# RTX830 Rev.15.02.26 (Wed Sep 7 12:36:21 2022) # Memory 256Mbytes, 2LAN # main: RTX830 ver=00 # Reporting Date: Oct 11 20:23:56 2022 login password * administrator password encrypted * login user user * user attribute connection=serial,telnet,remote,ssh,sftp,http gui-page=dashboard,lan-map,config login-timer=600 user attribute user connection=serial,telnet,remote,ssh,sftp,http gui-page=dashboard,lan-map,config login-timer=600 ip route default gateway 172.29.3.1 filter 1 gateway 172.29.1.1 ip keepalive 1 icmp-echo 10 5 172.29.3.1 ipv6 route default gateway dhcp vlan2 ipv6 prefix 1 dhcp-prefix@vlan2::1/64 vlan port mapping lan1.1 vlan1 vlan port mapping lan1.2 vlan1 vlan port mapping lan1.3 vlan3 vlan port mapping lan1.4 vlan2 lan type lan1 port-based-option=divide-network ip vlan1 address 172.29.100.1/24 ip vlan1 proxyarp on ipv6 vlan1 address dhcp-prefix@vlan2::1/64 ipv6 vlan1 rtadv send 1 ipv6 vlan1 dhcp service server switch control use vlan1 on terminal=on ipv6 vlan2 dhcp service client ip vlan3 address 172.29.1.2/29 description lan2 BB-unit ip lan2 address 172.29.3.100/24 ip lan2 secure filter in 101003 101020 101021 101022 101023 101024 101025 101030 101032 101100 101101 101102 101103 ip lan2 secure filter out 101013 101020 101021 101022 101023 101024 101025 101026 101027 101099 dynamic 101080 101081 101082 101083 101084 101085 101098 101099 ip lan2 nat descriptor 200 ipv6 lan2 secure filter in 101000 101001 101002 ipv6 lan2 secure filter out 101099 dynamic 101080 101081 101082 101083 101084 101085 101098 101099 ngn type lan2 ntt pp select anonymous pp bind tunnel1-tunnel2 pp auth request mschap-v2 pp auth username *** **** ppp ipcp ipaddress on ppp ipcp msext on ppp ccp type none ip pp remote address pool dhcp ip pp mtu 1258 pp enable anonymous tunnel select 1 tunnel encapsulation l2tp ipsec tunnel 1 ipsec sa policy 1 1 esp aes-cbc sha-hmac ipsec ike keepalive use 1 off ipsec ike nat-traversal 1 on ipsec ike pre-shared-key 1 text ***** ipsec ike remote address 1 any l2tp tunnel disconnect time off ip tunnel tcp mss limit auto tunnel enable 1 tunnel select 2 tunnel encapsulation l2tp ipsec tunnel 2 ipsec sa policy 2 2 esp aes-cbc sha-hmac ipsec ike keepalive use 2 off ipsec ike nat-traversal 2 on ipsec ike pre-shared-key 2 text ***** ipsec ike remote address 2 any l2tp tunnel disconnect time off ip tunnel tcp mss limit auto tunnel enable 2 ip filter 1 pass * * * * * ip filter 101000 reject 10.0.0.0/8 * * * * ip filter 101001 reject 172.16.0.0/12 * * * * ip filter 101002 reject 172.29.0.0/16 * * * * ip filter 101003 reject 172.29.100.0/24 * * * * ip filter 101010 reject * 10.0.0.0/8 * * * ip filter 101011 reject * 172.16.0.0/12 * * * ip filter 101012 reject * 172.29.0.0/16 * * * ip filter 101013 reject * 172.29.100.0/24 * * * ip filter 101020 reject * * udp,tcp 135 * ip filter 101021 reject * * udp,tcp * 135 ip filter 101022 reject * * udp,tcp netbios_ns-netbios_ssn * ip filter 101023 reject * * udp,tcp * netbios_ns-netbios_ssn ip filter 101024 reject * * udp,tcp 445 * ip filter 101025 reject * * udp,tcp * 445 ip filter 101026 restrict * * tcpfin * www,21,nntp ip filter 101027 restrict * * tcprst * www,21,nntp ip filter 101030 pass * 172.29.100.0/24 icmp * * ip filter 101031 pass * 172.29.100.0/24 established * * ip filter 101032 pass * 172.29.100.0/24 tcp * ident ip filter 101033 pass * 172.29.100.0/24 tcp ftpdata * ip filter 101034 pass * 172.29.100.0/24 tcp,udp * domain ip filter 101035 pass * 172.29.100.0/24 