Vyatta

Материал из Wiki
Перейти к: навигация, поиск

VYATTA

Тут заметки про эту несколько странную систему. просто базовые куски конфигов, в отрыве от задачи практически безполезные

firewall port forwarding

Как-то так похоже:

set service nat rule 20 type destination
set service nat rule 20 inbound-interface eth1
set service nat rule 20 protocol tcp
set service nat rule 20 destination port 22
set service nat rule 20 inside-address address 172.31.255.253
commit
save
exit

Ну и полный список примеров:

Masquerade NAT

set service nat rule 1 source address 192.168.88.0/24
set service nat rule 1 outbound-interface eth1
set service nat rule 1 type masquerade

Source NAT

set service nat rule 1 outbound-interface eth0
set service nat rule 1 outside-address address 93.155.130.11
set service nat rule 1 source address 172.16.10.253/24
set service nat rule 1 type source

Destination NAT

set service nat rule 2 destination address 93.155.130.11
set service nat rule 2 inbound-interface eth0
set service nat rule 2 inside-address address 172.16.10.253
set service nat rule 2 type destination

DNAT – port forwarding

set service nat rule 3 destination address 192.168.17.50
set service nat rule 3 destination port 10022
set service nat rule 3 inbound-interface eth1
set service nat rule 3 inside-address address 172.31.255.253
set service nat rule 3 inside-address port 22
set service nat rule 3 protocol tcp
set service nat rule 3 type destination

Для проброса ESXi vSphere:

15:24:03.170423 IP 192.168.14.189.2078 > 192.168.17.50.443: Flags [S], seq 3759059683, win 65535, options [mss 1460,nop,nop,sackOK], length 0
15:24:03.170491 IP 192.168.17.50.443 > 192.168.14.189.2078: Flags [R.], seq 0, ack 3759059684, win 0, length 0
15:24:03.692074 IP 192.168.14.189.2078 > 192.168.17.50.443: Flags [S], seq 3759059683, win 65535, options [mss 1460,nop,nop,sackOK], length 0
15:24:03.692132 IP 192.168.17.50.443 > 192.168.14.189.2078: Flags [R.], seq 0, ack 1, win 0, length 0
15:24:04.658366 IP 192.168.14.189.2078 > 192.168.17.50.443: Flags [S], seq 3759059683, win 65535, options [mss 1460,nop,nop,sackOK], length 0
15:24:04.658419 IP 192.168.17.50.443 > 192.168.14.189.2078: Flags [R.], seq 0, ack 1, win 0, length 0
set service nat rule 10 type destination
set service nat rule 10 destination address 192.168.17.50
set service nat rule 10 protocol tcp
set service nat rule 10 destination port 443
set service nat rule 10 inbound-interface eth1
set service nat rule 10 inside-address address 172.31.255.253
set service nat rule 10 inside-address port 443
set service nat rule 20 type destination
set service nat rule 20 destination address 192.168.17.50
set service nat rule 20 protocol tcp
set service nat rule 20 destination port 2078
set service nat rule 20 inbound-interface eth1
set service nat rule 20 inside-address address 172.31.255.253
set service nat rule 20 inside-address port 2078
set service nat rule 30 type destination
set service nat rule 30 destination address 192.168.17.50
set service nat rule 30 protocol tcp
set service nat rule 30 destination port 902
set service nat rule 30 inbound-interface eth1
set service nat rule 30 inside-address address 172.31.255.253
set service nat rule 30 inside-address port 902
set service nat rule 40 type destination
set service nat rule 40 destination address 192.168.17.50
set service nat rule 40 protocol tcp
set service nat rule 40 destination port 80
set service nat rule 40 inbound-interface eth1
set service nat rule 40 inside-address address 172.31.255.253
set service nat rule 40 inside-address port 80


set service nat rule 110 type destination
set service nat rule 110 destination address 192.168.17.50
set service nat rule 110 protocol tcp
set service nat rule 110 destination port 10122
set service nat rule 110 inbound-interface eth1
set service nat rule 110 inside-address address 172.31.255.252
set service nat rule 110 inside-address port 22

Задроченый кусок конфига

10

       rule 10 {
            outbound-interface tun0
            source {
                address 172.31.255.254/27
            }
            type masquerade
        }

20

        rule 20 {
            outbound-interface eth1
            source {
                address 172.31.255.224/27
            }
            type masquerade
        }
set service nat rule 20 type masquerade 
set service nat rule 20 outbound-interface eth1 
set service nat rule 20 source address 172.31.255.224/27

30

        rule 30 {
            outbound-interface eth1
            source {
                address 192.168.204.0/24
            }
            type masquerade
        }
set service nat rule 30 type masquerade 
set service nat rule 30 outbound-interface eth1 
set service nat rule 30 source address 192.168.204.0/24

