Username: vyatta

Password: vyatta

配置网卡:

编辑:

configure

内部网络IP地址配置:192.168.0.1

set interfaces ethernet eth0 address 192.168.0.1/24

set interfaces ethernet eth0 description Inside

从DHCP 服务器上自动外网IP地址:

set interfaces ethernet eth1 address dhcp

set interfaces ethernet eth1 description Outside

commit

查看:

show interfaces

ip addr

ping www.google.com

ethernet eth0 {

address 192.168.0.1/24

description Inside

duplex auto

smp_affinity auto

speed auto

}

ethernet eth1 {

address dhcp

description Outside

duplex auto

firewall {

in {

name WAN_IN

}

}

smp_affinity auto

speed auto

}

loopback lo {

}

配置SSH:

set service ssh port '22'

set service ssh listen-address 192.168.0.1      (router内网ip地址)

commit

vyatta@vyatta# show service ssh

listen-address 192.168.0.1

port 22

protocol-version v2

内网通外网:

配置网络地址转换(NAT):             //内部网络的所有机器共享同一个外部网络地址(连接外网)

Configure Source NAT for our "Inside" network.

set service nat rule 10 outbound-interface eth1  (外网网卡)   NAT出口设置

set service nat rule 10 source address 192.168.0.0/24                        NAT需要转换的地址

set service nat rule 10 type masquerade            启用NAT

commit

vyatta@vyatta# show service

nat {

rule 10 {

outbound-interface eth1

source {

address 192.168.0.0/24

}

type masquerade

}

设置DNS Forwarding(DNS 服务器转发):

set service dns forwarding listen-on eth0      (内网网卡)

set service dns forwarding cache-size '0'

set service dns forwarding name-server 10.108.36.85    (搭建有dns服务器的任意一台VM的IP地址)

commit

vyatta@vyatta# show service dns

dns {

forwarding {

cache-size 0

listen-on eth0   (内网)

name-server 10.108.36.85

}

}

外网通内网:

配置防火墙规则:

set firewall name WAN_IN rule 10 action accept

set firewall name WAN_IN rule 10 destination address 192.168.0.12

set firewall name WAN_IN rule 10 destination port 443

set firewall name WAN_IN rule 10  protocol tcp

set firewall name WAN_IN rule 10 description ALLOW-ACCESS-TO-ACCESS-GATEWAY

set firewall name WAN_IN rule 10 log enable

set firewall name WAN_IN rule 20 action accept

set firewall name WAN_IN rule 20 destination address 192.168.0.0/24

set firewall name WAN_IN rule 20 description NAT-FOR-LAN

Commit

NAT rule:

set service nat rule 20 destination address 10.108.16.30     (router 外网IP地址)

set service nat rule 20 destination port 443          (内网443端口打开)

set service nat rule 20 inbound-interface eth1   (外网网卡)

set service nat rule 20 inside-address address 192.168.0.12   (gateway ip  address, vip 客户端访问的ip地址)绑定内网web server 的ip 地址和端口号

set service nat rule 20 inside-address port 443

set service nat rule 20 type destination

set service nat rule 20 protocol tcp

commit

vyatta@vyatta# show service

rule 20 {

destination {

port 443

}

inbound-interface eth1

inside-address {

address 192.168.0.12

port 443

}

protocol tcp

type destination

}

}

防火墙策略分配给NIC  eth1

set interfaces ethernet eth1 firewall in name WAN_IN               在 eth1(外网网卡)上配置WAN_IN策略

Commit

Configure a DHCP Server:

set service dhcp-server shared-network-name LAN subnet 192.168.0.0/24 default-router '192.168.0.1'
set service dhcp-server shared-network-name LAN subnet 192.168.0.0/24
dns-server '192.168.0.1'
set service dhcp-server shared-network-name LAN subnet 192.168.0.0/24
domain-name 'internal-network'
set service dhcp-server shared-network-name LAN subnet 192.168.0.0/24 lease
'86400'

set service dhcp-server disabled 'false'
set service dhcp-server shared-network-name LAN subnet 192.168.0.0/24 start
192.168.0.30 stop '192.168.0.254'

commit

save

vyatta@vyatta# show service dhcp-server

disabled false

shared-network-name DHCP_Pool_ETH1 {

authoritative disable

subnet 192.168.0.0/24 {

default-router 192.168.0.1

dns-server 192.168.0.1

domain-name internal-network

lease 86400

start 192.168.0.30 {

stop 192.168.0.254

}

}

}

Commit

Save

检查内外网通信:

内网VM 打开外网共享服务器

外网打开https:router_externel_ip

更多内容可参考:From <https://wiki.vyos.net/wiki/User_Guide>

Configure vyatta的更多相关文章

  1. 国产深度学习框架mindspore-1.3.0 gpu版本无法进行源码编译

    官网地址: https://www.mindspore.cn/install 所有依赖环境 进行sudo make install 安装,最终报错: 错误记录信息: cat     /tmp/mind ...