udp domain * ip filter 101036 pass * 172.29.100.0/24 udp * ntp ip filter 101037 pass * 172.29.100.0/24 udp ntp * ip filter 101099 pass * * * * * ip filter 101100 pass * 172.29.100.1 udp * 500 ip filter 101101 pass * 172.29.100.1 esp ip filter 101102 pass * 172.29.100.1 udp * 4500 ip filter 101103 pass * 172.29.100.1 udp * 1701 ip filter 104000 reject 10.0.0.0/8 * * * * ip filter 104001 reject 172.16.0.0/12 * * * * ip filter 104002 reject 172.29.0.0/16 * * * * ip filter 104003 reject 172.29.100.0/24 * * * * ip filter 104010 reject * 10.0.0.0/8 * * * ip filter 104011 reject * 172.16.0.0/12 * * * ip filter 104012 reject * 172.29.0.0/16 * * * ip filter 104013 reject * 172.29.100.0/24 * * * ip filter 104020 reject * * udp,tcp 135 * ip filter 104021 reject * * udp,tcp * 135 ip filter 104022 reject * * udp,tcp netbios_ns-netbios_ssn * ip filter 104023 reject * * udp,tcp * netbios_ns-netbios_ssn ip filter 104024 reject * * udp,tcp 445 * ip filter 104025 reject * * udp,tcp * 445 ip filter 104026 restrict * * tcpfin * www,21,nntp ip filter 104027 restrict * * tcprst * www,21,nntp ip filter 104030 pass * 172.29.100.0/24 icmp * * ip filter 104031 pass * 172.29.100.0/24 established * * ip filter 104032 pass * 172.29.100.0/24 tcp * ident ip filter 104033 pass * 172.29.100.0/24 tcp ftpdata * ip filter 104034 pass * 172.29.100.0/24 tcp,udp * domain ip filter 104035 pass * 172.29.100.0/24 udp domain * ip filter 104036 pass * 172.29.100.0/24 udp * ntp ip filter 104037 pass * 172.29.100.0/24 udp ntp * ip filter 104099 pass * * * * * ip filter 500000 restrict * * * * * ip filter dynamic 101080 * * ftp ip filter dynamic 101081 * * domain ip filter dynamic 101082 * * www ip filter dynamic 101083 * * smtp ip filter dynamic 101084 * * pop3 ip filter dynamic 101085 * * submission ip filter dynamic 101098 * * tcp ip filter dynamic 101099 * * udp ip filter dynamic 104080 * * ftp ip filter dynamic 104081 * * domain ip filter dynamic 104082 * * www ip filter dynamic 104083 * * smtp ip filter dynamic 104084 * * pop3 ip filter dynamic 104085 * * submission ip filter dynamic 104098 * * tcp ip filter dynamic 104099 * * udp nat descriptor type 200 masquerade nat descriptor address outer 200 primary nat descriptor masquerade static 200 1 172.29.100.1 udp 500 nat descriptor masquerade static 200 2 172.29.100.1 esp nat descriptor masquerade static 200 3 172.29.100.1 udp 4500 nat descriptor masquerade static 200 4 172.29.100.1 udp 1701 ipsec auto refresh on ipsec transport 1 1 udp 1701 ipsec transport 2 2 udp 1701 ipv6 filter 101000 pass * * icmp6 * * ipv6 filter 101001 pass * * tcp * ident ipv6 filter 101002 pass * * udp * 546 ipv6 filter 101099 pass * * * * * ipv6 filter dynamic 101080 * * ftp ipv6 filter dynamic 101081 * * domain ipv6 filter dynamic 101082 * * www ipv6 filter dynamic 101083 * * smtp ipv6 filter dynamic 101084 * * pop3 ipv6 filter dynamic 101085 * * submission ipv6 filter dynamic 101098 * * tcp ipv6 filter dynamic 101099 * * udp telnetd host lan dhcp service server dhcp server rfc2131 compliant except remain-silent dhcp scope 1 172.29.100.20-172.29.100.127/24 gateway 172.29.100.1 dns host vlan1 lan2 dns service recursive dns server 172.29.3.1 dns server dhcp vlan2 dns server select 10 8.8.4.4 any . dns server select 500201 172.29.3.1 any . dns server select 500203 172.29.3.1 8.8.4.4 any . dns private address spoof on schedule at 1 */* 03:00:00 * ntpdate ntp.nict.jp syslog l2tp service on httpd host vlan1 statistics traffic on