410F8 87B6EBB4 27D1D0F1
78A54263 7AAB0871 E3EBCF6F 6897E454 0635C21E 541AD923 C4C057C6 4F9B3588
E6576841 32E9B3EC E1E3205C 4EF63431 C6B2BF
quit
dot11 syslog
no ip source-route
ip cef
no ip dhcp use vrf connected
ip dhcp excluded-address 10.10.10.1
!
ip dhcp pool sdm-pool1
import all
network 10.10.10.0 255.255.255.0
dns-server 88.147.128.17 88.147.128.16
default-router 10.10.10.1
!
!
ip auth-proxy max-nodata-conns 3
ip admission max-nodata-conns 3
no ip bootp server
ip domain name yourdomain.com
ip name-server 88.147.128.17
ip name-server 88.147.128.16
!
!
!
username slaine privilege 15 secret 5 $1$tOnB$lFe5yz.7rV3dLeyuuimyC/
!
!
archive
log config
hidekeys
!
!
ip tcp synwait-time 10
ip ssh time-out 60
ip ssh authentication-retries 2
!
!
!
interface ATM0
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip route-cache flow
no atm ilmi-keepalive
dsl operating-mode auto
!
interface ATM0.1 point-to-point
description $ES_WAN$$FW_OUTSIDE$
pvc 0/33
pppoe-client dial-pool-number 1
!
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface Dot11Radio0
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip route-cache flow
shutdown
speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0
54.0
station-role root
!
interface Vlan1
description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$$ES_LAN$$FW_INSIDE$
ip address 10.10.10.1 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat inside
ip virtual-reassembly
ip route-cache flow
ip tcp adjust-mss 1412
!
interface Dialer0
ip address negotiated
no ip redirects
no ip unreachables
no ip proxy-arp
ip mtu 1452
ip nat outside
ip virtual-reassembly
encapsulation ppp
ip route-cache flow
dialer pool 1
dialer-group 1
no cdp enable
ppp authentication chap pap callin
ppp chap hostname ______________
ppp chap password 7 ____________________
ppp pap sent-username ______________ password 7 ____________________
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 Dialer0
!
ip http server
ip http access-class 23
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
logging trap debugging
access-list 1 remark INSIDE_IF=Vlan1
access-list 1 remark SDM_ACL Category=2
access-list 1 permit 10.10.10.0 0.0.0.255
dialer-list 1 protocol ip permit
no cdp run
!
!
!
control-plane
!
banner exec ^C
% Password expiration warning.
-----------------------------------------------------------------------
Cisco Router and Security Device Manager (SDM) is installed on this device and
it provides the default username "cisco" for one-time use. If you have already
used the username "cisco" to login to the router and your IOS image supports the
"one-time" user option, then this username has already expired. You will not be
able to login to the router with this username after you exit this session.
It is strongly suggested that you create a new username with a privilege level
of 15 using the following command.
username <myuser> privilege 15 secret 0 <mypassword>
Replace <myuser> and <mypassword> with the username and password you want to
use.
-----------------------------------------------------------------------
^C
banner login ^CAuthorized access only!
Disconnect IMMEDIATELY if you are not an authorized user!^C
!
line con 0
login local
no modem enable
transport output telnet
line aux 0
login local
transport output telnet
line vty 0 4
privilege level 15
login local
transport input telnet ssh
!
scheduler max-task-time 5000
scheduler allocate 4000 1000
scheduler interval 500
end
как открыть/пробросить порт на конкретную машину?
роутер cisco 877
Current configuration : 5802 bytes
!
version 12.4
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
!
hostname myrouter
!
boot-start-marker
boot-end-marker
!
logging buffered 51200
logging console critical
enable secret 5 $1$NZzJ$vkiSlaYnuIW8zAIBThui3.
!
no aaa new-model
clock timezone PCTime 3
clock summer-time PCTime date Mar 30 2003 2:00 Oct 26 2003 3:00
!
crypto pki trustpoint TP-self-signed-1766803642
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-1766803642
revocation-check none
rsakeypair TP-self-signed-1766803642
!
