mirror of
https://github.com/fwbuilder/fwbuilder
synced 2026-03-20 18:27:16 +01:00
182 lines
4.4 KiB
Plaintext
Executable File
182 lines
4.4 KiB
Plaintext
Executable File
!
|
|
! This is automatically generated file. DO NOT MODIFY !
|
|
!
|
|
! Firewall Builder fwb_pix v4.2.0.3439
|
|
!
|
|
! Generated Wed Jan 19 18:23:23 2011 PST by vadim
|
|
!
|
|
! Compiled for pix 8.3
|
|
! Outbound ACLs: supported
|
|
! Emulate outbound ACLs: yes
|
|
! Generating outbound ACLs: no
|
|
! Assume firewall is part of any: yes
|
|
!
|
|
!# files: * firewall91.fw
|
|
!
|
|
! testing new style ASA 8.3 nat commands
|
|
! DNAT rules
|
|
|
|
! N firewall91:NAT:8: error: Can not translate multiple services into one service in one rule.
|
|
! N firewall91:NAT:9: error: Translated service should be 'Original' or should contain single object.
|
|
! N firewall91:NAT:13: error: Oiginal destination can not be "any" in rules that translate destination
|
|
! N firewall91:NAT:14: error: Oiginal destination can not be "any" in rules that translate destination
|
|
! N firewall91:NAT:15: error: Oiginal destination can not be "any" in rules that translate destination
|
|
! N firewall91:NAT:16: error: Oiginal destination can not be "any" in rules that translate destination
|
|
|
|
!
|
|
! Prolog script:
|
|
!
|
|
|
|
!
|
|
! End of prolog script:
|
|
!
|
|
|
|
|
|
|
|
|
|
interface FastEthernet0
|
|
nameif inside
|
|
security-level 100
|
|
exit
|
|
|
|
interface FastEthernet1
|
|
nameif outside
|
|
security-level 0
|
|
exit
|
|
|
|
|
|
no logging buffered
|
|
no logging console
|
|
no logging timestamp
|
|
no logging on
|
|
|
|
|
|
timeout xlate 3:0:0
|
|
timeout conn 1:0:0
|
|
timeout udp 0:2:0
|
|
timeout sunrpc 0:10:0
|
|
timeout h323 0:5:0
|
|
timeout sip 0:30:0
|
|
timeout sip_media 0:0:0
|
|
timeout half-closed 0:0:0
|
|
timeout uauth 2:0:0 absolute
|
|
|
|
|
|
clear config ssh
|
|
aaa authentication ssh console LOCAL
|
|
|
|
clear config snmp-server
|
|
no snmp-server enable traps
|
|
|
|
clear config ntp
|
|
|
|
|
|
no service resetinbound
|
|
no service resetoutside
|
|
no sysopt connection timewait
|
|
no sysopt nodnsalias inbound
|
|
no sysopt nodnsalias outbound
|
|
|
|
|
|
class-map inspection_default
|
|
match default-inspection-traffic
|
|
|
|
policy-map global_policy
|
|
class inspection_default
|
|
|
|
service-policy global_policy global
|
|
|
|
policy-map type inspect ip-options ip-options-map
|
|
parameters
|
|
eool action allow
|
|
router-alert action clear
|
|
|
|
|
|
!################
|
|
clear config access-list
|
|
clear config object-group
|
|
clear config icmp
|
|
clear config telnet
|
|
!
|
|
! Rule 0 (global)
|
|
access-list inside_acl_in deny ip any any
|
|
access-list outside_acl_in deny ip any any
|
|
|
|
|
|
access-group inside_acl_in in interface inside
|
|
access-group outside_acl_in in interface outside
|
|
|
|
clear xlate
|
|
clear config nat
|
|
clear config object
|
|
|
|
object network hostA:eth0.0
|
|
host 192.168.1.10
|
|
quit
|
|
object network external_gw2.0
|
|
host 22.22.22.100
|
|
quit
|
|
object service http.0
|
|
service tcp destination eq 80
|
|
quit
|
|
object service squid.0
|
|
service tcp destination eq 3128
|
|
quit
|
|
object service https.0
|
|
service tcp destination eq 443
|
|
quit
|
|
object network outside_range.0
|
|
range 22.22.22.21 22.22.22.25
|
|
quit
|
|
object network internal_subnet_1.0
|
|
subnet 192.168.1.0 255.255.255.192
|
|
quit
|
|
object network test_range_1.0
|
|
range 192.168.1.11 192.168.1.15
|
|
quit
|
|
!
|
|
! Rule 0 (NAT)
|
|
nat (outside,inside) source static any any destination static interface hostA:eth0.0 description "0 (NAT)"
|
|
!
|
|
! Rule 1 (NAT)
|
|
nat (outside,inside) source static any any destination static interface hostA:eth0.0 description "1 (NAT)"
|
|
!
|
|
! Rule 2 (NAT)
|
|
nat (outside,inside) source static any any destination static external_gw2.0 hostA:eth0.0 description "2 (NAT)"
|
|
!
|
|
! Rule 3 (NAT)
|
|
nat (outside,inside) source static any any destination static interface hostA:eth0.0 service http.0 http.0 description "3 (NAT)"
|
|
!
|
|
! Rule 4 (NAT)
|
|
nat (outside,inside) source static any any destination static interface hostA:eth0.0 service http.0 http.0 description "4 (NAT)"
|
|
!
|
|
! Rule 5 (NAT)
|
|
nat (outside,inside) source static any any destination static interface hostA:eth0.0 service http.0 squid.0 description "5 (NAT)"
|
|
!
|
|
! Rule 6 (NAT)
|
|
nat (outside,inside) source static any any destination static interface hostA:eth0.0 service https.0 https.0 description "6 (NAT)"
|
|
!
|
|
! Rule 7 (NAT)
|
|
nat (outside,inside) source static any any destination static interface hostA:eth0.0 service http.0 http.0 description "7 (NAT)"
|
|
!
|
|
! Rule 10 (NAT)
|
|
! for #1941
|
|
nat (outside,inside) source static any any destination static outside_range.0 hostA:eth0.0 description "10 (NAT)"
|
|
!
|
|
! Rule 11 (NAT)
|
|
! for #1941
|
|
nat (inside,outside) source dynamic internal_subnet_1.0 interface destination static outside_range.0 hostA:eth0.0 description "11 (NAT)"
|
|
!
|
|
! Rule 12 (NAT)
|
|
! translating one range into another.
|
|
nat (outside,inside) source static any any destination static outside_range.0 test_range_1.0 description "12 (NAT)"
|
|
|
|
|
|
|
|
!
|
|
! Epilog script:
|
|
!
|
|
|
|
! End of epilog script:
|
|
!
|