GNS3 + Qemu + Vyatta で開いたネットワーク(Internetへつながる)をつくる
overview
開いたネットワーク(internetへ接続可能)
- bridgingをすればethernet/ieee802.11でもインターネット接続できそうだが未検証
- qemuのuser-mode networkを利用してinternetへでる(ping to Internetはできない)
- router:1(10.0.2.15/24, 192.168.10.1/24, 192.168.20.1/24)
- network:3(10.0.2.0/24, 192.168.10.0/24, 192.168.20.0/24)
- host:2
qemuのuser-mode network
qemu option追加
vyattaの設定
set system gateway-address 10.0.2.2 # qemuのdefalut dhcp server/router (user-mode) set system name-server 10.0.2.3 # qemuのdefalut dns server (user-mode)
set interfaces ethernet eth0 dhcp # 確認 show interfaces (not in configuratoin mode) set interfaces ethernet eth0 hw-id 52:54:01:a6:4c:00 set interfaces ethernet eth1 address 192.168.10.1/24 set interfaces ethernet eth2 address 192.168.20.1/24 set interfaces ethernet eth1 hw-id 52:54:01:a6:4c:01 set interfaces ethernet eth2 hw-id 52:54:01:a6:4c:02 commit save config
#eth1 set service dhcp-server shared-network-name ETH1_POOL subnet 192.168.10.0/24 start 192.168.10.30 stop 192.168.10.249 set service dhcp-server shared-network-name ETH1_POOL subnet 192.168.10.0/24 default-router 192.168.10.1 #eth2 set service dhcp-server shared-network-name ETH2_POOL subnet 192.168.20.0/24 start 192.168.20.30 stop 192.168.20.249 set service dhcp-server shared-network-name ETH2_POOL subnet 192.168.20.0/24 default-router 192.168.20.1 commit save
- NAT (一応)
set nat source rule 10 description "NAT on eth0" set nat source rule 10 outbound-interface eth0 set nat source rule 10 source address 192.168.0.0/16 set nat source rule 10 protocol tcp set nat source rule 10 translation address masquerade set nat source rule 20 description "NAT on eth0" set nat source rule 20 outbound-interface eth0 set nat source rule 20 source address 192.168.0.0/16 set nat source rule 20 protocol icmp set nat source rule 20 translation address masquerade
- firewall
# TO-FROM-HOST set firewall name TO-FROM-HOST description "Traffic to/from Host" set firewall name TO-FROM-HOST default-action accept set interfaces ethernet eth0 firewall in name TO-FROM-HOST # TO-ROUTER set firewall name TO-ROUTER description "Traffic Destined for Router Itself" set firewall name TO-ROUTER default-action reject ## rule 10 set firewall name TO-ROUTER rule 10 description "Accept Established-Related Connections" set firewall name TO-ROUTER rule 10 action accept set firewall name TO-ROUTER rule 10 state established enable set firewall name TO-ROUTER rule 10 state related enable set firewall name TO-ROUTER rule 10 log disable ## rule 20 (mask=255.255.0.0にして1つのfirewallで対応) set firewall name TO-ROUTER rule 20 description "SSH Access" set firewall name TO-ROUTER rule 20 action accept set firewall name TO-ROUTER rule 20 protocol tcp set firewall name TO-ROUTER rule 20 source address 192.168.0.0/16 set firewall name TO-ROUTER rule 20 destination port ssh set firewall name TO-ROUTER rule 20 log disable ## rule 30 (source filterしない) set firewall name TO-ROUTER rule 30 description "Accept ICMP Unreachable" set firewall name TO-ROUTER rule 30 action accept set firewall name TO-ROUTER rule 30 protocol icmp set firewall name TO-ROUTER rule 30 icmp type 3 set firewall name TO-ROUTER rule 30 log disable ## rule 32 (source filterしない) set firewall name TO-ROUTER rule 32 description "Accept ICMP Echo Request" set firewall name TO-ROUTER rule 32 action accept set firewall name TO-ROUTER rule 32 protocol icmp set firewall name TO-ROUTER rule 32 icmp type 8 set firewall name TO-ROUTER rule 32 log disable ## rule 34 (source filterしない) set firewall name TO-ROUTER rule 34 description "Accept ICMP Time-Exceeded" set firewall name TO-ROUTER rule 34 action accept set firewall name TO-ROUTER rule 34 protocol icmp set firewall name TO-ROUTER rule 34 icmp type 11 set firewall name TO-ROUTER rule 34 log disable ## set firewall on eth1 and eth2 set interfaces ethernet eth1 firewall local name TO-ROUTER set interfaces ethernet eth2 firewall local name TO-ROUTER commit save
# tiny-linux 4.7.7の設定 * 4
- URL
- default gwの設定
$ sudo route add default gw 192.168.10.1 dev eth0 or (network指定の場合) $ sudo route add -net 192.168.10.0 netmask 255.255.255.0 gw 192.168.10.1 dev eth0 $ sudo route add default gw 192.168.20.1 dev eth0 or (network指定の場合) $ sudo route add -net 192.168.20.0 netmask 255.255.255.0 gw 192.168.20.1 dev eth0
$ ping 192.168.10.1 $ ping 192.168.10.xx $ ping 192.168.10.yy $ ping 192.168.20.1 $ ping 192.168.20.xx $ ping 192.168.20.yy $ ssh -l vyatta 192.168.10.1 ## to router $ ssh -l vyatta 192.168.20.1 ## to router $ ssh -l root 192.168.10.xx ## to another host $ ssh -l root 192.168.20.yy ## to another host $ wget "http://yahoo.co.jp" $ ssh -l host your.external.server