更加直观的路由设置方法

joerao · 发表于 2004-4-29 08:45:08

[这个贴子最后由joerao在 2004/04/29 08:47am 第 1 次编辑]

这是我一个配置好的文件,不嫌弃就拿去吧,只要改PPP的帐号密码和当地VPI.VCI端口就可以了.
以东信MODEN为例,希望大家多多指点.如果可行,大家以后也可以多提供这样的配置文件.

(括号中的是说明!!!)
create user name root(登陆用户名) passwd root(登陆密码) root
nbsize maxipsess 192 httpport 61080(http端口) telnetport 61023(telnet端口) ftpport 61021(ftp端口)

size maxvc 8 max1483vc 8 maxppe 8

modify system contact "GlobespanVirata Inc.,100 Schulz Drive, Red Bank,NJ 07701,U.S.A" model "Viking" location "GlobespanVirata Inc.,100 Schulz Drive, Red Bank,NJ 07701,U.S.A" vendor "GlobespanVirata Inc.,100 Schulz Drive, Red Bank,NJ 07701,U.S.A" logthresh 1 systime "Jan 01 00:06:36 2004" timezone "CCT" name "JOE" dname "JOE.COM" magicnum 47
modify bridge mode enable

create pfraw rule entry ruleid 15 ifname private dir in act deny
create pfraw rule entry ruleid 16 ifname private act deny
create pfraw rule entry ruleid 17 ifname private dir in act deny
create pfraw rule entry ruleid 18 ifname private act deny
create pfraw rule entry ruleid 19 ifname private dir in act deny
create pfraw rule entry ruleid 20 ifname private act deny
create pfraw rule entry ruleid 21 ifname private dir in act deny
create pfraw rule entry ruleid 22 ifname private act deny
create pfraw rule entry ruleid 23 ifname private dir in act deny
create pfraw rule entry ruleid 24 ifname private act deny
create pfraw rule entry ruleid 25 ifname private dir in act deny
create pfraw rule entry ruleid 26 ifname private act deny
create pfraw rule entry ruleid 27 ifname private dir in act deny
create pfraw rule entry ruleid 28 ifname private act deny
create pfraw rule entry ruleid 29 ifname private dir in act deny
create pfraw rule entry ruleid 30 ifname private act deny
create pfraw rule entry ruleid 31 ifname private dir in act deny
create pfraw rule entry ruleid 32 ifname private act deny
create pfraw rule entry ruleid 33 ifname private dir in act deny
create pfraw rule entry ruleid 34 ifname private act deny
create pfraw rule entry ruleid 35 ifname private dir in act callmgmt
create pfraw rule entry ruleid 36 ifname dmz dir in act callmgmt
create pfraw subrule entry ruleid 15 subruleid 1 mask 0xFFFF offset 12 enable cmpt range 0x8863 0x8864
create pfraw subrule entry ruleid 16 subruleid 1 mask 0xFFFF offset 12 enable cmpt range 0x8863 0x8864
create pfraw subrule entry ruleid 17 subruleid 1 mask 0xFFFFFFFF start iph offset 16 enable cmpt range 0xE0000000 0xEFFFFFFF
create pfraw subrule entry ruleid 18 subruleid 1 mask 0xFFFFFFFF start iph offset 16 enable cmpt range 0xE0000000 0xEFFFFFFF
create pfraw subrule entry ruleid 19 subruleid 1 mask 0xFFFF offset 12 enable cmpt eq 0x8035
create pfraw subrule entry ruleid 20 subruleid 1 mask 0xFFFF offset 12 enable cmpt eq 0x8035
create pfraw subrule entry ruleid 21 subruleid 1 mask 0xFFFF offset 12 enable cmpt eq 0x809B
create pfraw subrule entry ruleid 22 subruleid 1 mask 0xFFFF offset 12 enable cmpt eq 0x809B
create pfraw subrule entry ruleid 23 subruleid 1 mask 0xFFFF offset 12 enable cmpt lteq 0x05DC
create pfraw subrule entry ruleid 23 subruleid 2 mask 0xFFFF offset 14 enable cmpt eq 0xF0F0
create pfraw subrule entry ruleid 24 subruleid 1 mask 0xFFFF offset 12 enable cmpt lteq 0x05DC
create pfraw subrule entry ruleid 24 subruleid 2 mask 0xFFFF offset 14 enable cmpt eq 0xF0F0
create pfraw subrule entry ruleid 25 subruleid 1 mask 0xFFFF offset 12 enable cmpt range 0x8137 0x8138
create pfraw subrule entry ruleid 26 subruleid 1 mask 0xFFFF offset 12 enable cmpt range 0x8137 0x8138
create pfraw subrule entry ruleid 27 subruleid 1 mask 0xFFFFFFFFFFFF offset 0 enable cmpt eq 0x0180C2000000
create pfraw subrule entry ruleid 28 subruleid 1 mask 0xFFFFFFFFFFFF offset 0 enable cmpt eq 0x0180C2000000
create pfraw subrule entry ruleid 29 subruleid 1 mask 0xFFFF offset 12 enable cmpt eq 0x0806
create pfraw subrule entry ruleid 30 subruleid 1 mask 0xFFFF offset 12 enable cmpt eq 0x0806
create pfraw subrule entry ruleid 31 subruleid 1 mask 0xFFFF offset 0 enable cmpt eq 0x3333
create pfraw subrule entry ruleid 32 subruleid 1 mask 0xFFFF offset 0 enable cmpt eq 0x3333
create pfraw subrule entry ruleid 33 subruleid 1 mask 0xFFFF offset 12 enable cmpt eq 0x8100
create pfraw subrule entry ruleid 34 subruleid 1 mask 0xFFFF offset 12 enable cmpt eq 0x8100
create pfraw subrule entry ruleid 35 subruleid 1 mask 0xFFFF offset 12 enable cmpt range 0x8863 0x8864
create pfraw subrule entry ruleid 36 subruleid 1 mask 0xFFFF offset 12 enable cmpt range 0x8863 0x8864

