Username: vyatta

Password: vyatta

配置网卡:

编辑:

configure

内部网络IP地址配置:192.168.0.1

set interfaces ethernet eth0 address 192.168.0.1/24

set interfaces ethernet eth0 description Inside

从DHCP 服务器上自动外网IP地址:

set interfaces ethernet eth1 address dhcp

set interfaces ethernet eth1 description Outside

commit

查看:

show interfaces

ip addr

ping www.google.com

ethernet eth0 {

address 192.168.0.1/24

description Inside

duplex auto

smp_affinity auto

speed auto

}

ethernet eth1 {

address dhcp

description Outside

duplex auto

firewall {

in {

name WAN_IN

}

}

smp_affinity auto

speed auto

}

loopback lo {

}

配置SSH:

set service ssh port '22'

set service ssh listen-address 192.168.0.1      (router内网ip地址)

commit

vyatta@vyatta# show service ssh

listen-address 192.168.0.1

port 22

protocol-version v2

内网通外网:

配置网络地址转换(NAT):             //内部网络的所有机器共享同一个外部网络地址(连接外网)

Configure Source NAT for our "Inside" network.

set service nat rule 10 outbound-interface eth1  (外网网卡)   NAT出口设置

set service nat rule 10 source address 192.168.0.0/24                        NAT需要转换的地址

set service nat rule 10 type masquerade            启用NAT

commit

vyatta@vyatta# show service

nat {

rule 10 {

outbound-interface eth1

source {

address 192.168.0.0/24

}

type masquerade

}

设置DNS Forwarding(DNS 服务器转发):

set service dns forwarding listen-on eth0      (内网网卡)

set service dns forwarding cache-size '0'

set service dns forwarding name-server 10.108.36.85    (搭建有dns服务器的任意一台VM的IP地址)

commit

vyatta@vyatta# show service dns

dns {

forwarding {

cache-size 0

listen-on eth0   (内网)

name-server 10.108.36.85

}

}

外网通内网:

配置防火墙规则:

set firewall name WAN_IN rule 10 action accept

set firewall name WAN_IN rule 10 destination address 192.168.0.12

set firewall name WAN_IN rule 10 destination port 443

set firewall name WAN_IN rule 10  protocol tcp

set firewall name WAN_IN rule 10 description ALLOW-ACCESS-TO-ACCESS-GATEWAY

set firewall name WAN_IN rule 10 log enable

set firewall name WAN_IN rule 20 action accept

set firewall name WAN_IN rule 20 destination address 192.168.0.0/24

set firewall name WAN_IN rule 20 description NAT-FOR-LAN

Commit

NAT rule:

set service nat rule 20 destination address 10.108.16.30     (router 外网IP地址)

set service nat rule 20 destination port 443          (内网443端口打开)

set service nat rule 20 inbound-interface eth1   (外网网卡)

set service nat rule 20 inside-address address 192.168.0.12   (gateway ip  address, vip 客户端访问的ip地址)绑定内网web server 的ip 地址和端口号

set service nat rule 20 inside-address port 443

set service nat rule 20 type destination

set service nat rule 20 protocol tcp

commit

vyatta@vyatta# show service

rule 20 {

destination {

port 443

}

inbound-interface eth1

inside-address {

address 192.168.0.12

port 443

}

protocol tcp

type destination

}

}

防火墙策略分配给NIC  eth1

set interfaces ethernet eth1 firewall in name WAN_IN               在 eth1(外网网卡)上配置WAN_IN策略

Commit

Configure a DHCP Server:

set service dhcp-server shared-network-name LAN subnet 192.168.0.0/24 default-router '192.168.0.1'
set service dhcp-server shared-network-name LAN subnet 192.168.0.0/24
dns-server '192.168.0.1'
set service dhcp-server shared-network-name LAN subnet 192.168.0.0/24
domain-name 'internal-network'
set service dhcp-server shared-network-name LAN subnet 192.168.0.0/24 lease
'86400'

set service dhcp-server disabled 'false'
set service dhcp-server shared-network-name LAN subnet 192.168.0.0/24 start
192.168.0.30 stop '192.168.0.254'

commit

save

vyatta@vyatta# show service dhcp-server

disabled false

shared-network-name DHCP_Pool_ETH1 {

authoritative disable

subnet 192.168.0.0/24 {

default-router 192.168.0.1

dns-server 192.168.0.1

domain-name internal-network

lease 86400

start 192.168.0.30 {

stop 192.168.0.254

}

}

}

Commit

Save

检查内外网通信:

内网VM 打开外网共享服务器

外网打开https:router_externel_ip

更多内容可参考:From <https://wiki.vyos.net/wiki/User_Guide>

Configure vyatta的更多相关文章

  1. 国产深度学习框架mindspore-1.3.0 gpu版本无法进行源码编译

    官网地址: https://www.mindspore.cn/install 所有依赖环境 进行sudo make install 安装,最终报错: 错误记录信息: cat     /tmp/mind ...

