Can anyone please review my config and let me know if this is a decent setup for a fiewall for home use?
Cisco1841#show run
Building configuration...
Current configuration : 3558 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Cisco1841
!
boot-start-marker
boot system usbflash0:c1841-advipservicesk9-mz.124-12.bin
boot-end-marker
!
!
no aaa new-model
clock timezone PSD -8
ip cef
!
!
!
!
ip domain name jjkkcc.com
ip name-server 68.105.28.16
ip name-server 68.105.29.16
ip name-server 8.8.8.8
ip name-server 8.8.4.4
ip name-server 192.168.1.250
ip inspect name ethernetin cuseeme timeout 3600
ip inspect name ethernetin ftp timeout 3600
ip inspect name ethernetin h323 timeout 3600
ip inspect name ethernetin http timeout 3600
ip inspect name ethernetin rcmd timeout 3600
ip inspect name ethernetin realaudio timeout 3600
ip inspect name ethernetin smtp timeout 3600
ip inspect name ethernetin sqlnet timeout 3600
ip inspect name ethernetin streamworks timeout 3600
ip inspect name ethernetin tcp timeout 3600
ip inspect name ethernetin tftp timeout 30
ip inspect name ethernetin udp timeout 15
ip inspect name ethernetin vdolive timeout 3600
ip sla monitor 10
type echo protocol ipIcmpEcho 24.234.191.225
frequency 300
ip sla monitor schedule 10 life forever start-time now
ip sla monitor 11
type echo protocol ipIcmpEcho 24.234.191.225 source-ipaddr 24.234.191.XXX
request-data-size 24
tos 30
timeout 60000
threshold 100
owner OpManager
ip sla monitor reaction-configuration 11 connection-loss-enable verify-error-enable timeout-enable threshold-falling 75 threshold-type immediate action-type trapOnly
ip sla monitor schedule 11 life forever start-time pending ageout 60
ip sla monitor 12
type pathEcho protocol ipIcmpEcho 24.234.191.225 source-ipaddr 24.234.191.240
request-data-size 24
tos 30
timeout 60000
threshold 100
owner OpManager
paths-of-statistics-kept 2
hops-of-statistics-kept 15
!
!
!
username woodjl1650 privilege 15 password 0 henry999
!
!
!
!
!
interface FastEthernet0/0
ip address 192.168.1.6 255.255.255.0
ip access-group 101 in
ip nat inside
ip inspect ethernetin in
ip virtual-reassembly
duplex auto
speed auto
!
interface FastEthernet0/1
ip address 24.234.191.XXX 255.255.255.224
ip access-group 112 in
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
!
ip route 0.0.0.0 0.0.0.0 24.234.191.225
!
!
no ip http server
no ip http secure-server
ip nat pool NATpool 24.234.191.XXX 24.234.191.XXX netmask 255.255.255.0
ip nat inside source list 1 pool NATpool
ip nat inside source list NAT interface FastEthernet0/1 overload
ip nat inside source static tcp 192.168.1.10 3074 interface FastEthernet0/0 3074
ip nat inside source static udp 192.168.1.10 3074 interface FastEthernet0/0 3074
!
ip access-list standard NAT
permit 192.168.1.0 0.0.0.255
!
access-list 1 permit 192.0.0.0 0.255.255.255
access-list 101 permit udp any any eq 3074
access-list 101 permit tcp any any eq 3074
access-list 101 permit tcp 192.0.0.0 0.255.255.255 any
access-list 101 permit udp 192.0.0.0 0.255.255.255 any
access-list 101 permit icmp 192.0.0.0 0.255.255.255 any
access-list 101 deny ip any any log
access-list 112 permit icmp any 24.234.191.0 0.0.0.255 unreachable
access-list 112 permit icmp any 191.191.191.0 0.0.0.255 echo-reply
snmp-server community public RW
snmp-server trap link ietf
snmp-server location Las Vegas, NV, USA
snmp-server contact Jonathan Wood - Network Admin
snmp-server chassis-id Cisco1841-Router
snmp-server host 192.168.1.155 version 2c public
!
!
!
!
control-plane
!
!
!
line con 0
line aux 0
line vty 0 4
login local
transport input ssh
!
scheduler allocate 20000 1000
end
