vyos 基础配置

最新推荐文章于 2024-06-23 21:36:02 发布
最新推荐文章于 2024-06-23 21:36:02 发布
阅读量3k 收藏 6
点赞数
文章标签: 运维 网络

vyos 基础配置

http://www.lowefamily.com.au/2015/11/29/using-a-vyos-router-with-hyper-v/1/
http://thomasvochten.com/archive/2015/03/labv2-part1/
http://www.letmefix-it.com/2016/07/07/vyos-nat-configuration-1-to-1/
https://github.com/rharmonson/richtech/wiki/Vyos-Firewall

1 基本配置
#配置外网接口
set interfaces ethernet eth0 address 10.0.1.32/24
set interfaces ethernet eth0 description public

#配置内网接口
set interfaces ethernet eth1 address 192.168.100.1/24 set interfaces ethernet eth1 description private #指定静态路由 set protocols static route 0.0.0.0/0 next-hop 10.0.1.1 distance 1
#启动ssh服务器
set service ssh port 29922

#设置主机名
set system host-name vyos-master

#设备时区 set system time-zone Asia/Shanghai
#提交修改
commit

#保存到启动文件
save
Saving configuration to '/config/config.boot'...

#回退
rollback
2 NAT
Source NAT
1 The internal IP addresses we want to translate
2 The outgoing interface to perform the translation on
3 The external IP address to translate to

# 内网开放访问外网权限
set nat source rule 100 outbound-interface eth0
set nat source rule 100 source address 192.168.100.0/24 set nat source rule 100 translation address masquerade # 不使用防火墙外网地址,指派特定外网ip 10.0.1.100 set interfaces ethernet eth0 address 10.0.1.100/24 set nat source rule 100 outbound-interface eth0 set nat source rule 100 source address 192.168.100.0/24 set nat source rule 100 translation address 10.0.1.100 # 内网主机数量大时,使用地址池,推荐每256台主机分配1个外网地址 ...... set nat source rule 100 translation address 10.0.1.101-10.0.1.132 # NAT Reflection 这个没搞懂是做什么用的? set nat source rule 110 description 'NAT Reflection: INSIDE' set nat source rule 110 destination address 192.168.100.0/24 set nat source rule 110 outbound-interface eth1 set nat source rule 110 source address 192.168.100.0/24 set nat source rule 110 translation address masquerade
Destination NAT
1 The interface traffic will be coming in on
2 The protocol and port we wish to forward
3 The IP address of the internal system we wish to forward traffic to

端口映射
# 10.0.1.100:80 -> 192.168.100.101:80
set nat destination rule 10 description 'Port Forward: 10.0.1.100:80 to 192.168.100.101:80'
set nat destination rule 10 inbound-interface eth0 set nat destination rule 10 destination address 10.0.1.100 set nat destination rule 10 destination port 80 set nat destination rule 10 protocol tcp set nat destination rule 10 translation address 192.168.100.101 set nat destination rule 10 translation port 80 # 10.0.1.100:29922 -> 192.168.100.101:22 set nat destination rule 20 description 'Port Forward: 10.0.1.100:29922 to 192.168.100.101:22' set nat destination rule 20 inbound-interface eth0 set nat destination rule 20 destination address 10.0.1.100 set nat destination rule 20 destination port 29922 set nat destination rule 20 protocol tcp set nat destination rule 20 translation address 192.168.100.101 set nat destination rule 20 translation port 22 # 注意防火墙要增加规则放行22, 80的通讯 ip映射 set interfaces ethernet eth0 address 10.0.1.200/24 # 10.0.1.200 -> 192.168.100.102 set nat destination rule 30 description 'NAT 1 to 1: 10.0.1.200 to 192.168.100.102' set nat destination rule 30 inbound-interface eth0 set nat destination rule 30 destination address 10.0.1.200 set nat destination rule 30 translation address 192.168.100.102 set nat source rule 30 description 'NAT 1 to 1: 10.0.1.200 to 192.168.100.102' set nat source rule 30 outbound-interface eth1 set nat source rule 30 source address 192.168.100.102 set nat source rule 30 translation address 10.0.1.200
3 FIREWALL
# public区域包含外网接口,private区域包含内网接口,
set zone-policy zone public interface eth0
set zone-policy zone private interface eth1