  2. vyatta常用操作

    vyatta是一个小巧而强大的基于debian的 Linux路由发行版,随着云计算的深入,云内部的虚拟机通信已经摆脱了物理路由器的束缚,而路由器变成了一个逻辑存在,而不是一个物理实体,云路由由此诞生, ...

  3. vyatta的fork开源版本

    https://www.reddit.com/r/networking/comments/3dvwfy/who_here_is_using_vyos/ Vyatta came in two flavo ...

  4. vyatta的fork开源版本vyos

    vyatta的fork开源版本vyos 来源: https://www.reddit.com/r/networking/comments/3dvwfy/who_here_is_using_vyos/ ...

  5. Vyatta 网络操作系统

    原文发表于:2010-09-19 转载至cu于:2012-07-21 以下是"开源中国社区"写到的: http://www.oschina.net/news/11423/vyatt ...

  6. Configure a VLAN on top of a team with NetworkManager (nmcli) in RHEL7

    SOLUTION VERIFIED September 13 2016 KB1248793 Environment Red Hat Enterprise Linux 7 NetworkManager ...

  7. Configure a bridge interface over a VLAN tagged bonded interface

    SOLUTION VERIFIED February 5 2014 KB340153 Environment Red Hat Enterprise Linux 6 (All Versions) Red ...

  8. Configure a bridged network interface for KVM using RHEL 5.4 or later?

    environment Red Hat Enterprise Linux 5.4 or later Red Hat Enterprise Linux 6.0 or later KVM virtual ...

  9. [转]Linux中configure/makefile

    本文教你如何使用autoconf.automake等来制作一个以源代码形式(.tar.gz)发布的软件.并可在执行configure时使用自定义参数. 一.概述和基础知识 在Linux下得到一个以源代 ...

随机推荐

  1. C#动态生成Word文档并填充数据

    C#也能动态生成Word文档并填充数据 http://www.cnblogs.com/qyfan82/archive/2007/09/14/893293.html 引用http://blog.csdn ...

  2. 函数——es6函数扩展(二)

    一.声明 1. let(变量) 可以只声明不给值(默认为undefined),或者是先声明后给值,但是必需声明后再使用,可以重复赋值,可以防止变量泄露: 同一作用域里不能重复的声明,不同作用域里可以, ...

  3. Xcode8警告⚠️ Empty paragraph passed to '@xxx' command

    问题 Xcode8升级后,之前添加的注释会有很多警告 解决方法 基础知识,就是在编译选项中,添加警告屏蔽 解决步骤 显示警告信息 显示警告信息.png 查看警告类型 查看警告类型.png 屏蔽警告 W ...

  4. java_实现Hello World

    1.新建项目 在空白处右击--New--java Project 2.项目文件结构 新建了项目之后项目文件在工作空间里面,(如果忘记工作空间的路径可以点击File---Switch Workspace ...

  5. Java调用和回调总结(2)

    Java调用和回调总结(2) 调用的种类 调用有3种, 普通调用(同步调用), 异步调用, 异步回调. 三种调用的特点 普通调用: 也叫做同步调用 , 最常见的调用, 会造成阻塞. 异步调用 : 异步 ...

  6. 简单的jquery进度条插件LineProgressbar.js,myProgress.js

    参考   http://www.lanrenzhijia.com/jquery/4121.html demo下载 <script src="js/jquery.lineProgress ...

  7. ThreadPoolExecutor源码分析二

      接上文,这里继续分析源码 private static final int COUNT_BITS = Integer.SIZE - 3; private static final int CAPA ...

  8. ThreadPoolExecutor源码分析一

           在线程池出现之前,每次需要使用线程,都得创建一个线程.但是,在java的运行环境中,创建一个线程是非常耗费资源和时间的.是否可以把线程重复利用,减少线程的创建次数.基于此,java1.5 ...

  9. win10快速设置环境变量

    同时按WIN+R键,打开“运行”对话框,输入sysdm.cpl,按回车键打开“系统属性”. 在系统属性对话框中选择“高级”选项卡.

  10. 记一次 解决 vue 兼容ie11 的问题

    vue2.0 最近项目需要做到兼容ie11,找问题找半天,于是各种百度, 发现引入 babel-polyfill 还是有问题  空白页面 参考它的配置 ( 最后一句代码为引入的资源路径 )  我跟他差 ...