接上面的环境
- 开启DHCP服务
- set service dhcp-server
- 设置DHCP起始结束地址,2-99
- set service dhcp-server shared-network-name LAN_POOL subnet 10.0.0.0/24 start 10.0.0.2 stop 10.0.0.99
- 设置默认路由
- set service dhcp-server shared-network-name LAN_POOL subnet 10.0.0.0/24 default-router 10.0.0.100
- 设置静态路由
- set service dhcp-server shared-network-name LAN_POOL subnet 10.0.0.0/24 static-route router 10.0.0.100
- set service dhcp-server shared-network-name LAN_POOL subnet 10.0.0.0/24 destination-subnet 10.1.1.0/24
- 设置域名
- set service dhcp-server shared-network-name LAN_POOL subnet 10.0.0.0/24 domain-name test.org
- 设置两条DNS
- set service dhcp-server shared-network-name LAN_POOL subnet 10.0.0.0/24 dns-server 8.8.8.8
- set service dhcp-server shared-network-name LAN_POOL subnet 10.0.0.0/24 dns-server 10.0.0.100
- 租约过期时间
- set service dhcp-server shared-network-name LAN_POOL subnet 10.0.0.0/24 lease 7200
- 查看DHCP配置
- show service dhcp-server
- 查看DHCP服务器状态
- show dhcp server statistics
- 重启DHCP服务器
- restart dhcp server
- 禁用DHCP服务
- set service dhcp-server disable true
顺便将下DNS缓存,将上面的DNS服务器换成10.0.0.100,然后执行下面的命令,vyatta就能够提内网客户端转发域名查询和固定解析。
- 要缓存的DNS地址
- set service dns forwarding name-server 8.8.8.8
- 请求来自内部,所以要监听内网网卡地址
- set service dns forwarding listen-on eth0
- 缓存大小
- set service dns forwarding cache-size 200
- 由于host文件优先级高,vyatta在DNS转发前会优先将host文件中的记录解析给客户端,
- 因此vyatta也可以做成内网DNS,可以手动添加固定IP地址解析
- set system static-host-mapping host-name web01.test.org inet 10.1.1.11
- set system static-host-mapping host-name web02.test.org inet 10.1.1.12
- set system static-host-mapping host-name web03.test.org inet 10.1.1.13
- commit
DNS转发时,实际上是vyatta自己向8.8.8.8查询,而vyatta入站策略是禁止流量进入的,因此需要开一个口子,允许来自外网DNS udp 53端口的连接,否则局域网的机器还是无法获得解析。
- set firewall name DNS rule 10 action accept
- set firewall name DNS rule 10 protocol udp
- set firewall name DNS rule 10 source port 53
- set firewall name DNS rule 10 source address 8.8.8.8
下文讲述web代理
本文转自 紫色葡萄 51CTO博客,原文链接:http://blog.51cto.com/purplegrape/1063159,如需转载请自行联系原作者