標籤:vyatta vyos 路由
VyOS是Vyatta系統的社區fork版本,只能說是相當牛逼的開源路由系統。Vyatta是博通的企業級的產品,企業路由的所有功能基本都支援,還支援虛擬機器。
基本配置第一部分
#安裝系統, 進相關配置install image分區-複製檔案-配置GRUBreboot#========#查看網卡資訊
650) this.width=650;" src="http://s3.51cto.com/wyfs02/M01/6E/4E/wKioL1V5DLyzi_1wAACa1KrKw3U608.jpg" title="show_interfaces.png" alt="wKioL1V5DLyzi_1wAACa1KrKw3U608.jpg" />
#計劃分配eth0外網線, eth1內網有線, eth2內網無線; eth3做外網雙線#假設外網 ip/mask 10.10.0.3/29 gw 10.10.0.2#假設內網 ip/mask 192.168.0.1/24#假設無線 ip/mask 172.28.0.1/24#假設外網(2) ip/mask 10.11.0.1/29 gw 10.11.0.2#進入配置模式configure#首先配置內網網卡,然後用ssh軟體連進去複製配置,或者載入設定檔#配置eth1網卡相關#設定網卡描述set interfaces ethernet eth1 description "LAN interface"#設定網卡工作模式set interfaces ethernet eth1 duplex auto#設定網卡串連速率set interfaces ethernet eth1 speed auto#設定多核CPU中斷set interfaces ethernet eth1 smp_affinity auto#設定傳輸單元最大值set interfaces ethernet eth1 mtu 1500 #設定網卡IP/Maskset interfaces ethernet eth1 address 192.168.0.1/24#啟用SSH遠端管理set service ssh port ‘22‘#配置lo迴環網卡set interfaces loopback lo description "LOCAL-NET"#配置eth0網卡相關#添加描述set interfaces ethernet eth0 description "WAN interface"#設定網卡工作模式set interfaces ethernet eth0 duplex auto#設定網卡串連速率set interfaces ethernet eth0 speed auto#設定多核CPU中斷set interfaces ethernet eth0 smp_affinity auto#設定傳輸單元最大值set interfaces ethernet eth0 mtu 1500#設定網卡IP/Maskset interfaces ethernet eth1 address 10.10.0.3/29#設定外網網關set system gateway-address 10.10.0.2#綁定外網網關ARPset protocols static arp 10.10.0.2 hwaddr 00:16:4d:40:2e:02#修改系統名稱set system host-name VyOS-R1#修改系統網域名稱set system domain-name r1.domain.com#修改系統vyos使用者登入密碼set system login user vyos level ‘admin‘set system login user vyos authentication encrypted-password PASSWORD#設定時區set system time-zone Asia/Shanghai#設定ntp伺服器set system ntp server "time.asia.apple.com"#設定歡迎資訊set system login banner pre-login "\n\tUNAUTHORIZED USE OF THIS SYSTEM NIS PROHIBITED!\n"#實際修改/etc/issueset system login banner post-login "\n\tWelcome to Vyatta!\n"#實際修改/etc/motd#配置DNS forwarderset service dns forwarding cache-size ‘0‘set service dns forwarding listen-on ‘eth1‘set service dns forwarding listen-on ‘eth2‘set service dns forwarding name-server ‘8.8.8.8‘set service dns forwarding name-server ‘8.8.4.4‘#設定內網LAN DHCP服務set service dhcp-server disabled ‘false‘set service dhcp-server shared-network-name LAN description "LAN DHCP"set service dhcp-server shared-network-name LAN subnet 192.168.0.0/24 default-router 192.168.0.1set service dhcp-server shared-network-name LAN subnet 192.168.0.0/24 start 192.168.0.60 stop 192.168.0.254set service dhcp-server shared-network-name LAN subnet 192.168.0.0/24 lease ‘86400‘set service dhcp-server shared-network-name LAN subnet 192.168.0.0/24 dns-server 192.168.0.1#靜態繫結固定裝置IP/MACset protocols static arp 192.168.0.60 hwaddr 00:01:02:03:04:05set service dhcp-server shared-network-name LAN subnet 192.168.0.0/24 static-mapping USER1 ip-address 192.168.0.60set service dhcp-server shared-network-name LAN subnet 192.168.0.0/24 static-mapping USER1 mac-address 00:01:02:03:04:05set protocols static arp 192.168.0.61 hwaddr 00:01:02:03:04:06set service dhcp-server shared-network-name LAN subnet 192.168.0.0/24 static-mapping USER2 ip-address 192.168.0.61set service dhcp-server shared-network-name LAN subnet 192.168.0.0/24 static-mapping USER2 mac-address 00:01:02:03:04:06...#設定內網WIFI DHCP服務set service dhcp-server shared-network-name WIFI description "WIFI DHCP"set service dhcp-server shared-network-name WIFI subnet 172.28.0.0/24 default-router 172.28.0.1set service dhcp-server shared-network-name WIFI subnet 172.28.0.0/24 start 172.28.0.60 stop 172.28.0.254set service dhcp-server shared-network-name WIFI subnet 172.28.0.0/24 lease ‘86400‘set service dhcp-server shared-network-name WIFI subnet 172.28.0.0/24 dns-server 172.28.0.1#靜態繫結行動裝置IP/MACset protocols static arp 172.28.0.60 hwaddr 0a:0b:0c:0d:0e:0fset service dhcp-server shared-network-name LAN subnet 172.28.0.0/24 static-mapping PHONE1 ip-address 172.28.0.60set service dhcp-server shared-network-name LAN subnet 172.28.0.0/24 static-mapping PHONE1 mac-address 0a:0b:0c:0d:0e:0f...#設定內網SNAT通過eth0上網#規則:固定端1000-1999;移動端2000-2999.set nat source rule 1001 description "USER1 SNAT"set nat source rule 1001 source address 192.168.0.60set nat source rule 1001 outbound-interface eth0set nat source rule 1001 translation address masqueradeset nat source rule 1002 description "USER2 SNAT"set nat source rule 1002 source address 192.168.0.61set nat source rule 1002 outbound-interface eth0set nat source rule 1002 translation address masquerade...set nat source rule 2001 description "PHONE1 SNAT"set nat source rule 2001 source address 172.28.0.60set nat source rule 2001 outbound-interface eth0set nat source rule 2001 translation address masquerade...