## CentreCOM AR300/AR700 シリーズ 設定例集 2.3
##  54 Ethernet上でのファイアウォール・スタティックNAT
##  ルーターのコンフィグ

ENABLE IP
ADD IP INT=eth1-0 IP=4.4.4.1 MASK=255.255.255.248
ADD IP INT=eth1-1 IP=4.4.4.2 MASK=255.255.255.255
ADD IP INT=eth1-2 IP=4.4.4.3 MASK=255.255.255.255
ADD IP INT=eth1-3 IP=4.4.4.4 MASK=255.255.255.255
ADD IP INT=eth0 IP=192.168.10.1 MASK=255.255.255.0
ADD IP ROUTE=0.0.0.0 INT=eth1-0 NEXT=4.4.4.6
ENABLE FIREWALL
CREATE FIREWALL POLICY=net
ENABLE FIREWALL POLICY=net ICMP_F=PING,UNREACH
DISABLE FIREWALL POLICY=net IDENTPROXY
ADD FIREWALL POLICY=net INT=eth0 TYPE=PRIVATE
ADD FIREWALL POLICY=net INT=eth1-0 TYPE=PUBLIC
ADD FIREWALL POLICY=net INT=eth1-1 TYPE=PUBLIC
ADD FIREWALL POLICY=net INT=eth1-2 TYPE=PUBLIC
ADD FIREWALL POLICY=net INT=eth1-3 TYPE=PUBLIC
ADD FIREWALL POLICY=net NAT=STANDARD INT=eth0 IP=192.168.10.2 GBLINT=eth1-1 GBLIP=4.4.4.2
ADD FIREWALL POLICY=net NAT=STANDARD INT=eth0 IP=192.168.10.3 GBLINT=eth1-2 GBLIP=4.4.4.3
ADD FIREWALL POLICY=net NAT=STANDARD INT=eth0 IP=192.168.10.4 GBLINT=eth1-3 GBLIP=4.4.4.4
ADD FIREWALL POLICY=net NAT=ENHANCED INT=eth0 GBLINT=eth1-0
ADD FIREWALL POLICY=net RULE=1 AC=ALLOW INT=eth1-1 PROTO=TCP GBLIP=4.4.4.2 GBLPORT=80 IP=192.168.10.2 PORT=80 
ADD FIREWALL POLICY=net RULE=2 AC=ALLOW INT=eth1-2 PROTO=TCP GBLIP=4.4.4.3 GBLPORT=25 IP=192.168.10.3 PORT=25 
ADD FIREWALL POLICY=net RULE=3 AC=ALLOW INT=eth1-3 PROTO=TCP GBLIP=4.4.4.4 GBLPORT=53 IP=192.168.10.4 PORT=53
ADD FIREWALL POLICY=net RULE=4 AC=ALLOW INT=eth1-3 PROTO=UDP GBLIP=4.4.4.4 GBLPORT=53 IP=192.168.10.4 PORT=53
ADD IP FILTER=100 SOURCE=192.168.10.2 SMASK=255.255.255.255 POLICY=2
ADD IP FILTER=100 SOURCE=192.168.10.3 SMASK=255.255.255.255 POLICY=3
ADD IP FILTER=100 SOURCE=192.168.10.4 SMASK=255.255.255.255 POLICY=4
SET IP INT=eth0 POLICYFILTER=100
ADD IP ROUTE=0.0.0.0 INT=eth1-1 NEXT=4.4.4.6 POLICY=2
ADD IP ROUTE=0.0.0.0 INT=eth1-2 NEXT=4.4.4.6 POLICY=3
ADD IP ROUTE=0.0.0.0 INT=eth1-3 NEXT=4.4.4.6 POLICY=4