[Nocrancid] autopop-onenet.net/panola-ps.client.onenet.net[0] router config diffs
rancid at rancid.noc.onenet.net
rancid at rancid.noc.onenet.net
Wed Aug 12 16:36:29 CDT 2015
Index: configs/panola-ps.client.onenet.net
===================================================================
--- configs/panola-ps.client.onenet.net (revision 129446)
+++ configs/panola-ps.client.onenet.net (working copy)
@@ -1,12 +1,15 @@
# RANCID-CONTENT-TYPE: juniper
#
-# grnoc-mon at PANOLA-PUB-SCH-SRX220-LEASED-ASSET-TAG-004646> show system commit
+# grnoc-mon at PANOLA-PS-SRX220-LEASED-004646> show system commit
+# 2015-07-27 11:00:39 CDT by sky via cli
+# 2015-07-27 10:36:00 CDT by sky via cli commit confirmed, rollback in 5mins
+# 2015-07-27 09:25:09 CDT by sky via cli
# 2015-07-22 18:49:00 CDT by admin via cli
# 2015-06-22 23:45:13 CDT by root via cli
# 2015-05-22 22:27:42 CDT by root via other
# rescue 2015-06-22 23:45:44 CDT by root via cli
#
-# grnoc-mon at PANOLA-PUB-SCH-SRX220-LEASED-ASSET-TAG-004646> show chassis environment
+# grnoc-mon at PANOLA-PS-SRX220-LEASED-004646> show chassis environment
# Class Item Status Measurement
# Temp Routing Engine OK
# Routing Engine CPU Absent
@@ -14,17 +17,17 @@
# SRX220 Chassis fan 1 OK
# Power Power Supply 0 OK
#
-# grnoc-mon at PANOLA-PUB-SCH-SRX220-LEASED-ASSET-TAG-004646> show chassis firmware
+# grnoc-mon at PANOLA-PS-SRX220-LEASED-004646> show chassis firmware
# Part Type Version
# FPC 0 O/S Version 12.1X46-D20.5 by builder on 2014-05
# FWDD O/S Version 12.1X46-D20.5 by builder on 2014-05
#
-# grnoc-mon at PANOLA-PUB-SCH-SRX220-LEASED-ASSET-TAG-004646> show chassis fpc detail
+# grnoc-mon at PANOLA-PS-SRX220-LEASED-004646> show chassis fpc detail
# Slot 0 information:
# State Online
# Total CPU DRAM ---- CPU less FPC ----
#
-# grnoc-mon at PANOLA-PUB-SCH-SRX220-LEASED-ASSET-TAG-004646> show chassis hardware
+# grnoc-mon at PANOLA-PS-SRX220-LEASED-004646> show chassis hardware
# Hardware inventory:
# Item Version Part number Serial number Description
# Chassis CF0814AK0354 SRX220H2
@@ -33,15 +36,15 @@
# PIC 0 8x GE Base PIC
# Power Supply 0
#
-# grnoc-mon at PANOLA-PUB-SCH-SRX220-LEASED-ASSET-TAG-004646> show chassis hardware models
-# grnoc-mon at PANOLA-PUB-SCH-SRX220-LEASED-ASSET-TAG-004646> show chassis routing-engine
+# grnoc-mon at PANOLA-PS-SRX220-LEASED-004646> show chassis hardware models
+# grnoc-mon at PANOLA-PS-SRX220-LEASED-004646> show chassis routing-engine
# Routing Engine status:
# Serial ID ACLB4138
#
-# grnoc-mon at PANOLA-PUB-SCH-SRX220-LEASED-ASSET-TAG-004646> show chassis scb
-# grnoc-mon at PANOLA-PUB-SCH-SRX220-LEASED-ASSET-TAG-004646> show chassis sfm detail
-# grnoc-mon at PANOLA-PUB-SCH-SRX220-LEASED-ASSET-TAG-004646> show chassis ssb
-# grnoc-mon at PANOLA-PUB-SCH-SRX220-LEASED-ASSET-TAG-004646> show system boot-messages
