Increase the telnet session timeoutrouter#clock set 12:34:50 11 oct 2002 router#conf t router(config)#hostname gw gw(config)#ntp server *.*.*.* gw(config)#clock timezone BST 9 gw(config)#no cdp run
gw#conf t gw(config)#line vty 0 4 gw(config-line)#exec-timeout 0 0
Network address translation (NAT) is a technique used in computer networking, which relies on rewriting IP addresses of network packets passing through a router or firewall. This is merely a trick, in the sense routers are not supposed to do that sort of thing, but it is still a very useful and widely used trick.
We can distinguish two kinds of NAT: source address translation (source NAT), where the IP address of the computer which initiated the connection is rewritten, and its counterpart: destination address translation NAT (destination NAT).
IP masquerading is a particular case of source NAT; this is a common technique often used to allow multiple computers to relatively transparently share an Internet connection. To the computers on the local network, the "NAT box" looks like just another router, but in reality, it is doing all sorts of magic.
When the computer performing the NAT routes the systems behind it onto the Internet, it transparently changes the source IP address of the internal system to its external (Internet) address and remembers basic data about the connection. The packet then traverses the Internet to its destination as if it had been generated by the router itself. When the reply is sent back, the router looks at the connection tracking data it stored before and determines where to send it back on the internal network.
The benefits of NAT are great. It allows many computers to access the internet utilizing only a single IP address on the internet. This not only saves money for the organization employing NAT, but also conserves addresses on the internet as few are still available. Downsides include difficulty in using services that require the initiation of TCP connections from the outside network, or stateless protocols such as those utilising UDP; unless the NAT router makes specific effort to support such protocols, incoming connections cannot reach their destination.
If you are using destination NAT, you can publish the Internet service like HTTP.gw#conf t gw(config)#int e0 gw(config-if)#ip nat inside gw(config-if)#exit gw(config)#int e1 gw(config-if)#ip nat outside gw(config-if)#exit gw(config)#access-list 2 permit 192.168.0.0 0.0.0.255 gw(config)#ip nat inside source list 2 interface e1 overload
gw(config)#ip nat inside source static tcp 192.168.0.158 80 interface Ethernet0/1 80
Change formats of date, save log into memory. See by "sh logging"gw#conf t gw(config)#logging on gw(config)#logging 192.168.0.2 gw(config)#logging facility local1 gw(config)#logging source-interface e0
Edit /etc/sysconfig/syslog (RedHat7.2) to accept syslog messages remotelygw(config)#timestamps log datetime msec localtime gw(config)#service timestamps debug uptime gw(config)#logging buffered 8192 debugging
Edit /etc/syslog.conf and add one line as belowSYSLOGD_OPTIONS="-m 0 -r"
Edit /etc/logrotate.d/syslog to lotate /var/log/gw.log file... local1.* /var/log/gw.log
/var/log/messages /var/log/secure /var/log/maillog /var/log/spooler /var/log/boo
t.log /var/log/cron /var/log/gw.log {
sharedscripts
postrotate
/bin/kill -HUP `cat /var/run/syslogd.pid 2> /dev/null` 2> /dev/null || t
rue
endscript
}
# /etc/init.d/syslog restart Shutting down kernel logger: [ OK ] Shutting down system logger: [ OK ] Starting system logger: [ OK ] Starting kernel logger: [ OK ]
gw#conf t gw(config)#priority-list 1 protocol ip high tcp pop3 gw(config)#priority-list 1 protocol ip high tcp smtp
gw(config)#no ip finger gw(config)#no ip source-route gw(config)#no service tcp-small-servers gw(config)#no service udp-small-servers gw(config)#int s0 gw(config-if)#ip accounting access-violations
gw#conf t gw(config)#snmp-server community public RO
gw(config)#aaa new-model gw(config)#aaa authentication login default local enable gw(config)#username username password 7 password
Configuring DHCP on a Cisco router
! no ip dhcp conflict logging ip dhcp excluded-address 192.168.0.1 192.168.0.100 ! ip dhcp pool internalnet network 192.168.0.0 /24 default-router 192.168.0.1 domain-name yourdomain.com dns-server 192.168.0.2 192.168.0.3 netbios-name-server 192.168.0.4 netbios-node-type h-node lease 5 !