Vyatta 6 – реална конфигурация у дома :-)

При една авария в поддържана от мен фирма с изпържен рутер от токов удар в събота вечерта трябваше да конфигурирам моя домашен linksys WRT54GL с DD-WRT (дойде му и на него времето след три години вярна служба) . В един момент останах без рутер а у нас сме с три лаптопа плюс два съседна апартамента, те и те уж само времено но щях да оставя сума си ти хора без Интернет. В офиса имаше само смотани модели които не покриват високите изисквания на моята домашна мрежа 🙂 и така всичко пак опря до Linux рутер. Точно преди да инсталирам едно “Дебианче” се позамислих, че май сега е момента да пробвам Vyatta в реални условия. Получи се добре макар и да изпадам в недоумения защо Vyatta не поддържа policy routng, UPNP и TCPMSS за момента .. ?? За сметка на това пък другите неща са прекрасни за конфигурация, всичко е в един файл, удобното допълване с клавиша ‘TAB’ също е незаменимо, след първите 5-6 реда спрях да гледам how-to-та и конфигурирах всичко само по пътя на логиката. Тази система според мен има голямо бъдеще ако я разширят и поддържат всичко необходимо за един рутер от среден и видок клас. Нещото което найстина най много ме впечатли е Load Balancing. Толкова много съм се борил с това в Debian i Slackware, че се отказах преди доста време с извода, че няма добро решение на това нещо. Но ето, че има и това е Vyatta.

            ______10.18.5.1 Local Optisprint 212.233.128.0/17, 10.0.0.0/8
________________    |               ____________
|  10.18.5.3	|    |               |93.155.131.1
|	 eth3	|_______|___10.18.5.254 Internet GCN__|
|  --WAN--	|       |           |
|		|Reverse Proxy - Load Balancing    | -=INTERNET=-
| 172.16.21.2	|       |           |
|	 tun0	|___________172.16.21.1 Internet BTC__|
|		|                   |___________
| router Vyatta	|                   192.168.1.1
|		|
|  --LAN--	|
| 192.168.88.1	|
|  b	|	|___ 192.168.88.10 QOS download 40mbit upload 10mbit
|  r 	|--eth2	|___ 192.168.88.11 QOS download 25mbit upload 5mbit
|  i |	|___ 192.168.88.12 QOS download 20mbit upload 4mbit
|  d 	|--eth1	|___ 192.168.88.13 QOS download 20mbit upload 4mbit
|  g	|	|___ 192.168.88.14 QOS download 20mbit upload 4mbit
|  e	|--eth0	|___ 192.168.88.15 QOS download 20mbit upload 4mbit
|_______________|___ 192.168.88.128/25 QOS download 15mbit upload 2mbit
configure
set service ssh
 
set interfaces bridge br0 address 192.168.88.1/24
set interfaces ethernet eth0 bridge-group bridge br0
set interfaces ethernet eth1 bridge-group bridge br0
set interfaces ethernet eth2 bridge-group bridge br0
set interfaces ethernet eth3 mac 00:0C:42:54:F4:CB
set interfaces ethernet eth3 address 10.18.5.3/24 
 
set interfaces tunnel tun0 address 172.16.21.2/30
set interfaces tunnel tun0 encapsulation gre
set interfaces tunnel tun0 local-ip 10.18.5.3
set interfaces tunnel tun0 remote-ip 93.155.131.1
 
set protocols static route 0.0.0.0/0 next-hop 10.18.5.254
set protocols static route 0.0.0.0/0 next-hop 172.16.21.1
set protocols static route 212.233.128.0/17 next-hop 10.18.5.1
set protocols static route 10.0.0.0/8 next-hop 10.18.5.1
set protocols static route 93.155.131.0/28 next-hop 10.18.5.254
 
set system name-server 93.155.131.1
set system name-server 93.155.130.4
set service dns forwarding system
set service dns forwarding listen-on br0
 
set service nat rule 1 outbound-interface eth3
set service nat rule 1 outside-address address 10.18.5.3
set service nat rule 1 source address 192.168.88.0/24
set service nat rule 1 type source
 
set service nat rule 2 outbound-interface tun0
set service nat rule 2 outside-address address 172.16.21.2
set service nat rule 2 source address 192.168.88.0/24
set service nat rule 2 type source
 
