1. VyOS簡介
VyOS是一個開源的網絡操作系統,可以安裝在物理硬件上,也可以安裝在你自己的虛擬機上,或者是一個雲平台上。它基於GNU/Linux,並加入了多個應用程序,如:Quagga, ISC DHCPD, OpenVPN, StrongS/WAN等,以及其他的管理界面。
VyOS系統安裝最低要求512M內存和2G存儲即可。
2. 實驗需求
最近工作中需要用到vyos軟路由,現將工作中搭建的過程總結如下。
vyos開啟dhcp,開啟80和21端口轉發
3. 環境准備
| 機器名稱 | 配置 | 系統 | 地址 | 備注 |
| vyos | 2C4G | vyos-1.1.7 |
eth0 172.16.0.99 eth1 192.168.10.1 |
兩塊網卡,eth0為外網,可以連接internet,eth1為內網 |
| vm1 | 2C4G | centos7.4 | dhcp獲取 | 一塊網卡 |
| vm2 | 2C4G | centos7.4 | 192.168.10.150 | 一塊網卡 |
4. 實驗拓撲
說明:
1.vyos開啟dhcp,80端口轉發和21端口轉發
2.vm1 dhcp獲取地址
3.vm2 配置靜態地址,開啟web服務和ftp服務
5. 基本設置
5.1 查看設置
# 查看全部設置
vyos@vyos:~$ show configuration
# 匹配查詢
vyos@vyos:~$ show configuration commands | match eth0
# 查看網卡設置
vyos@vyos:~$ show interfaces
5.2 配置網卡
# 進入配置模式
vyos@vyos:~$ configure
# 設置網卡描述
vyos@vyos# set interfaces ethernet eth0 description 'PUBLIC NETWORK'
vyos@vyos# set interfaces ethernet eth1 description 'PRIVATE NETWORK'
# 配置ip地址
vyos@vyos# set interfaces ethernet eth0 address 172.16.0.99/24
vyos@vyos# set protocols static route 0.0.0.0/0 next-hop '172.16.0.254'
vyos@vyos# set interfaces ethernet eth1 address 192.168.10.1/24
# 開啟ssh
vyos@vyos# set service ssh port '22'
# 保存配置
vyos@vyos# commit
vyos@vyos# save
5.3 配置dns轉發
vyos@vyos# set service dns forwarding cache-size '0'
vyos@vyos# set service dns forwarding listen-on eth0
vyos@vyos# set service dns forwarding listen-on eth1
vyos@vyos# set service dns forwarding name-server '114.114.114.114'
vyos@vyos# set service dns forwarding name-server '8.8.8.8'
vyos@vyos# commit
vyos@vyos# save
5.4 配置dhcp服務
vyos@vyos# set service dhcp-server disabled 'false'
vyos@vyos# set service dhcp-server shared-network-name LAN description 'LAN DHCP'
vyos@vyos# set service dhcp-server shared-network-name LAN subnet 192.168.10.0/24 default-router 192.168.10.1
vyos@vyos# set service dhcp-server shared-network-name LAN subnet 192.168.10.0/24 start 192.168.10.100 stop 192.168.10.200
vyos@vyos# set service dhcp-server shared-network-name LAN subnet 192.168.10.0/24 lease '86400'
vyos@vyos# set service dhcp-server shared-network-name LAN subnet 192.168.10.0/24 dns-server 192.168.10.1
vyos@vyos# commit
vyos@vyos# save
5.5 配置內網出公網
vyos@vyos# set nat source rule 100 description 'TO INTERNET'
vyos@vyos# set nat source rule 100 source address 192.168.10.0/24
vyos@vyos# set nat source rule 100 outbound-interface eth0
vyos@vyos# set nat source rule 100 translation address 172.16.0.99
vyos@vyos# commit
vyos@vyos# save
5.6 配置web轉發
vyos@vyos# set nat destination rule 1000 description "WEB SERVER"
vyos@vyos# set nat destination rule 1000 inbound-interface eth0
vyos@vyos# set nat destination rule 1000 destination address 172.16.0.99
vyos@vyos# set nat destination rule 1000 source address 0.0.0.0/0
vyos@vyos# set nat destination rule 1000 destination port 80
vyos@vyos# set nat destination rule 1000 protocol tcp
vyos@vyos# set nat destination rule 1000 translation address 192.168.10.150
vyos@vyos# set nat destination rule 1000 translation port 80
vyos@vyos# commit
vyos@vyos# save
5.7 配置ftp轉發
vyos@vyos# set nat destination rule 1001 description "FTP SERVER"
vyos@vyos# set nat destination rule 1001 inbound-interface eth0
vyos@vyos# set nat destination rule 1001 destination address 172.16.0.99
vyos@vyos# set nat destination rule 1001 protocol tcp
vyos@vyos# set nat destination rule 1001 source address 0.0.0.0/0
vyos@vyos# set nat destination rule 1001 destination port 21
vyos@vyos# set nat destination rule 1001 translation address 192.168.10.150
vyos@vyos# set nat destination rule 1001 translation port 21
vyos@vyos# commit
vyos@vyos# save
5.8 測試檢查
vm1設置網卡dhcp,重啟網卡。發現可以獲取到ip192.168.10.100,並可以連接外網
vm2設置網卡靜態ip地址,重啟網卡。並開啟web和ftp服務
測試成功轉發
參考資料
https://wiki.vyos.net/wiki/User_Guide