# 防火墙所有端口禁ping
set firewall all-ping disable # 防火墙初始策略 # 默认丢弃所有包 set firewall name private-public default-action drop # private -> public 方向的防火墙策略 # 规则1 匹配成功的请求,允许建立与关联 set firewall name private-public rule 1 action accept set firewall name private-public rule 1 state established enable set firewall name private-public rule 1 state related enable # 规则2 匹配失败的请求,记录日志 set firewall name private-public rule 2 action drop set firewall name private-public rule 2 log enable set firewall name private-public rule 2 state invalid enable # 规则9999 匹配失败的请求,记录日志 set firewall name private-public rule 9999 action drop set firewall name private-public rule 9999 log enable # 规则100 允许ping set firewall name private-public rule 100 action accept set firewall name private-public rule 100 log enable set firewall name private-public rule 100 protocol icmp # 规则200 允许http https set firewall name private-public rule 200 action accept set firewall name private-public rule 200 destination port 80,443 set firewall name private-public rule 200 log enable set firewall name private-public rule 200 protocol tcp # 规则300 允许22(ssh), 29922 set firewall name private-public rule 300 action accept set firewall name private-public rule 300 destination port 22,29922 set firewall name private-public rule 300 log enable set firewall name private-public rule 300 protocol tcp # 规则200 允许来自10.0.1.0/24的dns请求 set firewall name private-public rule 600 action accept set firewall name private-public rule 600 destination port 53 set firewall name private-public rule 600 log enable set firewall name private-public rule 600 protocol tcp_udp set firewall name private-public rule 600 source address 10.0.1.0/24 # private-public规则集作用于从private到public的访问,效果是允许ping外网ip,允许到外网80,443的请求,允许来自10.0.1.0/24子网到外网的dns请求 set zone-policy zone public from private firewall name private-public # public -> private方向的防火墙策略 set firewall name public-private default-action drop set firewall name public-private rule 1 action accept set firewall name public-private rule 1 state established enable set firewall name public-private rule 1 state related enable set firewall name public-private rule 2 action drop set firewall name public-private rule 2 log enable set firewall name public-private rule 2 state invalid enable # 规则100 允许80, 443, 22, 29922的请求 set firewall name public-private rule 100 action accept set firewall name public-private rule 100 destination port 80,443,22,29922 set firewall name public-private rule 100 log enable set firewall name public-private rule 100 protocol tcp set firewall name public-private rule 9999 action drop set firewall name public-private rule 9999 log enable # public-private规则集作用于从public到private的访问,允许到内网映射端口80,443,22,29922的访问,如ssh -p 29922 10.0.1.100, http://10.0.1.100 set zone-policy zone private from public firewall name public-private

 

====================== End

 

