|
发表于 2008-11-16 19:38:27
|
显示全部楼层
补充点内容
官方视频链接
http://www.vyatta.com/products/demo.php
前几日成功安装配置
pppoe, NAT, firewall, pptp VPN,IPS, anti-virus ;
vyatta VC4.1.4
把配置文件贴出来供大家分享
所有私人信息都用*代替
content-inspection {
anti-virus {
action alert
port-list 21,25,80,81,110,119,139,445,143,8080,8000
}
ips {
actions {
other pass
priority-1 pass
priority-2 pass
priority-3 drop
}
auto-update {
oink-code 849aa9b7873136a6ddaeb7e0a63a54c1d37c50ce
update-hour 12
}
}
traffic-filter {
preset all
}
}
firewall {
broadcast-ping disable
name infw {
rule 1 {
action accept
destination {
address 0.0.0.0/0
}
log enable
protocol all
state {
established enable
related enable
}
}
}
name localfw {
rule 1 {
action accept
destination {
port 22
}
log enable
protocol tcp
source {
address 0.0.0.0/0
}
}
rule 2 {
action accept
destination {
port 1723
}
protocol tcp
source {
address 0.0.0.0/0
}
state {
established enable
new enable
related enable
}
}
rule 3 {
action accept
log enable
protocol 47
state {
established enable
new enable
related enable
}
}
}
name outfw {
rule 1 {
action accept
destination {
address 0.0.0.0/0
}
log enable
protocol all
state {
established enable
new enable
related enable
}
}
}
}
interfaces {
ethernet eth0 {
address 192.168.18.1/24
hw-id 00:0c:29:db:51:a0
}
ethernet eth1 {
address 192.168.1.10/24
hw-id 00:0c:29:db:51:aa
pppoe 0 {
connect-on-demand
firewall {
in {
name infw
}
local {
name localfw
}
out {
name outfw
}
}
password ****************
service-name shtel
user-id ad********
}
}
loopback lo {
address 127.0.0.1/24
}
}
protocols {
snmp {
community public {
authorization ro
}
location "******** office"
trap-target 192.168.18.213
}
}
service {
nat {
rule 1 {
destination {
address 0.0.0.0/0
}
inbound-interface eth0
outbound-interface pppoe0
type masquerade
}
}
ssh {
allow-root false
}
}
system {
domain-name *********.local
host-name fw
login {
user root {
authentication {
encrypted-password ****************
}
}
user vyatta {
authentication {
encrypted-password ****************
}
}
}
ntp-server 69.59.150.135
package {
auto-sync 1
repository community {
components main
distribution stable
url http://packages.vyatta.com/vyatta
}
}
time-zone GMT+8
}
vpn {
pptp {
remote-access {
authentication {
local-users {
username *** {
password ****************
}
}
mode radius
radius-server 192.168.18.30 {
key ********
}
}
client-ip-pool {
start 192.168.18.80
stop 192.168.18.99
}
dns-servers {
server-1 192.168.18.30
}
wins-servers {
server-1 192.168.18.30
}
}
}
} |
|