modify fwl global  attackprotect enable dosprotect enable
create ipf rule entry ruleid 1010 dir in destaddr bcast seclevel high
create ipf rule entry ruleid 1020 dir in destaddr eq 255.255.255.255 seclevel high
create ipf rule entry ruleid 1030 ifname private dir in act accept storestate enable seclevel high medium low
create ipf rule entry ruleid 1040 ifname private dir out act accept srcaddr self storestate enable seclevel high medium low
create ipf rule entry ruleid 1050 ifname private dir out act accept transprot eq num 17 destport eq num 53 inifname dmz storestate enable seclevel high medium low
create ipf rule entry ruleid 1060 ifname private dir out act accept transprot eq num 6 destport eq num 53 inifname dmz storestate enable seclevel high medium low
create ipf rule entry ruleid 1070 ifname private dir out act accept transprot eq num 6 destport eq num 25 inifname dmz storestate enable seclevel high medium low
create ipf rule entry ruleid 1080 ifname private dir out act accept transprot eq num 6 destport eq num 110 inifname dmz storestate enable seclevel high medium low
create ipf rule entry ruleid 1090 ifname private dir out act accept transprot eq num 6 destport eq num 21 inifname dmz storestate enable seclevel  medium low
create ipf rule entry ruleid 1100 ifname private dir out act accept transprot eq num 6 destport eq num 80 inifname dmz storestate enable seclevel  medium low
create ipf rule entry ruleid 1110 ifname private dir out act accept transprot eq num 6 destport eq num 23 inifname dmz storestate enable
create ipf rule entry ruleid 1120 ifname private dir out act accept transprot eq num 1 inifname dmz storestate enable
create ipf rule entry ruleid 1130 ifname dmz dir out transprot eq num 6 destport eq num 23 inifname private seclevel high
create ipf rule entry ruleid 1140 ifname dmz dir out transprot eq num 17 destport eq num 53 inifname public seclevel high
create ipf rule entry ruleid 1150 ifname dmz dir out transprot eq num 6 destport eq num 53 inifname public seclevel high
create ipf rule entry ruleid 1160 ifname dmz dir out transprot eq num 6 destport eq num 21 inifname public seclevel high
create ipf rule entry ruleid 1170 ifname dmz dir out transprot eq num 6 destport eq num 23 inifname public seclevel high medium low
create ipf rule entry ruleid 1180 ifname dmz dir out transprot eq num 1 inifname public seclevel high medium
create ipf rule entry ruleid 1190 ifname public dir out transprot eq num 6 destport eq num 23 seclevel high
create ipf rule entry ruleid 1200 ifname public dir out act accept srcaddr self storestate enable seclevel high medium low
create ipf rule entry ruleid 1210 ifname public dir in destaddr bcast seclevel  medium
create ipf rule entry ruleid 1220 ifname public dir in destaddr eq 255.255.255.255 seclevel  medium
create ipf rule entry ruleid 1230 ifname public dir in transprot eq num 17 destport eq num 7 seclevel high medium
create ipf rule entry ruleid 1240 ifname public dir in transprot eq num 17 destport eq num 9 seclevel high medium
create ipf rule entry ruleid 1250 ifname public dir in transprot eq num 17 destport eq num 19 seclevel high medium
create ipf rule entry ruleid 1260 ifname public dir in destaddr self transprot eq num 6 destport eq num 80 seclevel high medium low
create ipf rule entry ruleid 1270 ifname public dir in destaddr self transprot eq num 17 destport eq num 53 seclevel high
create ipf rule entry ruleid 1280 ifname public dir in destaddr self transprot eq num 6 destport eq num 53 seclevel high
create ipf rule entry ruleid 1290 ifname public dir in destaddr self transprot eq num 6 destport eq num 21 seclevel high medium low
create ipf rule entry ruleid 1300 ifname public dir in destaddr self transprot eq num 6 destport eq num 23 seclevel high medium low
create ipf rule entry ruleid 1310 ifname public dir in destaddr self transprot eq num 1 seclevel high medium
create ipf rule entry ruleid 1320 ifname public dir in act accept destaddr self transprot eq num 17 destport eq num 53 storestate enable seclevel  medium low
create ipf rule entry ruleid 1330 ifname public dir in act accept destaddr self transprot eq num 6 destport eq num 53 storestate enable seclevel  medium low
create ipf rule entry ruleid 1340 ifname public dir in seclevel high isipopt yes
create ipf rule entry ruleid 1350 ifname public dir in seclevel high isfrag yes
create ipf rule entry ruleid 1360 ifname dmz dir in destaddr self transprot eq num 6 destport eq num 80 seclevel high medium
create ipf rule entry ruleid 1370 ifname dmz dir in destaddr self transprot eq num 6 destport eq num 21 seclevel high medium
create ipf rule entry ruleid 1380 ifname dmz dir in destaddr self transprot eq num 6 destport eq num 23 seclevel high medium
create ipf rule entry ruleid 1390 ifname dmz dir in act accept storestate enable seclevel high medium low
modify ipf global  pubdefact accept pvtdefact deny dmzdefact accept
modify dhcp server cfg enable(开启DHCP服务)
create dhcp server pool start-ip 192.168.1.3(DHCP起始地址) poolid 0 end-ip 192.168.1.254(DHCP终止地址) mask 255.255.255.0(子网掩码) dname Joe(域) gwy 192.168.1.1(网关) dns 192.168.1.1(DNS转发)

