Hello Everybody ကၽြန္ေတာ္တို႕ ဒီ အပတ္ေတာ့
Open Source Firewall & Router ျဖစ္တ့ဲ
Vyos Lab တစ္ခုကိုဆက္ေလ့လာၾကမယ္ဗ်ာ။
ကၽြန္ေတာ္ ေရွ႕အပတ္ေတြတုန္းက Cisco, Mikrotik ေတြကို
Multi Lan NAT Lab ေတြ သင္ေပးထားျပီးသားပါ။
ဒီတစ္ခါေတာ့ vyos ကို Multi Lan NAT Lab ကို ဆက္လုပ္ၾကမည္။
ကၽြန္ေတာ္ ဒီ Lab မွာေတာ့ Network ၂ခု ကို တစ္ဖက္က Network တစ္ခုမွာ
Microsoft ရဲ႕ IIS Web Server Run ထားျပီး၊ ေနာက္ထပ္ Network တစ္ခုမွာ
Ubuntu 18 မွာ Apache2 Web Server Run ထားပါသည္။ ဒီ Lab ကို
အတိုင္းေလ့လာမယ့္သူမ်ားကေတာ့ Microsoft & Linux Web Server
အထုိင္ခ်တာကို ေလ့လာထားဖူးတ့ဲသူဆိုပိုအဆင္ေျပပါသည္။ အိုေက
Microsoft & Linux Web Server အထိုင္မခ်ထားဖူးဆိုရင္လဲ ရိုးရိုး
Client PC or EVE-ng မွာပါတ့ဲ VPC Run ျပီးစမ္းရင္လဲ အဆင္ေျပပါသည္။
ဒီ Lab မွာ Network ၂ခုစာကို NAT ေရးယံုမဟုတ္ပဲ Vyos မွာ Telent Services
ဖြင့္ပံု၊ေနာက္ျပီး Web Sever ၂ခုကို သတ္မွတ္ထားတ့ဲ Port 80,443 ေတြကို
Firewall ကေန Policy Zone ေတြ အေျခခံေရးျပတ့ဲပံုစံမ်ိဳးျပထားေပးပါသည္။
ဒီ Lab ကို ေလ့လာမယ့္သူမ်ားကေတာ့ ကၽြန္ေတာ္ ေရွ႕ကတင္ေပးထားတ့ဲ
Vyos Lab ေတြကို ေလ့လာထားျပီးသားဆိုပိုအဆင္ေျပမွာပါ။
Lab ျပန္စမ္းနိုင္ေအာင္ Command Noteေတြကို
ကၽြန္ေတာ္တို႕ YouTube Page က
သက္ဆိုင္ရာ Tutorial ေအာက္က Description မွာ ေရာ
Website မွာပါ ထည့္ေပးထားပါသည္။
ကၽြန္ေတာ္တို႕ လမ္းညႊန္ေပးတ့ဲ Video Tutorial ေတြ ေလ့လာျပီး
ေကာင္းေကာင္းအသံုးခ်ႏိုင္ရင္ ေက်နပ္ပါျပီဗ်ာ။

 

Vyos Multi Lan NAT Config Note
==============

#configure
#show interfaces ethernet
#set interfaces ethernet eth0 address 192.168.5.90/24
#set interfaces ethernet eth1 address 192.168.1.254/24
#set interfaces ethernet eth2 address 192.168.2.254/24
#set system name-server 8.8.8.8
#set system name-server 8.8.4.4
#set protocols static route 0.0.0.0/0 next-hop 192.168.5.1
#show ip route
#show ip protocols

#set nat source rule 1 outbound-interface eth0
#set nat source rule 1 source address 192.168.1.0/24
#set nat source rule 1 translation address masquerade

#set nat source rule 2 outbound-interface eth0
#set nat source rule 2 source address 192.168.2.0/24
#set nat source rule 2 translation address masquerade

#commit
#save
#show nat

DHCP-Server Setup
============
#set service dhcp-server shared-network-name MITA-DHCP subnet 192.168.1.0/24
#edit service dhcp-server shared-network-name MITA-DHCP subnet 192.168.1.0/24
#set start 192.168.1.100 stop 192.168.1.200
#set default-router 192.168.1.254
#set dns-server 8.8.8.8
#set domain-name mita.com
#commit
#save
#show service dhcp-server

 

Telnet open Command Note
=======

set service telnet

Zone-policy Command Note
============
set zone-policy zone private description “Inside”
set zone-policy zone public description “Outside”
set zone-policy zone dmz description “DMZ”

set zone-policy zone public interface eth0
set zone-policy zone private interface eth2
set zone-policy zone dmz interface eth1

set firewall name dmz2private description “DMZ to private”
set firewall name dmz2private rule 1 action accept
set firewall name dmz2private rule 1 state established enable
set firewall name dmz2private rule 1 state related enable
set firewall name dmz2private rule 10 action accept
set firewall name dmz2private rule 10 destination port 80,443
set firewall name dmz2private rule 10 protocol tcp

set firewall name private2dmz description “private to DMZ”
set firewall name private2dmz rule 1 action accept

set zone-policy zone private from dmz firewall name dmz2private
set zone-policy zone dmz from private firewall name private2dmz

 

set firewall name private2public description “private to public”
set firewall name private2public rule 1 action accept
set zone-policy zone public from private firewall name private2public

set firewall name public2private description “public to private”
set firewall name public2private rule 1 action accept
set firewall name public2private rule 1 state established enable
set firewall name public2private rule 1 state related enable
set zone-policy zone private from public firewall name public2private

#commit
#save

 

 

Vyos Multi Lan NAT Lab Video Tutorial

 

 

 

 

Leave a Reply

Your email address will not be published. Required fields are marked *