GNS3 + Qemu + Vyatta で閉じたネットワークをつくる
概要
閉じた形式のネットワーク
- router:1 (192.168.10.1, 192.168.20.1)
- network:2 (192.168.10.0/24, 192.168.20.0/24)
- host:4 (dhcp)
vyatta.6.5での設定
- ip/mac
set interfaces ethernet eth1 address 192.168.10.1/24 set interfaces ethernet eth2 address 192.168.20.1/24 set interfaces ethernet eth1 hw-id 52:54:01:a6:4c:01 set interfaces ethernet eth2 hw-id 52:54:01:a6:4c:02 #set system gateway-address 192.168.20.1 commit save config
- dhcp-server
# eth1 set service dhcp-server shared-network-name ETH1_POOL subnet 192.168.10.0/24 start 192.168.10.30 stop 192.168.10.249 set service dhcp-server shared-network-name ETH1_POOL subnet 192.168.10.0/24 default-router 192.168.10.1 # eth2 set service dhcp-server shared-network-name ETH2_POOL subnet 192.168.20.0/24 start 192.168.20.30 stop 192.168.20.249 set service dhcp-server shared-network-name ETH2_POOL subnet 192.168.20.0/24 default-router 192.168.20.1 commit save
- firewall
# TO-ROUTER set firewall name TO-ROUTER description "Traffic Destined for Router Itself" set firewall name TO-ROUTER default-action reject ## rule 10 set firewall name TO-ROUTER rule 10 description "Accept Established-Related Connections" set firewall name TO-ROUTER rule 10 action accept set firewall name TO-ROUTER rule 10 state established enable set firewall name TO-ROUTER rule 10 state related enable set firewall name TO-ROUTER rule 10 log disable ## rule 20 (mask=255.255.0.0にして1つのfirewallで対応) set firewall name TO-ROUTER rule 20 description "SSH Access" set firewall name TO-ROUTER rule 20 action accept set firewall name TO-ROUTER rule 20 protocol tcp set firewall name TO-ROUTER rule 20 source address 192.168.0.0/16 set firewall name TO-ROUTER rule 20 destination port ssh set firewall name TO-ROUTER rule 20 log disable ## rule 30 (source filterしない) set firewall name TO-ROUTER rule 30 description "Accept ICMP Unreachable" set firewall name TO-ROUTER rule 30 action accept set firewall name TO-ROUTER rule 30 protocol icmp set firewall name TO-ROUTER rule 30 icmp type 3 set firewall name TO-ROUTER rule 30 log disable ## rule 32 (source filterしない) set firewall name TO-ROUTER rule 32 description "Accept ICMP Echo Request" set firewall name TO-ROUTER rule 32 action accept set firewall name TO-ROUTER rule 32 protocol icmp set firewall name TO-ROUTER rule 32 icmp type 8 set firewall name TO-ROUTER rule 32 log disable ## rule 34 (source filterしない) set firewall name TO-ROUTER rule 34 description "Accept ICMP Time-Exceeded" set firewall name TO-ROUTER rule 34 action accept set firewall name TO-ROUTER rule 34 protocol icmp set firewall name TO-ROUTER rule 34 icmp type 11 set firewall name TO-ROUTER rule 34 log disable ## set firewall on eth1 and eth2 set interfaces ethernet eth1 firewall local name TO-ROUTER set interfaces ethernet eth2 firewall local name TO-ROUTER commit save
tiny-linux 4.7.7の設定 (x 4)
- URL
- default gwの設定
$ route add default gw 192.168.20.1 dev eth1 or (network指定の場合) $ route add -net 192.168.20.0 netmask 255.255.255.0 gw 192.168.20.1 dev eth1
- ping/sshの確認 from any host and the router
$ ping 192.168.10.1 $ ping 192.168.10.xx $ ping 192.168.10.yy $ ping 192.168.20.1 $ ping 192.168.20.xx $ ping 192.168.20.yy $ ssh -l vyatta 192.168.10.1 ## to router $ ssh -l vyatta 192.168.20.1 ## to router $ ssh -l root 192.168.10.xx ## to another host $ ssh -l root 192.168.20.yy ## to another host