|
Introduction
A router is a networking device whose software and hardware are usually tailored to the tasks of routing and forwarding information. Routers connect two or more logical subnets, which do not necessarily map one-to-one to the physical interfaces of the router. Network Diagram Configuration ! Zebra configuration saved from vty
!
hostname gateway.zebra.okapi.in
log file
log stdout errors
log monitor errors
service advanced-vty
!
aaa new-model
!
!
!Defining access-lists
!
access-list 10 permit 172.168.0.0 0.0.255.255
access-list 110 remark udp port one_two_three opened for ntp requests
access-list 110 permit tcp 172.168.0.0 0.0.255.255 any eq 68
access-list 110 permit tcp 172.168.0.0 0.0.255.255 any eq 67
access-list 110 permit tcp 172.168.0.0 0.0.255.255 any eq domain
access-list 110 permit tcp 172.168.0.0 0.0.255.255 any eq 143
access-list 110 permit tcp 172.168.0.0 0.0.255.255 any eq smtp
access-list 110 permit tcp 172.168.0.0 0.0.255.255 any eq 2049
access-list 110 permit tcp 172.168.0.0 0.0.255.255 any eq pop3
access-list 110 permit tcp 172.168.0.0 0.0.255.255 any eq 22
access-list 110 permit tcp 172.168.0.0 0.0.255.255 any eq 139
access-list 110 permit tcp 172.168.0.0 0.0.255.255 any eq telnet
access-list 110 permit tcp any any established
access-list 110 permit udp any any established
access-list 110 permit udp any any eq domain
access-list 110 permit udp any any eq 1194 new
access-list 110 permit icmp any any
access-list 110 permit tcp 172.168.0.0 0.0.255.255 any eq 8080
access-list 110 permit tcp any any eq pop3 established related
access-list 110 permit tcp any any eq 995
access-list 110 permit tcp any any eq 587
access-list 110 permit tcp 172.168.0.0 0.0.255.255 any eq 465
access-list 110 permit tcp 172.168.0.0 0.0.255.255 any eq 443
access-list 110 permit tcp 172.168.0.0 0.0.255.255 any eq 2082 new
access-list 110 permit tcp 172.168.0.0 0.0.255.255 any eq 2095 new
access-list 110 permit tcp 172.168.0.0 0.0.255.255 any eq www
access-list 110 permit tcp 172.168.0.0 0.0.255.255 any eq 990
access-list 110 permit udp 172.168.0.0 0.0.255.255 any range 1024 65535
access-list 110 permit tcp 172.168.0.0 0.0.255.255 any eq 3690
access-list 110 permit tcp 172.168.0.0 0.0.255.255 any range 1024 65535
access-list 110 permit tcp 172.168.0.0 0.0.255.255 any eq ftp
access-list 110 permit tcp 172.168.0.0 0.0.255.255 any eq ftp-data
access-list 110 permit udp 172.168.0.0 0.0.255.255 any eq 500
access-list 110 permit tcp 172.168.0.0 0.0.255.255 any eq 993
access-list 110 permit tcp any any eq 873
access-list 110 permit udp any any eq 873
access-list 110 permit udp 172.168.0.0 0.0.255.255 any eq 123
access-list 120 permit tcp any any eq domain
access-list 120 permit tcp any any eq www
access-list 120 permit tcp any any eq 22
access-list 120 permit tcp any any eq ftp
access-list 120 permit tcp any any eq ftp-data
access-list 120 permit icmp any any echo-reply
access-list 120 permit tcp any any established
access-list 120 permit udp any any established
access-list 120 permit udp any any eq domain
access-list 120 permit tcp any host 172.168.50.7 eq 8085
access-list 120 permit tcp any host 172.168.50.54 eq 22
access-list 120 permit tcp any host 172.168.50.7 eq 22
access-list 120 permit tcp any host 172.168.50.7 eq 8084
access-list 120 permit tcp any host 172.168.50.7 eq 8087
access-list 120 permit tcp any host 172.168.50.7 eq 8081
access-list 120 permit udp any any eq 1194
access-list 120 permit tcp any host 172.168.50.7 eq 8088
access-list 120 permit tcp 172.168.0.0 0.0.255.255 any eq ftp-data
access-list 120 permit tcp any host 172.168.50.7 eq 5432
access-list 120 permit tcp any any eq 5666
access-list 120 permit tcp 172.168.0.0 0.0.255.255 any eq 873
access-list 120 permit udp 172.168.0.0 0.0.255.255 any eq 873
access-list 120 permit tcp any host 172.168.50.8 eq smtp
!
ip forwarding
!
line vty
!
!
!
!
!
!Configuration for squid
!
