# # CATVインターネットなどイーサネット回線を利用する # # # LANインターフェースの設定 # ip lan1 address 192.168.2.1/24 # # WAN(ISP)インターフェースの設定 # ip lan2 address dhcp ip lan2 nat descriptor 1 ip route default gateway dhcp lan2 # # フィルターの設定 # ip filter source-route on ip filter directed-broadcast on ip filter 1001 reject 192.168.2.0/24 * ip filter 1002 pass * 192.168.2.0/24 icmp ip filter 1010 reject * * udp,tcp 135 * ip filter 1011 reject * * udp,tcp * 135 ip filter 1012 reject * * udp,tcp netbios_ns-netbios_ssn * ip filter 1013 reject * * udp,tcp * netbios_ns-netbios_ssn ip filter 1014 reject * * udp,tcp 445 * ip filter 1015 reject * * udp,tcp * 445 ip filter 2000 reject * * ip filter 3000 pass * * ip filter dynamic 100 * * ftp ip filter dynamic 101 * * www ip filter dynamic 102 * * domain ip filter dynamic 103 * * smtp ip filter dynamic 104 * * pop3 ip filter dynamic 105 * * tcp ip filter dynamic 106 * * udp ip lan2 secure filter in 1001 1002 2000 ip lan2 secure filter out 1010 1011 1012 1013 1014 1015 3000 dynamic 100 101 102 103 104 105 106 # # NATの設定 # nat descriptor type 1 masquerade nat descriptor address outer 1 primary # # DHCPの設定 # dhcp service server dhcp server rfc2131 compliant except remain-silent dhcp scope 1 192.168.2.2-192.168.2.100/24 # # DNSの設定 # dns host lan1 dns server (ISPから指定されたDNSサーバーのIPアドレス) dns private address spoof on