firewall-> get interface all box is not in pure_l2_mode A - Active, I - Inactive, U - Up, D - Down, R - Ready Total interface: 12 Name IP Address Zone MAC VLAN State VSD trust 192.168.3.1/24 Trust 001f.1255.a902 - U - untrust 61.144.230.41/29 Untrust 001f.1255.a901 - U - serial 0.0.0.0/0 Null 001f.1255.a906 - D - tun.1 unnumbered Untrust untrust - D - vlan1 0.0.0.0/0 VLAN 001f.1255.a90f 1 D - null 0.0.0.0/0 Null N/A - U 0 firewall->
set pppoe name "PPPoE" set pppoe name "PPPoE" username "cjf0000@163.gd" password "yVizHVPmNgsYRvCpTP7RsQnxg2VpbQ==" set pppoe name "PPPoE" idle 0 set pppoe name "PPPoE" interface untrust set pppoe name "PPPoE" auto-connect 30
set interface eth4 nat //将接口4设置为nat模式 set interface eth4 route //将接口4设置为路由模式
Route between multiple subnets without a router
set interface trust ip (ip address) (subnet mask) secondary [Enter] save [Enter]
set zone name office //建立一个3层的zone,名为Office set zone name L2-office L2 1 //建立一个2层的zone,名为L2-Office(二层接口必须以L2-开始命名),vlan id 为1。 set interface eth4 zone office //将接口4设置为office zone的接口。 set interface vlan1 ip 10.10.10.10/24 //将vlan1的ip设置为10.10.10.10 set interface vlan1 manage web //开通vlan1接口的web管理功能 set interface vlan1 manage ping //开通vlan1接口的ping功能
set interface eth3 mip 1.1.1.1 host 2.2.2.2 vrouter trust-vr //设置mip,外网ip1.1.1.1 绑定到内网ip 2.2.2.2上 unset interface eth3 mip 1.1.1.1 //取消1.1.1.1的mip设置
unset interface "untrust" mip 61.144.230.44 set interface "untrust" mip 61.144.230.44 host 192.168.3.46 netmask 255.255.255.255 vr "trust-vr" set policy from "Untrust" to "Trust" "Any" "MIP(61.144.230.44)" "HTTP" permit log policy id = 79 set policy id 79 set service "HTTPS" exit
set interface eth3 vip untrust-ip + 21 ftp 192.168.0.10 //设置vip set interface eth3 vip untrust-ip + 8000 ftp 192.168.0.10
set service "OpenSSH" protocol tcp src-port 0-65535 dst-port 22-22 set interface untrust vip 61.144.230.45 + 22 OpenSSH 192.168.3.10 set policy from untrust to trust any vip(61.144.230.45) OpenSSH permit save
原文出处:Netkiller 系列 手札
本文作者:陈景峯
转载请与作者联系,同时请务必标明文章原始出处和作者信息及本声明。
