Username: vyatta

Password: vyatta

配置网卡:

编辑:

configure

内部网络IP地址配置:192.168.0.1

set interfaces ethernet eth0 address 192.168.0.1/24

set interfaces ethernet eth0 description Inside

从DHCP 服务器上自动外网IP地址:

set interfaces ethernet eth1 address dhcp

set interfaces ethernet eth1 description Outside

commit

查看:

show interfaces

ip addr

ping www.google.com

ethernet eth0 {

address 192.168.0.1/24

description Inside

duplex auto

smp_affinity auto

speed auto

}

ethernet eth1 {

address dhcp

description Outside

duplex auto

firewall {

in {

name WAN_IN

}

}

smp_affinity auto

speed auto

}

loopback lo {

}

配置SSH:

set service ssh port '22'

set service ssh listen-address 192.168.0.1      (router内网ip地址)

commit

vyatta@vyatta# show service ssh

listen-address 192.168.0.1

port 22

protocol-version v2

内网通外网:

配置网络地址转换(NAT):             //内部网络的所有机器共享同一个外部网络地址(连接外网)

Configure Source NAT for our "Inside" network.

set service nat rule 10 outbound-interface eth1  (外网网卡)   NAT出口设置

set service nat rule 10 source address 192.168.0.0/24                        NAT需要转换的地址

set service nat rule 10 type masquerade            启用NAT

commit

vyatta@vyatta# show service

nat {

rule 10 {

outbound-interface eth1

source {

address 192.168.0.0/24

}

type masquerade

}

设置DNS Forwarding(DNS 服务器转发):

set service dns forwarding listen-on eth0      (内网网卡)

set service dns forwarding cache-size '0'

set service dns forwarding name-server 10.108.36.85    (搭建有dns服务器的任意一台VM的IP地址)

commit

vyatta@vyatta# show service dns

dns {

forwarding {

cache-size 0

listen-on eth0   (内网)

name-server 10.108.36.85

}

}

外网通内网:

配置防火墙规则:

set firewall name WAN_IN rule 10 action accept

set firewall name WAN_IN rule 10 destination address 192.168.0.12

set firewall name WAN_IN rule 10 destination port 443

set firewall name WAN_IN rule 10  protocol tcp

set firewall name WAN_IN rule 10 description ALLOW-ACCESS-TO-ACCESS-GATEWAY

set firewall name WAN_IN rule 10 log enable

set firewall name WAN_IN rule 20 action accept

set firewall name WAN_IN rule 20 destination address 192.168.0.0/24

set firewall name WAN_IN rule 20 description NAT-FOR-LAN

Commit

NAT rule:

set service nat rule 20 destination address 10.108.16.30     (router 外网IP地址)

set service nat rule 20 destination port 443          (内网443端口打开)

set service nat rule 20 inbound-interface eth1   (外网网卡)

set service nat rule 20 inside-address address 192.168.0.12   (gateway ip  address, vip 客户端访问的ip地址)绑定内网web server 的ip 地址和端口号

set service nat rule 20 inside-address port 443

set service nat rule 20 type destination

set service nat rule 20 protocol tcp

commit

vyatta@vyatta# show service

rule 20 {

destination {

port 443

}

inbound-interface eth1

inside-address {

address 192.168.0.12

port 443

}

protocol tcp

type destination

}

}

防火墙策略分配给NIC  eth1

set interfaces ethernet eth1 firewall in name WAN_IN               在 eth1(外网网卡)上配置WAN_IN策略

Commit

Configure a DHCP Server:

set service dhcp-server shared-network-name LAN subnet 192.168.0.0/24 default-router '192.168.0.1'
set service dhcp-server shared-network-name LAN subnet 192.168.0.0/24
dns-server '192.168.0.1'
set service dhcp-server shared-network-name LAN subnet 192.168.0.0/24
domain-name 'internal-network'
set service dhcp-server shared-network-name LAN subnet 192.168.0.0/24 lease
'86400'

set service dhcp-server disabled 'false'
set service dhcp-server shared-network-name LAN subnet 192.168.0.0/24 start
192.168.0.30 stop '192.168.0.254'

commit

save

vyatta@vyatta# show service dhcp-server

disabled false

shared-network-name DHCP_Pool_ETH1 {

authoritative disable

subnet 192.168.0.0/24 {

default-router 192.168.0.1

dns-server 192.168.0.1

domain-name internal-network

lease 86400

start 192.168.0.30 {

stop 192.168.0.254

}

}

}

Commit

Save

检查内外网通信:

内网VM 打开外网共享服务器

外网打开https:router_externel_ip

更多内容可参考:From <https://wiki.vyos.net/wiki/User_Guide>

Configure vyatta的更多相关文章

  1. 国产深度学习框架mindspore-1.3.0 gpu版本无法进行源码编译

    官网地址: https://www.mindspore.cn/install 所有依赖环境 进行sudo make install 安装,最终报错: 错误记录信息: cat     /tmp/mind ...