modify snmp trap disable

create rip intf ifname ppp-0

create ethernet intf ifname eth-0 ip 192.168.1.1 mask 255.255.255.0(MODEN RJ45端口地址,掩码)
create usb intf ifname usb-0 ip 192.168.1.2 mask 255.255.255.0(MODEN USB端口地址,掩码)

modify ip cfg ttl 64
modify dsl config multi
create atm port enable ifname atm-0 maxvc 8 oamsrc 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
create ppp security ifname ppp-0 login user(PPPOE的用户名) passwd 123456(PPPOE的密码)
create atm trfdesc trfindex 0
create atm vc intf ifname aal5-0 lowif atm-0 vpi 0(ATM端口) vci 32(用户端口,我这里是32.请根据具体位置修改) a5maxproto 2

create eoa intf ifname eoa-0 outside lowif aal5-0

create ppp intf ifname ppp-0 startondata mru 1492 lowif aal5-0 droute true ppoe outside usedns true

modify nat global enable
create nat rule entry ruleid 1 napt
create alg port portno 21 prot num 6 algtype ftp
create alg port portno 1701 prot num 17 algtype l2tp
create alg port portno 1723 prot num 6 algtype pptp
create alg port portno 554 prot num 6 algtype rtsp
create alg port portno 7070 prot num 6 algtype ra
create alg port portno 7648 prot num 6 algtype cuseeme
create alg port portno 1719 prot num 17 algtype h323_ras
create alg port portno 1720 prot num 6 algtype h323_q931
create alg port portno 6661 prot num 6 algtype mirc
create alg port portno 6662 prot num 6 algtype mirc
create alg port portno 6663 prot num 6 algtype mirc
create alg port portno 6664 prot num 6 algtype mirc
create alg port portno 6665 prot num 6 algtype mirc
create alg port portno 6666 prot num 6 algtype mirc
create alg port portno 6667 prot num 6 algtype mirc
create alg port portno 6668 prot num 6 algtype mirc
create alg port portno 6669 prot num 6 algtype mirc
create alg port portno 161 prot num 17 algtype snmp
create alg port portno 407 prot num 17 algtype timbuktu
create alg port portno 6301 prot num 17 algtype sgicompcore
create alg port portno 1863 prot num 6 algtype msnmsgr
create alg port portno 389 prot num 6 algtype ldap
create alg port portno 1002 prot num 6 algtype ldap
create alg port portno 500 prot num 17 algtype ike
create alg port portno 0 prot num 50 algtype esp
create alg port portno 1503 prot num 6 algtype t120
create alg port portno 5060 algtype sip
create alg port portno 5190 prot num 6 algtype icq
create bridge port intf ifname eoa-0 (路由EOA-0端口,如果你要用PPPOE拨号软件上网就要这个)
create bridge port intf ifname eth-0 (路由ETH-0端口,用MODEN路由上网用这个)

modify stp port info ifname eoa-0 priority 0x80 pcost 100modify stp port info ifname eth-0 priority 0x80 pcost 100
create dhcp relay intf ifname ppp-0

modify ilmi access protocol ifname atm-0 vpi 0 vci 32 proto any
END

使用配置文件如图:

tsjdiablo · 发表于 2004-4-29 11:14:17

好啊，不过我想有没有更简单的，不要进入ADSL。直接用程序写的？

kulala · 发表于 2004-4-29 11:19:41

感谢分享~

swyong · 发表于 2004-4-29 12:16:09

怎样用呀?????

账号		自动登录	找回密码
密码			立即注册

更加直观的路由设置方法