100

        rule 100 {
            destination {
                address 172.31.254.2
                port 10254
            }
            inbound-interface tun0
            inside-address {
                address 172.31.255.254
                port 22
            }
            protocol tcp
            type destination
        }
}
set service nat  rule  100 type destination 
set service nat  rule  100 destination address 172.31.254.2           
set service nat  rule  100 destination port 10254           
set service nat  rule  100 inbound-interface tun0
set service nat  rule  100 inside-address address 172.31.255.254
set service nat  rule  100 inside-address port 22               
set service nat  rule  100 protocol tcp  

101

        rule 101 {
            destination {
                address 192.168.17.174
                port 55672
            }
            inbound-interface eth1
            inside-address {
                address 172.31.255.252
                port 55672
            }
            protocol tcp
            type destination
        }

102

        rule 102 {
            destination {
                address 192.168.17.174
                port 5672
            }
            inbound-interface eth1
            inside-address {
                address 172.31.255.252
                port 5672
            }
            protocol tcp
            type destination
        }

110

        rule 110 {
            destination {
                address 172.31.254.2
                port 10253
            }
            inbound-interface tun0
            inside-address {
                address 172.31.255.253
                port 22
            }
            protocol tcp
            type destination
        }

120

        rule 120 {
            destination {
                address 172.31.254.2
                port 10252
            }
            inbound-interface tun0
            inside-address {
                address 172.31.255.252
                port 22
            }
            protocol tcp
            type destination
        }

130

        rule 130 {
            destination {
                address 172.31.254.2
                port 10251
            }
            inbound-interface tun0
            inside-address {
                address 172.31.255.251
                port 22
            }
            protocol tcp
            type destination
        }

140

        rule 140 {
            destination {
                address 172.31.254.2
                port 10250
            }
            inbound-interface tun0
            inside-address {
                address 172.31.255.250
                port 22
            }
            protocol tcp
            type destination
        }

200

        rule 200 {
            destination {
                address 172.31.254.2
                port 11254
            }
            inbound-interface tun0
            inside-address {
                address 172.31.255.254
                port 161
            }
            protocol udp
            type destination
        }

210

        rule 210 {
            destination {
                address 172.31.254.2
                port 11253
            }
            inbound-interface tun0
            inside-address {
                address 172.31.255.253
                port 161
            }
            protocol udp
            type destination
        }

220

        rule 220 {
            destination {
                address 172.31.254.2
                port 11252
            }
            inbound-interface tun0
            inside-address {
                address 172.31.255.252
                port 161
            }
            protocol udp
            type destination
        }

230

        rule 230 {
            destination {
                address 172.31.254.2
                port 11251
            }
            inbound-interface tun0
            inside-address {
                address 172.31.255.251
                port 161
            }
            protocol udp
            type destination
        }

240

        rule 240 {
            destination {
                address 172.31.254.2
                port 11250
            }
            inbound-interface tun0
            inside-address {
                address 172.31.255.250
                port 161
            }
            protocol udp
            type destination
        }

310

        rule 310 {
            destination {
                address 172.31.254.2
                port 12254
            }
            inbound-interface tun0
            inside-address {
                address 172.31.255.254
                port 80
            }
            protocol tcp
            type destination
        }

320

        rule 320 {
            destination {
                address 172.31.254.2
                port 12251
            }
            inbound-interface tun0
            inside-address {
                address 172.31.255.251
                port 443
            }
            protocol tcp
            type destination
        }

500

        rule 500 {
            destination {
                address 172.31.254.2
                port 15252
            }
            inbound-interface tun0
            inside-address {
                address 172.31.255.252
                port 5672
            }
            protocol tcp
            type destination
        }

510

        rule 510 {
            destination {
                address 192.168.204.2
                port 8881
            }
            inbound-interface eth2
            inside-address {
                address 172.31.255.252
                port 8881
            }
            protocol tcp
            type destination
        }

515

        rule 515 {
            destination {
                port 8881
            }
            outbound-interface eth0
            outside-address {
                address 172.31.255.254
            }
            protocol tcp
            source {
                address 192.168.204.0/24
            }
            type source
        }

900

        rule 900 {
            destination {
                address 192.168.17.174
                port 10254
            }
            inbound-interface eth1
            inside-address {
                address 172.31.255.254
                port 22
            }
            protocol tcp
            type destination
        }
set service nat rule 900  type destination 
set service nat rule 900  destination address 192.168.17.171
set service nat rule 900  destination  port 10254           
set service nat rule 900  inbound-interface eth1 
set service nat rule 900  inside-address address 172.31.255.254
set service nat rule 900  inside-address port 22               
set service nat rule 900  protocol tcp

910

        rule 910 {
            destination {
                address 192.168.17.174
                port 10253
            }
            inbound-interface eth1
            inside-address {
                address 172.31.255.253
                port 22
            }
            protocol tcp
            type destination
        }
set service nat rule 910  type destination
set service nat rule 910  destination address 192.168.17.171
set service nat rule 910  destination  port 10253
set service nat rule 910  inbound-interface eth1
set service nat rule 910  inside-address address 172.31.255.253
set service nat rule 910  inside-address port 22
set service nat rule 910  protocol tcp