+# grnoc-mon at PANOLA-PS-SRX220-LEASED-004646> show chassis scb
+# grnoc-mon at PANOLA-PS-SRX220-LEASED-004646> show chassis sfm detail
+# grnoc-mon at PANOLA-PS-SRX220-LEASED-004646> show chassis ssb
+# grnoc-mon at PANOLA-PS-SRX220-LEASED-004646> show system boot-messages
# kld_map_v: 0x8ff80000, kld_map_p: 0x0
# Copyright (c) 1996-2014, Juniper Networks, Inc.
# All rights reserved.
@@ -88,16 +91,16 @@
# ad0: 2000MB <CF 2GB 20100924> at ata2-master WDMA2
# Trying to mount root from ufs:/dev/ad0s2a
#
-# grnoc-mon at PANOLA-PUB-SCH-SRX220-LEASED-ASSET-TAG-004646> show version
-# Hostname: PANOLA-PUB-SCH-SRX220-LEASED-ASSET-TAG-004646 # Model: srx220h2 # JUNOS Software Release [12.1X46-D20.5] # # grnoc-mon at PANOLA-PUB-SCH-SRX220-LEASED-ASSET-TAG-004646> file list /var/tmp detail # lrw-r--r-- 1 root wheel 11 May 14 2014 /var/tmp@ -> /cf/var/tmp
+# grnoc-mon at PANOLA-PS-SRX220-LEASED-004646> show version
+# Hostname: PANOLA-PS-SRX220-LEASED-004646 # Model: srx220h2 # JUNOS Software Release [12.1X46-D20.5] # # grnoc-mon at PANOLA-PS-SRX220-LEASED-004646> file list /var/tmp detail # lrw-r--r-- 1 root wheel 11 May 14 2014 /var/tmp@ -> /cf/var/tmp
# total files: 1
#
-# grnoc-mon at PANOLA-PUB-SCH-SRX220-LEASED-ASSET-TAG-004646> show system uptime
+# grnoc-mon at PANOLA-PS-SRX220-LEASED-004646> show system uptime
# System booted: 2015-07-22 14:20 CDT
# Protocols started: 2015-07-22 14:22 CDT
-# Last configured: 2015-07-22 18:49 CDT by admin
+# Last configured: 2015-07-27 11:00 CDT by sky
#
-# grnoc-mon at PANOLA-PUB-SCH-SRX220-LEASED-ASSET-TAG-004646> show interface terse
+# grnoc-mon at PANOLA-PS-SRX220-LEASED-004646> show interface terse
#Interface Admin Link
#ge-0/0/0 up up
#ge-0/0/0.0 up up
@@ -139,11 +142,11 @@
#tap up up
#vlan up up
#vlan.999 up down
-# grnoc-mon at PANOLA-PUB-SCH-SRX220-LEASED-ASSET-TAG-004646> show configuration
-## Last commit: 2015-07-22 18:49:00 CDT by admin
+# grnoc-mon at PANOLA-PS-SRX220-LEASED-004646> show configuration
+## Last commit: 2015-07-27 11:00:39 CDT by sky
version 12.1X46-D20.5;
system {
- host-name PANOLA-PUB-SCH-SRX220-LEASED-ASSET-TAG-004646;
+ host-name PANOLA-PS-SRX220-LEASED-004646;
domain-name onenet.net;
time-zone America/Chicago;
authentication-order [ radius password ];
@@ -308,10 +311,10 @@
disable;
}
ge-0/0/7 {
- description "TRUST LAN Interface - 192.168.0.1/24";
+ description "TRUST LAN Interface - 192.168.0.1/16";
unit 0 {
family inet {
- address 192.168.0.1/24;
+ address 192.168.0.1/16;
}
}
}
@@ -368,6 +371,13 @@
}
}
security {
+ address-book {
+ global {
+ address host-192.168.0.13 192.168.0.13/32;
+ address host-192.168.0.21 192.168.0.21/32;
+ address host-192.168.0.107 192.168.0.107/32;
+ }
+ }
screen {
ids-option UNTRUST-SCREEN {
icmp {
@@ -420,6 +430,56 @@
}
}
}
+ static {
+ rule-set UNTRUST-TO-TRUST-NAT {
+ from zone UNTRUST;
+ rule WEBSERVER-NAT {
+ match {
+ destination-address 156.110.35.226/32;
+ }
+ then {
+ static-nat {
+ prefix {
+ 192.168.0.13/32;
+ }
+ }
+ }
+ }
+ rule AD-RDP-NAT {
+ match {
+ destination-address 156.110.35.227/32;
+ }
+ then {
+ static-nat {
+ prefix {
+ 192.168.0.21/32;
+ }
+ }
+ }
+ }
+ rule CHOC-LANG-CAM-NAT {
+ match {
+ destination-address 156.110.35.228/32;
+ }
+ then {
+ static-nat {
+ prefix {
+ 192.168.0.107/32;
+ }
+ }
+ }
+ }
+ }
+ }
+ proxy-arp {
+ interface ge-0/0/0.0 {
+ address {
+ 156.110.35.226/32;
+ 156.110.35.228/32;
+ 156.110.35.227/32;
+ }
+ }
+ }
}
policies {
from-zone TRUST to-zone UNTRUST {
@@ -446,6 +506,38 @@
}
}
}
+ from-zone UNTRUST to-zone TRUST {
+ policy 201507270935 {
+ match {
+ source-address any;
+ destination-address host-192.168.0.13;
+ application any;
+ }
+ then {
+ permit;
+ }
+ }
+ policy 201507270955 {
+ match {
+ source-address any;
+ destination-address host-192.168.0.21;
+ application [ custom-3389-udp custom-3389-tcp ];
+ }
+ then {
+ permit;
+ }
+ }
+ policy 201507271007 {
+ match {
+ source-address any;
+ destination-address host-192.168.0.107;
+ application any;
+ }
+ then {
+ permit;
+ }
+ }
+ }
}
zones {
security-zone TRUST {
@@ -542,6 +634,16 @@
}
}
}
+applications {
+ application custom-3389-udp {
+ protocol udp;
+ destination-port 3389;
+ }
+ application custom-3389-tcp {
+ protocol tcp;
+ destination-port 3389;
+ }
+}
ethernet-switching-options {
secure-access-port {
interface ge-0/0/1.0 {
@@ -559,15 +661,15 @@
l3-interface vlan.999;
}
}
-# grnoc-mon at PANOLA-PUB-SCH-SRX220-LEASED-ASSET-TAG-004646> show ospf neighbor
+# grnoc-mon at PANOLA-PS-SRX220-LEASED-004646> show ospf neighbor
# OSPF instance is not running
#
-# grnoc-mon at PANOLA-PUB-SCH-SRX220-LEASED-ASSET-TAG-004646> show bfd session
+# grnoc-mon at PANOLA-PS-SRX220-LEASED-004646> show bfd session
0 sessions, 0 clients
Cumulative transmit rate 0.0 pps, cumulative receive rate 0.0 pps
-# grnoc-mon at PANOLA-PUB-SCH-SRX220-LEASED-ASSET-TAG-004646> show system snapshot media internal
+# grnoc-mon at PANOLA-PS-SRX220-LEASED-004646> show system snapshot media internal
# Information for snapshot on internal (/dev/ad0s1a) (backup)
# Creation date: Jun 22 23:46:52 2015
# JUNOS version on snapshot:
More information about the Nocrancid
mailing list