!
crypto pki certificate chain TP-self-signed-1766803642
certificate self-signed 01
3082024F 308201B8 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 31373636 38303336 3432301E 170D3032 30333031 30303039
34305A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D31 37363638
30333634 3230819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
8100B5B0 7DF304D8 12CA7B82 28006AF1 9C51F36C 858D2358 5CF5E4DA EF371570
C13414A2 47DC1B3A 6B3DDFA3 D7FF65CE A7A8C8D8 A95CBE30 354FB13D 3CE41AF4
D0F7FB15 9FCF8900 B9652794 79F544FB 53ABAE33 2B01C370 73B96E6C 9FD490CE
C7A4BA0C D0BB9259 8F2F03E0 E91882F5 EC052466 BD8822AF A7AF5511 7CA816C1
26B50203 010001A3 77307530 0F060355 1D130101 FF040530 030101FF 30220603
551D1104 1B301982 176D7972 6F757465 722E796F 7572646F 6D61696E 2E636F6D
301F0603 551D2304 18301680 1434A24B 02BB2977 E4A0C1FF 8F1C9C67 33452C77
F6301D06 03551D0E 04160414 34A24B02 BB2977E4 A0C1FF8F 1C9C6733 452C77F6
300D0609 2A864886 F70D0101 04050003 8181002D 8C7CA900 6006355F 06BB9707
302B07CD E1776378 B4506B25 E853CC10 F071C0A1 CA6C8817 C436A8D4 C2CDFB5B
94145F41 1E779FC6 3B1A7911 9E298AC9 45709487 392410F8 87B6EBB4 27D1D0F1
78A54263 7AAB0871 E3EBCF6F 6897E454 0635C21E 541AD923 C4C057C6 4F9B3588
E6576841 32E9B3EC E1E3205C 4EF63431 C6B2BF
quit
dot11 syslog
no ip source-route
ip cef
no ip dhcp use vrf connected
ip dhcp excluded-address 10.10.10.1
!
ip dhcp pool sdm-pool1
import all
network 10.10.10.0 255.255.255.0
dns-server 88.147.128.17 88.147.128.16
default-router 10.10.10.1
!
!
ip auth-proxy max-nodata-conns 3
ip admission max-nodata-conns 3
no ip bootp server
ip domain name yourdomain.com
ip name-server 88.147.128.17
ip name-server 88.147.128.16
!
!
!
username slaine privilege 15 secret 5 $1$tOnB$lFe5yz.7rV3dLeyuuimyC/
!
!
archive
log config
hidekeys
!
!
ip tcp synwait-time 10
ip ssh time-out 60
ip ssh authentication-retries 2
!
!
!
interface ATM0
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip route-cache flow
no atm ilmi-keepalive
dsl operating-mode auto
!
interface ATM0.1 point-to-point
description $ES_WAN$$FW_OUTSIDE$
pvc 0/33
pppoe-client dial-pool-number 1
!
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface Dot11Radio0
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip route-cache flow
shutdown
speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0
54.0
station-role root
!
interface Vlan1
description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$$ES_LAN$$FW_INSIDE$
ip address 10.10.10.1 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat inside
ip virtual-reassembly
ip route-cache flow
ip tcp adjust-mss 1412
!
interface Dialer0
ip address negotiated
no ip redirects
no ip unreachables
no ip proxy-arp
ip mtu 1452
ip nat outside
ip virtual-reassembly
encapsulation ppp
ip route-cache flow
dialer pool 1
dialer-group 1
no cdp enable
ppp authentication chap pap callin
ppp chap hostname ______________
ppp chap password 7 ____________________
ppp pap sent-username ______________ password 7 ____________________
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 Dialer0
!
ip http server
ip http access-class 23
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
logging trap debugging
access-list 1 remark INSIDE_IF=Vlan1
access-list 1 remark SDM_ACL Category=2
access-list 1 permit 10.10.10.0 0.0.0.255
dialer-list 1 protocol ip permit
no cdp run
!
!
!
control-plane
!
banner exec ^C
% Password expiration warning.
-----------------------------------------------------------------------
Cisco Router and Security Device Manager (SDM) is installed on this device and
it provides the default username "cisco" for one-time use. If you have already
used the username "cisco" to login to the router and your IOS image supports the
"one-time" user option, then this username has already expired. You will not be
able to login to the router with this username after you exit this session.
It is strongly suggested that you create a new username with a privilege level
of 15 using the following command.
username <myuser> privilege 15 secret 0 <mypassword>
Replace <myuser> and <mypassword> with the username and password you want to
use.
-----------------------------------------------------------------------
^C
banner login ^CAuthorized access only!
Disconnect IMMEDIATELY if you are not an authorized user!^C
!
line con 0
login local
no modem enable
transport output telnet
line aux 0
login local
transport output telnet
line vty 0 4
privilege level 15
login local
transport input telnet ssh
!
scheduler max-task-time 5000
scheduler allocate 4000 1000
scheduler interval 500
end