Username: vyatta

Password: vyatta

配置网卡:

编辑:

configure

内部网络IP地址配置:192.168.0.1

set interfaces ethernet eth0 address 192.168.0.1/24

set interfaces ethernet eth0 description Inside

从DHCP 服务器上自动外网IP地址:

set interfaces ethernet eth1 address dhcp

set interfaces ethernet eth1 description Outside

commit

查看:

show interfaces

ip addr

ping www.google.com

ethernet eth0 {

address 192.168.0.1/24

description Inside

duplex auto

smp_affinity auto

speed auto

}

ethernet eth1 {

address dhcp

description Outside

duplex auto

firewall {

in {

name WAN_IN

}

}

smp_affinity auto

speed auto

}

loopback lo {

}

配置SSH:

set service ssh port '22'

set service ssh listen-address 192.168.0.1      (router内网ip地址)

commit

vyatta@vyatta# show service ssh

listen-address 192.168.0.1

port 22

protocol-version v2

内网通外网:

配置网络地址转换(NAT):             //内部网络的所有机器共享同一个外部网络地址(连接外网)

Configure Source NAT for our "Inside" network.

set service nat rule 10 outbound-interface eth1  (外网网卡)   NAT出口设置

set service nat rule 10 source address 192.168.0.0/24                        NAT需要转换的地址

set service nat rule 10 type masquerade            启用NAT

commit

vyatta@vyatta# show service

nat {

rule 10 {

outbound-interface eth1

source {

address 192.168.0.0/24

}

type masquerade

}

设置DNS Forwarding(DNS 服务器转发):

set service dns forwarding listen-on eth0      (内网网卡)

set service dns forwarding cache-size '0'

set service dns forwarding name-server 10.108.36.85    (搭建有dns服务器的任意一台VM的IP地址)

commit

vyatta@vyatta# show service dns

dns {

forwarding {

cache-size 0

listen-on eth0   (内网)

name-server 10.108.36.85

}

}

外网通内网:

配置防火墙规则:

set firewall name WAN_IN rule 10 action accept

set firewall name WAN_IN rule 10 destination address 192.168.0.12

set firewall name WAN_IN rule 10 destination port 443

set firewall name WAN_IN rule 10  protocol tcp

set firewall name WAN_IN rule 10 description ALLOW-ACCESS-TO-ACCESS-GATEWAY

set firewall name WAN_IN rule 10 log enable

set firewall name WAN_IN rule 20 action accept

set firewall name WAN_IN rule 20 destination address 192.168.0.0/24

set firewall name WAN_IN rule 20 description NAT-FOR-LAN

Commit

NAT rule:

set service nat rule 20 destination address 10.108.16.30     (router 外网IP地址)

set service nat rule 20 destination port 443          (内网443端口打开)

set service nat rule 20 inbound-interface eth1   (外网网卡)

set service nat rule 20 inside-address address 192.168.0.12   (gateway ip  address, vip 客户端访问的ip地址)绑定内网web server 的ip 地址和端口号

set service nat rule 20 inside-address port 443

set service nat rule 20 type destination

set service nat rule 20 protocol tcp

commit

vyatta@vyatta# show service

rule 20 {

destination {

port 443

}

inbound-interface eth1

inside-address {

address 192.168.0.12

port 443

}

protocol tcp

type destination

}

}

防火墙策略分配给NIC  eth1

set interfaces ethernet eth1 firewall in name WAN_IN               在 eth1(外网网卡)上配置WAN_IN策略

Commit

Configure a DHCP Server:

set service dhcp-server shared-network-name LAN subnet 192.168.0.0/24 default-router '192.168.0.1'
set service dhcp-server shared-network-name LAN subnet 192.168.0.0/24
dns-server '192.168.0.1'
set service dhcp-server shared-network-name LAN subnet 192.168.0.0/24
domain-name 'internal-network'
set service dhcp-server shared-network-name LAN subnet 192.168.0.0/24 lease
'86400'

set service dhcp-server disabled 'false'
set service dhcp-server shared-network-name LAN subnet 192.168.0.0/24 start
192.168.0.30 stop '192.168.0.254'

commit

save

vyatta@vyatta# show service dhcp-server

disabled false

shared-network-name DHCP_Pool_ETH1 {

authoritative disable

subnet 192.168.0.0/24 {

default-router 192.168.0.1

dns-server 192.168.0.1

domain-name internal-network

lease 86400

start 192.168.0.30 {

stop 192.168.0.254

}

}

}

Commit

Save

检查内外网通信:

内网VM 打开外网共享服务器

外网打开https:router_externel_ip

更多内容可参考:From <https://wiki.vyos.net/wiki/User_Guide>

Configure vyatta的更多相关文章

  1. 国产深度学习框架mindspore-1.3.0 gpu版本无法进行源码编译

    官网地址: https://www.mindspore.cn/install 所有依赖环境 进行sudo make install 安装,最终报错: 错误记录信息: cat     /tmp/mind ...

