VyOS软路由系统基本设置

1. VyOS简介

VyOS是一个开源的网络操作系统，可以安装在物理硬件上，也可以安装在你自己的虚拟机上，或者是一个云平台上。它基于GNU/Linux，并加入了多个应用程序，如：Quagga, ISC DHCPD, OpenVPN, StrongS/WAN等，以及其他的管理界面。

VyOS系统安装最低要求512M内存和2G存储即可。

2. 实验需求

最近工作中需要用到vyos软路由，现将工作中搭建的过程总结如下。

vyos开启dhcp，开启80和21端口转发

3. 环境准备

机器名称	配置	系统	地址	备注
vyos	2C4G	vyos-1.1.7	eth0 172.16.0.99 eth1 192.168.10.1	两块网卡，eth0为外网，可以连接internet，eth1为内网
vm1	2C4G	centos7.4	dhcp获取	一块网卡
vm2	2C4G	centos7.4	192.168.10.150	一块网卡

4. 实验拓扑

说明：

1.vyos开启dhcp，80端口转发和21端口转发

2.vm1 dhcp获取地址

3.vm2 配置静态地址，开启web服务和ftp服务

5. 基本设置

5.1 查看设置

# 查看全部设置

vyos@vyos:~$ show configuration

# 匹配查询

vyos@vyos:~$ show configuration commands | match eth0

# 查看网卡设置

vyos@vyos:~$ show interfaces

5.2 配置网卡

# 进入配置模式

vyos@vyos:~$ configure

# 设置网卡描述

vyos@vyos# set interfaces ethernet eth0 description 'PUBLIC NETWORK'

vyos@vyos# set interfaces ethernet eth1 description 'PRIVATE NETWORK'

# 配置ip地址

vyos@vyos# set interfaces ethernet eth0 address 172.16.0.99/24

vyos@vyos# set protocols static route 0.0.0.0/0 next-hop '172.16.0.254'

vyos@vyos# set interfaces ethernet eth1 address 192.168.10.1/24

# 开启ssh

vyos@vyos# set service ssh port '22'

# 保存配置

vyos@vyos# commit

vyos@vyos# save

5.3 配置dns转发

vyos@vyos# set service dns forwarding cache-size '0'

vyos@vyos# set service dns forwarding listen-on eth0

vyos@vyos# set service dns forwarding listen-on eth1

vyos@vyos# set service dns forwarding name-server '114.114.114.114'

vyos@vyos# set service dns forwarding name-server '8.8.8.8'

vyos@vyos# commit

vyos@vyos# save

5.4 配置dhcp服务

vyos@vyos# set service dhcp-server disabled 'false'

vyos@vyos# set service dhcp-server shared-network-name LAN description 'LAN DHCP'

vyos@vyos# set service dhcp-server shared-network-name LAN subnet 192.168.10.0/24 default-router 192.168.10.1

vyos@vyos# set service dhcp-server shared-network-name LAN subnet 192.168.10.0/24 start 192.168.10.100 stop 192.168.10.200

vyos@vyos# set service dhcp-server shared-network-name LAN subnet 192.168.10.0/24 lease '86400'

vyos@vyos# set service dhcp-server shared-network-name LAN subnet 192.168.10.0/24 dns-server 192.168.10.1

vyos@vyos# commit

vyos@vyos# save

5.5 配置内网出公网

vyos@vyos# set nat source rule 100 description 'TO INTERNET'

vyos@vyos# set nat source rule 100 source address 192.168.10.0/24

vyos@vyos# set nat source rule 100 outbound-interface eth0

vyos@vyos# set nat source rule 100 translation address 172.16.0.99

vyos@vyos# commit

vyos@vyos# save

5.6 配置web转发

vyos@vyos# set nat destination rule 1000 description "WEB SERVER"

vyos@vyos# set nat destination rule 1000 inbound-interface eth0

vyos@vyos# set nat destination rule 1000 destination address 172.16.0.99

vyos@vyos# set nat destination rule 1000 source address 0.0.0.0/0

vyos@vyos# set nat destination rule 1000 destination port 80

vyos@vyos# set nat destination rule 1000 protocol tcp

vyos@vyos# set nat destination rule 1000 translation address 192.168.10.150

vyos@vyos# set nat destination rule 1000 translation port 80

vyos@vyos# commit

vyos@vyos# save

5.7 配置ftp转发

vyos@vyos# set nat destination rule 1001 description "FTP SERVER"

vyos@vyos# set nat destination rule 1001 inbound-interface eth0

vyos@vyos# set nat destination rule 1001 destination address 172.16.0.99

vyos@vyos# set nat destination rule 1001 protocol tcp

vyos@vyos# set nat destination rule 1001 source address 0.0.0.0/0

vyos@vyos# set nat destination rule 1001 destination port 21

vyos@vyos# set nat destination rule 1001 translation address 192.168.10.150

vyos@vyos# set nat destination rule 1001 translation port 21

vyos@vyos# commit

vyos@vyos# save

5.8 测试检查

vm1设置网卡dhcp，重启网卡。发现可以获取到ip192.168.10.100，并可以连接外网

vm2设置网卡静态ip地址，重启网卡。并开启web和ftp服务

测试成功转发

参考资料

https://vyos.io/

https://wiki.vyos.net/wiki/User_Guide