920

        rule 920 {
            destination {
                address 192.168.17.174
                port 10252
            }
            inbound-interface eth1
            inside-address {
                address 172.31.255.252
                port 22
            }
            protocol tcp
            type destination
        }
set service nat rule 920  type destination
set service nat rule 920  destination address 192.168.17.171
set service nat rule 920  destination  port 10252
set service nat rule 920  inbound-interface eth1
set service nat rule 920  inside-address address 172.31.255.252
set service nat rule 920  inside-address port 22
set service nat rule 920  protocol tcp

930

        rule 930 {
            destination {
                address 192.168.17.174
                port 10251
            }
            inbound-interface eth1
            inside-address {
                address 172.31.255.251
                port 22
            }
            protocol tcp
            type destination
        }
set service nat rule 930  type destination
set service nat rule 930  destination address 192.168.17.171
set service nat rule 930  destination  port 10251
set service nat rule 930  inbound-interface eth1
set service nat rule 930  inside-address address 172.31.255.251
set service nat rule 930  inside-address port 22
set service nat rule 930  protocol tcp

940

        rule 940 {
            destination {
                address 192.168.17.174
                port 10250
            }
            inbound-interface eth1
            inside-address {
                address 172.31.255.250
                port 22
            }
            protocol tcp
            type destination
        }
set service nat rule 940  type destination
set service nat rule 940  destination address 192.168.17.171
set service nat rule 940  destination  port 10250
set service nat rule 940  inbound-interface eth1
set service nat rule 940  inside-address address 172.31.255.250
set service nat rule 940  inside-address port 22
set service nat rule 940  protocol tcp

960

        rule 960 {

            destination {
                address 192.168.17.174
                port 20252
            }
            inbound-interface eth1
            inside-address {
                address 172.31.255.252
                port 55672
            }
            protocol tcp
            type destination
        }
    }
set service nat rule 960  type destination
set service nat rule 960  destination address 192.168.17.171
set service nat rule 960  destination  port 20252
set service nat rule 960  inbound-interface eth1
set service nat rule 960  inside-address address 172.31.255.252
set service nat rule 960  inside-address port 55672
set service nat rule 960  protocol tcp


tmp

set service nat rule 98 type destination
set service nat rule 98 destination address 192.168.17.174
set service nat rule 98 protocol tcp
set service nat rule 98 destination port 9090
set service nat rule 98 inbound-interface eth1
set service nat rule 98 inside-address address 172.31.255.252
set service nat rule 98 inside-address port 9090


set service nat rule 9998 type destination
set service nat rule 9998 destination address 192.168.17.171
set service nat rule 9998 protocol tcp
set service nat rule 9998 destination port 80
set service nat rule 9998 inbound-interface eth1
set service nat rule 9998 inside-address address 172.31.255.10
set service nat rule 9998 inside-address port 8080
set service nat rule 9998 type destination
set service nat rule 9998 destination address 192.168.17.145
set service nat rule 9998 protocol tcp
set service nat rule 9998 destination port 8000
set service nat rule 9998 inbound-interface eth0
set service nat rule 9998 inside-address address 172.31.255.10
set service nat rule 9998 inside-address port 8000

MGMT CLOUD

set service nat rule 9997 type destination
set service nat rule 9997 destination address 192.168.17.144
set service nat rule 9997 protocol tcp
set service nat rule 9997 destination port 8001
set service nat rule 9997 inbound-interface eth1
set service nat rule 9997 inside-address address 172.31.255.10
set service nat rule 9997 inside-address port 8001



set service nat rule 9996 type destination
set service nat rule 9996 destination address 192.168.17.144
set service nat rule 9996 protocol tcp
set service nat rule 9996 destination port 8002
set service nat rule 9996 inbound-interface eth1
set service nat rule 9996 inside-address address 172.31.255.10
set service nat rule 9996 inside-address port 8002


set service nat rule 9995 type destination
set service nat rule 9995 destination address 192.168.17.144
set service nat rule 9995 protocol tcp
set service nat rule 9995 destination port 8003
set service nat rule 9995 inbound-interface eth0
set service nat rule 9995 inside-address address 172.31.255.10
set service nat rule 9995 inside-address port 8003


set service nat rule 9994 type destination
set service nat rule 9994 destination address 192.168.17.144
set service nat rule 9994 protocol tcp
set service nat rule 9994 destination port 8004
set service nat rule 9994 inbound-interface eth1
set service nat rule 9994 inside-address address 172.31.255.10
set service nat rule 9994 inside-address port 8004


set service nat rule 9997 type destination
set service nat rule 9997 destination address 192.168.17.146
set service nat rule 9997 protocol tcp
set service nat rule 9997 destination port 80
set service nat rule 9997 inbound-interface eth0
set service nat rule 9997 inside-address address 172.31.255.10
set service nat rule 9997 inside-address port 80