1. 从www.vyatta.org下载相应的VC版本,我使用的是ESX平台的VC6.1;
2. 直接用ESX导入下载的模板,默认是两个网卡,用户名密码都是vyatta;
3. 设置eth0作为ADSL拨号的网卡,只需设置pppoe的用户名和密码,其他默认:
set interface ethernet eth0 pppoe 1 user-id ad12345678
set interface ethernet eth0 pppoe 1 password xxxxxx
4. 设置eth1作为LAN的网关,只设置IP地址,其他默认:
set interface ethernet eth1 address 192.168.1.1/24
5. 在ESX上给虚机添加一个网卡,作为管理接口,并添加静态路由:
set interface ethernet eth2 address 10.x.x.99/25
set protocols static route 10.x.x.x/24 next-hop 10.x.x.xx
6. 设置NAT
set service nat rule 1 outbound-interface pppoe1
set service nat rule 1 protocol all
set service nat rule 1 type masquerade
7. 设置DHCP
set service dhcp-server
set service dhcp-server shared-network-name ETH1_POOL subnet 192.168.1.0/24 start 192.168.1.101 stop 192.168.1.150
set service dhcp-server shared-network-name ETH1_POOL subnet 192.168.1.0/24 default-router 192.168.1.1
set service dhcp-server shared-network-name ETH1_POOL subnet 192.168.1.0/24 dns-server 202.96.209.133
set service dhcp-server shared-network-name ETH1_POOL subnet 192.168.1.0/24 dns-server 208.67.222.222
set service dhcp-server shared-network-name ETH1_POOL subnet 192.168.1.0/24 lease 86400
8. 定时重启,
添加root用户,只能在console以root用户登录,编辑/etc/crontab。如下设置每天1点reboot。
0 1 * * * root /sbin/reboot
9. 重新拨号
disconnect interface pppoe1
connect interface pppoe1
10. 设置flow counting, 查看用show
set system flow-accounting interface eth1
show flow-accounting
11.设置snmp
set service snmp community public authorization ro
12. disable/enable interface
set interfaces ethernet eth1 disable
delete interfaces ethernet eth1 disable
13. firewall, 只允许特定IP访问vyatta的PPPoE接口.
set firewall name FWTEST rule 1 action accept
set firewall name FWTEST rule 1 source address 210.xxx.xxx.x/25
set firewall name FWTEST rule 1 protocol all
set interfaces ethernet eth0 pppoe 1 firewall local name FWTEST
14.deny大流量IP
Vyatta的ACL就是用firewall实现,如下是deny 192.168.1.101访问Internet。
转载于:https://blog.51cto.com/18567/397433