Bij een nieuwe router hoort ook een nieuwe configuratie, deze configuratie heeft ook een firewall.. wel zo handig.
De poorten die in deze voorbeeld config openstaan zijn: 22 voor ssh, 25 voor smtp en 80 voor de webserver.
Mijn provider is XS4ALL dus daar is deze config op geschreven.

Je hebt voor deze configuratie natuurlijk wel een IOS met firewall ondersteuning nodig.

Succes ermee.

--------- Configuratie ---------

 

!
version 12.3
no service pad
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname Cisco826
!
boot-start-marker
boot-end-marker
!
no logging buffered
no logging console
!
enable secret  PASSWORD
!
username USER1 password PASSWORD
username USER2 password PASSWORD
!
clock timezone gmt 1
aaa new-model
ip subnet-zero
!
ip cef
ip inspect name myfw cuseeme timeout 3600
ip inspect name myfw ftp timeout 3600
ip inspect name myfw rcmd timeout 3600
ip inspect name myfw realaudio timeout 3600
ip inspect name myfw smtp timeout 3600
ip inspect name myfw tftp timeout 30
ip inspect name myfw udp timeout 15
ip inspect name myfw tcp timeout 3600
ip inspect name myfw h323 timeout 3600
partition flash 2 6 2
!
!
!
!
interface Ethernet0
 ip address 192.168.200.254 255.255.255.0
 ip nat inside
 no cdp enable
 hold-queue 100 out
 no shutdown
!
interface ATM0
 no ip address
 no ip route-cache cef
 no ip route-cache
 no atm ilmi-keepalive
 no shutdown
 dsl operating-mode auto
 pvc 8/48
  encapsulation aal5mux ppp dialer
  dialer pool-member 1
 !
!
interface Dialer1
 ip address negotiated
 ip access-group 111 in
 ip mtu 1492
 ip nat outside
 ip inspect myfw out
 encapsulation ppp
 dialer pool 1
 dialer-group 1
 ppp authentication pap callin
 ppp pap sent-username This email address is being protected from spambots. You need JavaScript enabled to view it. This e-mail address is being protected from spambots. You need JavaScript enabled to view it password PASSWORD
 hold-queue 224 in
!

!    Port forwards !
ip nat inside source list 102 interface Dialer1 overload
ip nat inside source static tcp 192.168.200.100 25 interface Dialer1 25
ip nat inside source static tcp 192.168.200.100 22 interface Dialer1 22
ip nat inside source static tcp 192.168.200.100 80 interface Dialer1 80
ip classless
ip route 0.0.0.0 0.0.0.0 Dialer1 permanent
no ip http server
!
access-list 23 permit 192.168.200.0 0.0.0.255
access-list 102 permit ip 192.168.200.0 0.0.0.255 any
access-list 111 permit icmp any any echo-reply
access-list 111 permit icmp any any packet-too-big
access-list 111 permit icmp any any time-exceeded
access-list 111 permit icmp any any traceroute
access-list 111 permit icmp any any unreachable
access-list 111 permit tcp any any eq 25
access-list 111 permit tcp any any eq 22
access-list 111 permit tcp any any eq 80
access-list 111 permit icmp any any echo
access-list 111 deny   ip any any
dialer-list 1 protocol ip permit
no cdp run
!
line con 0
 login
 transport preferred all
 transport output all
 stopbits 1
line vty 0 4
 password PASSWORD
 login
 transport preferred all
 transport input all
 transport output all
!
scheduler max-task-time 5000
!
!
sntp server ntp.xs4all.nl
sntp broadcast client
!
!
end