  2. vyatta常用操作

    vyatta是一个小巧而强大的基于debian的 Linux路由发行版,随着云计算的深入,云内部的虚拟机通信已经摆脱了物理路由器的束缚,而路由器变成了一个逻辑存在,而不是一个物理实体,云路由由此诞生, ...

  3. vyatta的fork开源版本

    https://www.reddit.com/r/networking/comments/3dvwfy/who_here_is_using_vyos/ Vyatta came in two flavo ...

  4. vyatta的fork开源版本vyos

    vyatta的fork开源版本vyos 来源: https://www.reddit.com/r/networking/comments/3dvwfy/who_here_is_using_vyos/ ...

  5. Vyatta 网络操作系统

    原文发表于:2010-09-19 转载至cu于:2012-07-21 以下是"开源中国社区"写到的: http://www.oschina.net/news/11423/vyatt ...

  6. Configure a VLAN on top of a team with NetworkManager (nmcli) in RHEL7

    SOLUTION VERIFIED September 13 2016 KB1248793 Environment Red Hat Enterprise Linux 7 NetworkManager ...

  7. Configure a bridge interface over a VLAN tagged bonded interface

    SOLUTION VERIFIED February 5 2014 KB340153 Environment Red Hat Enterprise Linux 6 (All Versions) Red ...

  8. Configure a bridged network interface for KVM using RHEL 5.4 or later?

    environment Red Hat Enterprise Linux 5.4 or later Red Hat Enterprise Linux 6.0 or later KVM virtual ...

  9. [转]Linux中configure/makefile

    本文教你如何使用autoconf.automake等来制作一个以源代码形式(.tar.gz)发布的软件.并可在执行configure时使用自定义参数. 一.概述和基础知识 在Linux下得到一个以源代 ...

随机推荐

  1. ajax 请求二进制流 图片

    <html xmlns="http://www.w3.org/1999/xhtml"><head runat="server">    ...

  2. YOLOV3 训练WIDER_FACE

    1. dowload the img and labels : http://mmlab.ie.cuhk.edu.hk/projects/WIDERFace/index.html 2.

  3. ubuntu安装svn

    安装svn # sudo apt-get install subversion 创建svn仓库 # cd /root # mkdir svn # cd svn # svnadmin create re ...

  4. Browser Security-超文本标记语言(HTML)

    Browser Security-超文本标记语言(HTML) 瞌睡龙 · 2013/06/19 18:55 重要的4个规则: 1 &符号不应该出现在HTML的大部分节点中. 2 尖括号< ...

  5. 【坑】在使用EL表达式时表达式无法获取数值

    错误描述: 使用EL表达式 前台原样输出表达式而不输出值 错误环境: idea 2017.1.2 错误原因: jsp页面默认会忽略el表达式,需要设置为不忽略 解决方案 设置<%@ page i ...

  6. shell脚本——数组

    连续的变量 解决:变量过多的问题,在同一类变量中,不需要定义多个名字,而是以数组的方式来定义 定义数组: declare -I 定义整数 declare -a 定义数组 declare -A 定义嵌套 ...

  7. Centos7虚拟机根分区扩展

    线上的kvm虚拟机,原来只规划了8G,后来发现硬盘动不动就被日志塞满了,需要进行扩容. 扩容步骤如下: 1.先把kvm虚拟机关机 2.在宿主机上进行kvm虚拟机的磁盘扩容 qemu-img resiz ...

  8. Kinect for windows的脸部识别

    需要引入的dll: 需要将下面两个dll复制到当前路径 Kinect for windows提供了脸部识别的功能,可以识出人脸.主要是通过FaceTrackFrame类的GetTriangles()来 ...

  9. Tomcat conf/server.xml 配置项详解

    本文参考来源:https://blog.csdn.net/a314368439/article/details/60132783# <Server port="8005" s ...

  10. Python正则及geometer正则截图讲解

    正则表达式   语法: 1 2 3 4 5 6 import re #导入模块名   p = re.compile("^[0-9]")  #生成要匹配的正则对象 , ^代表从开头匹 ...