weixin_33994429
关注
  • 0
    点赞
  • 6
    收藏
    觉得还不错? 一键收藏
  • 0
    评论
vyos用户配置
奇怪的老司机
05-13 1667
vyos有默认用户vyos。需求:配置自定义用户danteng,密码Danteng65535,使用户可以登录vyos进行配置配置用户名danteng的用户,密码使用明文密码进行加密set system login user danteng authentication plaintext-password Danteng65535提交并保存commitsave如需使用已知的密码密文或公钥,...
vyos 配置
weixin_34291004的博客
03-21 1202
1. 设置宽带上网setintetheth0pppoe0 setintetheth0pppo0user-idyoure_username setintetheth0pppo0passwordyour_password2. 配置dhcpsetservicedhcp-servershared-network-nameLANautho...
VyOS - 开源篇
最新发布
杨杨得亿博客
06-23 350
vyos软路由配置指导。
VyOS安装和配置
热门推荐
allway2的博客
06-21 1万+
VyOS是基于Linux的网络操作系统,可提供基于软件的网络路由,防火墙和VPN功能。 VyOS项目于2013年底开始,是Vyatta Core 6.6R1的GPL部分的社区分支,目的是维护一个自由和开源的网络操作系统,以响应终止Vyatta社区版本的决定。在这里,每个人都喜欢学习,老一辈的经理和新用户。 VyOS主要基于Debian GNU / Linux和Quagga路由引擎。其配置语法和CLI大致是从XORP项目建模的Juniper JUNOS派生而来的,该项目是Vyatta的原始路由引擎。...
Vyos-开源篇-2】- vyos软路由基本配置
杨杨得亿博客
06-12 488
文章介绍:vyos 软路由 基础上网功能配置
vyos配置命令
ulrica1122的博客
10-21 542
H3-R4su vyos# commit# save# exitR1# commit# save# exitR2# commit# save# exitR3# commit# save# exitR4# commit# save# exitR5# commit# save# exitR1DHCP# commitH1IPR2OSPF。
完全开源免费路由器VyOS基础上网配置NAT-DHCP-路由.doc
03-12
VyOS 路由器基础上网配置 NAT-DHCP-路由 VyOS 路由器是一款完全开源免费的路由器解决方案,提供了灵活强大的网络路由功能。本文档将指导您如何配置 VyOS 路由器实现 NAT-DHCP-路由功能。 VyOS 路由器基本配置 ...
开源免费的路由器VyOS的简介和基础上网配置.doc
12-21
VyOS是一个完全开源的网络操作系统,可在各种硬件,虚拟机和云提供商上运行,并为所有规模的网络提供功能。
软路由vyos user guide 用户手册
05-27
- **高级配置**:除了基础配置指南之外,还包含了设置高级路由、VRFs(Virtual Routing and Forwarding,虚拟路由转发)以及VPNs等高级功能的指导。 - **操作模式**:在第10章中,提供了关于VyOS不同操作模式的...
路由器配置实例.zip
12-26
路由器的相关基础知识,大家没事的...内容包括:Cisco 与 Intel路由器的对连配置实例、Cisco路由器安全配置方案、华为路由器简单配置详解、路由器的工作原理和安装配置、路由器网络服务安全配置···一共28篇文章。
vyos配置dhcp服务器
weixin_34209406的博客
08-24 576
目标:使用vyos配置简单的dhcp服务器 一、dhcp简介: dhcp简介请参考百度百科, 二、配置dhcp服务 主要步骤: 1、配置dhcp服务名称,并使能dhcp setservicedhcp-servershared-network-namemydhcpauthoritative'enable' 2、配置dhcp服务使用的子网段172.0.0.12...
vyos syslog配置
奇怪的老司机
05-12 366
需求:配置vyos使用syslog服务器10.1.1.2,端口514,协议UDP,记录全部内容。设置syslog服务器和端口set system syslog host 10.1.1.2 port 514设置记录全部内容set system syslog console facility all提交并保存commitsave稍后即可在日志服务器上看到日志。如需记录到文件,使用下列命令set...
vyos1.7 配置 apt 源
weixin_34150503的博客
03-22 516
1、配置 apt 源setsyspackreposqueezecomponents"maincontribnon-free" setsyspackreposqueezedistributionsqueeze setsyspackreposqueezeurlhttp://archive.debian.org/debian sets...
vyos-配置脚本的目录
LinuxKernelCiscoIOS的博客
12-20 632
vyos-配置脚本的目录 ${vyos_conf_scripts_dir} vyos@open:~$ cd ${vyos_conf_scripts_dir} vyos@open:/usr/libexec/vyos/conf_mode$ vyos@open:/usr/libexec/vyos/conf_mode$ vyos@open:/usr/libexec/vyos/conf_mod...
Vyos的基本配置
weixin_30379531的博客
05-10 260
修改用户密码 Enter configuration mode configure Set password set system login user [username] authentication plaintext-password [password] Note: The password is stored encrypted after commit. Commit a...
VyOS软路由系统基本设置
weixin_33853794的博客
08-18 2634
1. VyOS简介 VyOS是一个开源的网络操作系统,可以安装在物理硬件上,也可以安装在你自己的虚拟机上,或者是一个云平台上。它基于GNU/Linux,并加入了多个应用程序,如:Quagga, ISC DHCPD, Open×××, StrongS/WAN等,以及其他的管理界面。 VyOS系统安装最低要求512M内存和2G存储即可。2. 实验需求 最近工作中...
VyOS 路由器系统基本配置1
weixin_34067049的博客
06-11 1620
VyOS是Vyatta系统的社区fork版本,只能说是相当牛逼的开源路由系统。Vyatta是博通的企业级的产品,企业路由的所有功能基本都支持,还支持虚拟机。基本配置第一部分#安装系统,进相关配置 installp_w_picpath 分区-复制文件-配置GRUB reboot #======== #查看网卡信息#计划分配eth0外网线,eth1内网有线...
python远程连接vyos设备,与修改vyos配置
chiehfeng的博客
10-10 269
写自动化测试的时候需要远程到vyos设备上校验配置,记录一下
中小企业 vyos 酒店路由配置详解:防火墙、DHCP、DNS与端口映射
VyOS(虚拟路由器操作系统)的中小企业单位酒店路由配置中,主要关注的是网络安全策略、网络服务访问控制、端口转发以及基础网络功能的设置。以下是对这些关键配置段落的详细解读: 1. **防火墙规则设置**: - `...
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值