#設定內網DNAT#規則:100-999可用,每個規則供5個段#規則100,web1服務對應,10.10.0.3(eth0):80->192.168.0.50:80#規則105,web2服務對應,10.10.0.3(eth0):8080->192.168.0.51:80#規則110,ftp服務對應,10.10.0.3(eth0):21->192.168.0.53:21#==================================set nat destination rule 100 description "WEB SERVER1"set nat destination rule 100 inbound-interface eth0set nat destination rule 100 destination address 10.10.0.3set nat destination rule 100 protocol tcpset nat destination rule 100 source address 0.0.0.0/0set nat destination rule 100 destination port 80set nat destination rule 100 translation address 192.168.0.50set nat destination rule 100 translation port 80set nat destination rule 101 description "WEB SERVER1"set nat destination rule 101 inbound-interface eth1set nat destination rule 101 destination address 10.10.0.3set nat destination rule 101 protocol tcpset nat destination rule 101 source address 0.0.0.0/0set nat destination rule 101 destination port 80set nat destination rule 101 translation address 192.168.0.50set nat destination rule 101 translation port 80#啟用NAT迴環set nat source rule 100 description "WEB SERVER1"set nat source rule 100 outbound-interface eth1set nat source rule 100 destination address 192.168.0.50set nat source rule 100 protocol tcpset nat source rule 100 source address 192.168.0.0/24set nat source rule 100 destination port 80set nat source rule 100 translation address masqueradeset nat source rule 101 description "WEB SERVER1"set nat source rule 101 outbound-interface eth2set nat source rule 101 destination address 192.168.0.50set nat source rule 101 protocol tcpset nat source rule 101 source address 172.28.0.0/24set nat source rule 101 destination port 80set nat source rule 101 translation address masquerade#==================================set nat destination rule 105 description "WEB SERVER2"set nat destination rule 105 inbound-interface eth0set nat destination rule 105 destination address 10.10.0.3set nat destination rule 105 protocol tcpset nat destination rule 105 source address 0.0.0.0/0set nat destination rule 105 destination port 8080set nat destination rule 105 translation address 192.168.0.51set nat destination rule 105 translation port 80set nat destination rule 106 description "WEB SERVER2"set nat destination rule 106 inbound-interface eth1set nat destination rule 106 destination address 10.10.0.3set nat destination rule 106 protocol tcpset nat destination rule 106 source address 0.0.0.0/0set nat destination rule 106 destination port 8080set nat destination rule 106 translation address 192.168.0.51set nat destination rule 106 translation port 80#啟用NAT迴環set nat source rule 105 description "WEB SERVER2"set nat source rule 105 outbound-interface eth1set nat source rule 105 destination address 192.168.0.51set nat source rule 105 protocol tcpset nat source rule 105 source address 192.168.0.0/24set nat source rule 105 destination port 80set nat source rule 105 translation address masqueradeset nat source rule 106 description "WEB SERVER2"set nat source rule 106 outbound-interface eth2set nat source rule 106 destination address 192.168.0.51set nat source rule 106 protocol tcpset nat source rule 106 source address 172.28.0.0/24set nat source rule 106 destination port 80set nat source rule 106 translation address masquerade#==================================set nat destination rule 110 description "FTP SERVER"set nat destination rule 110 inbound-interface eth0set nat destination rule 110 destination address 10.10.0.3set nat destination rule 110 protocol tcpset nat destination rule 110 source address 0.0.0.0/0set nat destination rule 110 destination port 21set nat destination rule 110 translation address 192.168.0.53set nat destination rule 110 translation port 21set nat destination rule 111 description "FTP SERVER"set nat destination rule 111 inbound-interface eth1set nat destination rule 111 destination address 10.10.0.3set nat destination rule 111 protocol tcpset nat destination rule 111 source address 0.0.0.0/0set nat destination rule 111 destination port 21set nat destination rule 111 translation address 192.168.0.53set nat destination rule 111 translation port 21#啟用NAT迴環set nat source rule 110 description "FTP SERVER"set nat source rule 110 outbound-interface eth1set nat source rule 110 destination address 192.168.0.53set nat source rule 110 protocol tcpset nat source rule 110 source address 192.168.0.0/24set nat source rule 110 destination port 21set nat source rule 110 translation address masqueradeset nat source rule 111 description "FTP SERVER"set nat source rule 111 outbound-interface eth2set nat source rule 111 destination address 192.168.0.53set nat source rule 111 protocol tcpset nat source rule 111 source address 172.28.0.0/24set nat source rule 111 destination port 21set nat source rule 111 translation address masquerade...#配置防火牆相關等待第二部分
VyOS 路由器系統基本配置1
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