!
service httpProxy
url-filter redirect-url http://www.okapi.in
default-traffic allow
cache-mem 16
listen-address 172.168.50.50 8080 transparent
port allow 80
url-filter define-dst bad regex orkut
url-filter define-dst banned regex isohunt
url-filter define-dst good regex economictimes.com
url-filter define-src our_networks 172.168.0.0/16
url-filter define-time office_time weekly 1 2 3 4 5 time 10:00:00 18:00:00
url-filter define-acl deny src-grp our_networks dst-grp bad office_time
url-filter define-acl allow src-grp our_networks dst-grp good office_time
url-filter define-acl deny src-grp our_networks dst-grp banned office_time
start
!
!
!
interface Dummy 0
!
interface FastEthernet 0
ip address 192.168.1.10 255.255.255.0
ip nat outside
ip access-group 120 in
no shutdown
!
interface FastEthernet 1
ip address 172.168.50.50 255.255.0.0
ip nat inside
ip access-group 110 in
no shutdown
!
interface Loopback
!
interface IPv4-In-IPv4 0
!
interface SSL-Tunnel 0
openvpn mode server
openvpn dev tun
openvpn proto udp
openvpn port 1194
openvpn authentication certificate
openvpn certificates okapi_ca.crt server.crt server.key dh1024.pem
openvpn compression on
openvpn keepalive 10 120
openvpn ip pool 10.8.0.0 255.255.0.0
openvpn network 172.168.0.0 255.255.0.0
openvpn push_domain zebra.okapi.in
openvpn push_dns 172.168.50.50
openvpn push_dns 172.168.50.8
openvpn encryption cipher-bf 128
openvpn hash sha1
openvpn auth-user-pass
no shutdown
!
ip nat inside source static tcp 172.168.50.7 8085 192.168.1.10 8085
ip nat inside source static tcp 172.168.50.54 22 192.168.1.10 8889
ip nat inside source static tcp 172.168.50.7 22 192.168.1.10 5805
ip nat inside source static tcp 172.168.50.7 8087 192.168.1.10 8087
ip nat inside source static tcp 172.168.50.7 8081 192.168.1.10 8081
ip nat inside source static tcp 172.168.50.7 8088 192.168.1.10 8088
ip nat inside source static tcp 172.168.50.8 21 192.168.1.10 21
ip nat inside source static tcp 172.168.50.8 20 192.168.1.10 20
ip nat inside source static tcp 172.168.50.7 5432 192.168.1.10 5432
ip nat inside source list 10 interface FastEthernet 0
ip nat inside source static tcp 172.168.50.7 8084 192.168.1.10 8084
ip nat inside source static tcp 172.168.50.8 873 192.168.1.10 873
ip nat inside source static udp 172.168.50.8 873 192.168.1.10 873
ip nat inside source static tcp 172.168.50.8 22 192.168.1.10 5806
ip nat inside source static tcp 172.168.50.8 25 192.168.1.10 25
!
ip domain-lookup
ip name-server 172.168.50.50
ip name-server 4.2.2.2
ip name-server 172.168.50.8
ip domain-name zebra.okapi.in
!
zone zebra.okapi.in. create primary gateway.zebra.okapi.in. root.zebra.okapi.in.
!
zone zebra.okapi.in. allow-transfer 172.168.50.8
zone zebra.okapi.in. addRR sigma.zebra.okapi.in. MX 0
zone zebra.okapi.in. addRR gateway A 172.168.50.50
zone zebra.okapi.in. addRR sigma A 172.168.50.8
!
zone 50.168.172.in-addr.arpa. create primary gateway.zebra.okapi.in. root.50.168.172.in-addr.arpa.
!
zone 50.168.172.in-addr.arpa. allow-transfer 172.168.50.8
zone 50.168.172.in-addr.arpa. addRR 172.168.50.50 PTR gateway.zebra.okapi.in.
zone 50.168.172.in-addr.arpa. addRR 172.168.50.8 PTR sigma.zebra.okapi.in.
!
dns addForwarder 192.168.1.1
dns addForwarder 18.70.0.160
service dns
!
!
!
!
set ntp server 0.asia.pool.ntp.org
set ntp client enable 0 * * * *
!
ip route 0.0.0.0/0 192.168.1.1
!
!
ip dhcp pool range1
network 172.168.0.0 255.255.0.0
range 172.168.50.201 172.168.50.240
domain-name zebra.okapi.in
dns-server 172.168.50.50
dns-server 172.168.50.8
dns-server 4.2.2.2
default-router 172.168.50.50
service dhcp
!
!
! To map port 80 onto 8080
ip port-map www port tcp 8080
!
!
|