  2. vyatta常用操作

    vyatta是一个小巧而强大的基于debian的 Linux路由发行版,随着云计算的深入,云内部的虚拟机通信已经摆脱了物理路由器的束缚,而路由器变成了一个逻辑存在,而不是一个物理实体,云路由由此诞生, ...

  3. vyatta的fork开源版本

    https://www.reddit.com/r/networking/comments/3dvwfy/who_here_is_using_vyos/ Vyatta came in two flavo ...

  4. vyatta的fork开源版本vyos

    vyatta的fork开源版本vyos 来源: https://www.reddit.com/r/networking/comments/3dvwfy/who_here_is_using_vyos/ ...

  5. Vyatta 网络操作系统

    原文发表于:2010-09-19 转载至cu于:2012-07-21 以下是"开源中国社区"写到的: http://www.oschina.net/news/11423/vyatt ...

  6. Configure a VLAN on top of a team with NetworkManager (nmcli) in RHEL7

    SOLUTION VERIFIED September 13 2016 KB1248793 Environment Red Hat Enterprise Linux 7 NetworkManager ...

  7. Configure a bridge interface over a VLAN tagged bonded interface

    SOLUTION VERIFIED February 5 2014 KB340153 Environment Red Hat Enterprise Linux 6 (All Versions) Red ...

  8. Configure a bridged network interface for KVM using RHEL 5.4 or later?

    environment Red Hat Enterprise Linux 5.4 or later Red Hat Enterprise Linux 6.0 or later KVM virtual ...

  9. [转]Linux中configure/makefile

    本文教你如何使用autoconf.automake等来制作一个以源代码形式(.tar.gz)发布的软件.并可在执行configure时使用自定义参数. 一.概述和基础知识 在Linux下得到一个以源代 ...

随机推荐

  1. DSN 建立达梦7(DM)连接

    (DSN)Data Source Name 数据源名称 “ODBC数据源管理器”提供了三种DSN,分别为用户DSN.系统DSN和文件DSN.其中:      用户DSN会把相应的配置信息保存在Wind ...

  2. 【opencv源码解析】 三、resize

    resize.cpp void cv::resize( InputArray _src, OutputArray _dst, Size dsize, double inv_scale_x, doubl ...

  3. vue-添加全局扩展方法

    1.添加全局方法或者属性,如: vue-custom-element 2.添加全局资源:指令/过滤器/过渡等,如 vue-touch 3.通过全局 mixin 方法添加一些组件选项,如: vue-ro ...

  4. 使用display:table实现两列自适应布局

    在张鑫旭大神那边看到的方法,我自己写了一遍,稍微添加了一些自己的风格特色. IE6/7不支持这个属性,从IE8开始支持这个属性,对于IE6/7可以用display:inline-block解决. ta ...

  5. 1 java 笔记

    第一java的版本: J2ME主要用于移动设备和信息家电 J2SE整个Java技术的核心 J2EE java技术应用最广泛的部分,主要应用与企业的开发 第二:基于java语言的开源框架 struts ...

  6. SCRUM 是一个用于开发和维护复杂产品的框架

    转自:http://www.scrumcn.com/agile/scrum-knowledge-library/scrum.html#tab-id-1 Scrum 是一个用于开发和维护复杂产品的框架 ...

  7. day01_人类社会货币的演变

    1.货币的自然演变 1.1:从实物货币(贝壳.金银等一般等价物的稀有性等价于被交换物品的价值)---纸质货币(国家信用背书,使得一文不值的纸币可以兑换价值百元的商品)---记账货币(微信.二维码.银行 ...

  8. 13_Redis_持久化

    一:概述: Redis的高性能是山于其将所有数据都存储在了内存中,为了使Redis在重启之后仍能保证数据不丢失,需要将数据从内存中同步到硬盘中,这一过程就是持久化. Redis支持两种方式的持久化,一 ...

  9. ftp服务器终端登录后乱码处理方法

    首先在windows上用资源管理器登录看看会不会乱码,如果不会,说明是GBK编码 因为windows默认是GBK(936),linux默认(UTF-8) 因为FTP服务器我们修改不了,如果用linux ...

  10. Git远程分支和refs文件具体解释

    推送远程分支到同一个server 比方首先建立gitserver,顺便clone出两个副本 mkdir server cd server git init --bare cd .. git clone ...