  2. vyatta常用操作

    vyatta是一个小巧而强大的基于debian的 Linux路由发行版,随着云计算的深入,云内部的虚拟机通信已经摆脱了物理路由器的束缚,而路由器变成了一个逻辑存在,而不是一个物理实体,云路由由此诞生, ...

  3. vyatta的fork开源版本

    https://www.reddit.com/r/networking/comments/3dvwfy/who_here_is_using_vyos/ Vyatta came in two flavo ...

  4. vyatta的fork开源版本vyos

    vyatta的fork开源版本vyos 来源: https://www.reddit.com/r/networking/comments/3dvwfy/who_here_is_using_vyos/ ...

  5. Vyatta 网络操作系统

    原文发表于:2010-09-19 转载至cu于:2012-07-21 以下是"开源中国社区"写到的: http://www.oschina.net/news/11423/vyatt ...

  6. Configure a VLAN on top of a team with NetworkManager (nmcli) in RHEL7

    SOLUTION VERIFIED September 13 2016 KB1248793 Environment Red Hat Enterprise Linux 7 NetworkManager ...

  7. Configure a bridge interface over a VLAN tagged bonded interface

    SOLUTION VERIFIED February 5 2014 KB340153 Environment Red Hat Enterprise Linux 6 (All Versions) Red ...

  8. Configure a bridged network interface for KVM using RHEL 5.4 or later?

    environment Red Hat Enterprise Linux 5.4 or later Red Hat Enterprise Linux 6.0 or later KVM virtual ...

  9. [转]Linux中configure/makefile

    本文教你如何使用autoconf.automake等来制作一个以源代码形式(.tar.gz)发布的软件.并可在执行configure时使用自定义参数. 一.概述和基础知识 在Linux下得到一个以源代 ...

随机推荐

  1. vue网络不好时不间断请求

    配置默认参数 const { apiConfig: { timeout, retry, retryDelay } } = config; if(timeout) axios.defaults.time ...

  2. 使用js输出1000以内的水仙花数

    什么是水仙花数 水仙花数(Narcissistic number)也被称为超完全数字不变数(pluperfect digital invariant, PPDI).自恋数.自幂数.阿姆斯壮数或阿姆斯特 ...

  3. PHP 多维数组将下标从0开始

    点击链接加入群[php/web 学习课堂]:https://jq.qq.com/?_wv=1027&k=5645xiw 欢迎大家加入,一起讨论学习 模拟一个: public function ...

  4. C#【堆与栈 值类型 引用类型】

    先说C#中值类型和引用类型 概念: 1.值类型:数据存储在内存的堆栈中,从堆栈中可以快速地访问这些数据,因此,值类型表示实际的数据. 2.引用类型:表示指向存储在内存堆中的数据的指针或引用(包括类.接 ...

  5. 深入SpringBoot注解原理及使用

    首先,先看SpringBoot的主配置类: @SpringBootApplication public class StartEurekaApplication { public static voi ...

  6. 16.SpringMVC核心技术-文件上传

    上传单个文件 1.定义具有文件上传功能的页面 index.jsp,其表单的设置需要注意,method 属性为 POST, enctype 属性为 multipart/form-data.另外,需要注意 ...

  7. 系统模块 sys 函数的调用

    系统模块 sys 运行时系统相关的信息 sys模块的数据 数据 描述 sys.path 模块搜索路径 path[0] 是当前脚本程序的路径名,否则为 '' sys.modules 已加载模块的字典 s ...

  8. 如何自动运行loadrunner脚本

    问题背景 在凌晨之后,自然流量比较低,无需人值守的情况自动运行loadruner脚本. 实现思路 windows定时任务+BAT脚本 BAT脚本: SET M_ROOT=C:\Program File ...

  9. pytorch转onnx问题

    Fail to export the model in PyTorch https://github.com/onnx/tutorials/blob/master/tutorials/PytorchA ...

  10. Delphi 执行线程对象