I'm wanting to experiment with building a linux box to do firewall and NAT'ing chores. To do this, I'd like to configure my Cico 804 to be as "dumb" as possible. Just basically turn it into an ISDN modem that passes traffic unaltered over ethernet to the linux box, which would become the firewall and router.
Posted below is my current config, suggestions on how to dumb it up?
Thanks for any advice.
Posted below is my current config, suggestions on how to dumb it up?
Thanks for any advice.
Code:
Current configuration : 3193 bytes
!
version 12.1
no service single-slot-reload-enable
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname ****
!
boot config flash:ful)oconfig
logging buffered 8192 debugging
logging rate-limit console 10 except errors
enable secret ****
!
username **** password ****
!
dial-peer voice 1 pots
caller-id
call-waiting
ring 0
registered-caller ring 1
port 1
destination-pattern ****
!
dial-peer voice 2 pots
caller-id
call-waiting
ring 0
registered-caller ring 1
port 2
destination-pattern ****
!
pots country US
ip subnet-zero
no ip source-route
!
ip inspect name firewall cuseeme
ip inspect name firewall fragment maximum 256 timeout 1
ip inspect name firewall ftp
ip inspect name firewall http
ip inspect name firewall h323
ip inspect name firewall realaudio
ip inspect name firewall smtp
ip inspect name firewall sqlnet
ip inspect name firewall streamworks
ip inspect name firewall tftp
ip inspect name firewall vdolive
ip inspect name firewall tcp
ip inspect name firewall udp
no ip finger
isdn switch-type basic-ni
cns event-service server
!
!
!
!
!
interface Ethernet0
ip address 192.168.100.100 255.255.255.0
ip access-group 101 in
no ip proxy-arp
ip nat inside
!
interface BRI0
no ip address
encapsulation ppp
dialer pool-member 1
isdn switch-type basic-ni
isdn spid1 **** ****
isdn spid2 **** ****
isdn incoming-voice modem
ppp authentication chap pap callin
ppp multilink
!
interface Dialer1
description ISP
ip address negotiated
ip access-group 111 in
no ip proxy-arp
ip nat outside
ip inspect firewall out
encapsulation ppp
no ip split-horizon
dialer pool 1
dialer remote-name Cisco1
dialer idle-timeout 1200
dialer string **** class DialClass
dialer hold-queue 10
dialer load-threshold 1 either
dialer-group 1
pulse-time 0
ppp authentication chap pap callin
ppp chap hostname ****
ppp chap password ****
ppp pap sent-username **** password ****
ppp multilink
!
ip nat pool BT 192.168.100.101 192.168.100.101 netmask 255.255.255.0 type rotary
ip nat inside source list 18 interface Dialer1 overload
ip nat inside source static tcp 192.168.100.101 4662 interface Dialer1 4662
ip nat inside source static udp 192.168.100.101 4672 interface Dialer1 4672
ip nat inside destination list 102 pool BT
ip kerberos source-interface any
no ip http server
ip classless
ip route 0.0.0.0 0.0.0.0 Dialer1
!
!
map-class dialer DialClass
!
map-class dialer dialclass
access-list 18 permit 192.168.100.0 0.0.0.255
access-list 101 deny udp any eq netbios-dgm any
access-list 101 deny udp any eq netbios-ns any
access-list 101 deny udp any eq netbios-ss any
access-list 101 deny tcp any eq 137 any
access-list 101 deny tcp any eq 138 any
access-list 101 deny tcp any eq 139 any
access-list 101 permit ip 192.168.100.0 0.0.0.255 any
access-list 102 permit tcp any any range 6881 6999
dialer-list 1 protocol ip permit
!
line con 0
exec-timeout 120 0
transport input none
stopbits 1
line vty 0 4
exec-timeout 0 0
login local
!
!
time-range TIME
periodic daily 0:00 to 23:59
!
end