set service dhcp-server shared-network-name SamiHome subnet 192.168.88.0/24 start 192.168.88.128 stop 192.168.88.254
set service dhcp-server shared-network-name SamiHome subnet 192.168.88.0/24 dns-server 192.168.88.1
set service dhcp-server shared-network-name SamiHome subnet 192.168.88.0/24 default-router 192.168.88.1
set service dhcp-server shared-network-name SamiHome subnet 192.168.88.0/24 domain-name samihome.itservice-bg.net
set service dhcp-server shared-network-name SamiHome subnet 192.168.88.0/24 static-mapping sami-local ip-address 192.168.88.10
set service dhcp-server shared-network-name SamiHome subnet 192.168.88.0/24 static-mapping sami-local mac-address 90:e6:ba:92:96:7c
set service dhcp-server shared-network-name SamiHome subnet 192.168.88.0/24 static-mapping sami-wifi ip-address 192.168.88.11
set service dhcp-server shared-network-name SamiHome subnet 192.168.88.0/24 static-mapping sami-wifi mac-address 00:1b:77:d6:db:3e
set service dhcp-server shared-network-name SamiHome subnet 192.168.88.0/24 static-mapping teri-laptop ip-address 192.168.88.12
set service dhcp-server shared-network-name SamiHome subnet 192.168.88.0/24 static-mapping teri-laptop mac-address 00:22:f7:01:19:95
set service dhcp-server shared-network-name SamiHome subnet 192.168.88.0/24 static-mapping eli ip-address 192.168.88.13
set service dhcp-server shared-network-name SamiHome subnet 192.168.88.0/24 static-mapping eli mac-address 00:26:9e:31:8b:29
set service dhcp-server shared-network-name SamiHome subnet 192.168.88.0/24 static-mapping stefan ip-address 192.168.88.14
set service dhcp-server shared-network-name SamiHome subnet 192.168.88.0/24 static-mapping stefan mac-address 00:1C:23:95:39:08
set service dhcp-server shared-network-name SamiHome subnet 192.168.88.0/24 static-mapping yani ip-address 192.168.88.15
set service dhcp-server shared-network-name SamiHome subnet 192.168.88.0/24 static-mapping yani mac-address 00:25:D3:C1:40:11
 
set service webproxy listen-address 192.168.88.1
set service webproxy cache-size 20000
set service webproxy disable-access-log
 
set firewall conntrack-table-size 50000000
set system host-name SamiHome
set system time-zone Europe/Sofia
 
set load-balancing wan interface-health eth3 failure-count 5
set load-balancing wan interface-health eth3 nexthop 10.18.5.254
set load-balancing wan interface-health eth3 test 10 type ping
set load-balancing wan interface-health eth3 test 10 target 10.18.5.254
 
set load-balancing wan interface-health tun0 failure-count 5
set load-balancing wan interface-health tun0 nexthop 172.16.21.1
set load-balancing wan interface-health tun0 test 10 type ping
set load-balancing wan interface-health tun0 test 10 target 192.168.1.1
 
set load-balancing wan rule 10 inbound-interface br0
set load-balancing wan rule 10 interface eth3
set load-balancing wan rule 10 interface tun0
 
set interfaces ethernet eth0 duplex full
set interfaces ethernet eth0 speed 100
set interfaces ethernet eth1 duplex full
set interfaces ethernet eth1 speed 100
set interfaces ethernet eth2 duplex full
set interfaces ethernet eth2 speed 100
set interfaces ethernet eth3 duplex full
set interfaces ethernet eth3 speed 1000
 
set qos-policy traffic-shaper SHAPER-OUT default bandwidth 1mbit
 
set qos-policy traffic-shaper SHAPER-OUT class 10 bandwidth 40mbit
set qos-policy traffic-shaper SHAPER-OUT class 10 match 0 ip destination address 192.168.88.10/32
set qos-policy traffic-limiter SHAPER-IN class 10 bandwidth 10mbit
set qos-policy traffic-limiter SHAPER-IN class 10 match 0 ip source address 192.168.88.10/32
 
set qos-policy traffic-shaper SHAPER-OUT class 11 bandwidth 25mbit
set qos-policy traffic-shaper SHAPER-OUT class 11 match 1 ip destination address 192.168.88.11/32
set qos-policy traffic-limiter SHAPER-IN class 11 bandwidth 5mbit
set qos-policy traffic-limiter SHAPER-IN class 11 match 1 ip source address 192.168.88.11/32
 
set qos-policy traffic-shaper SHAPER-OUT class 12 bandwidth 20mbit
set qos-policy traffic-shaper SHAPER-OUT class 12 match 2 ip destination address 192.168.88.12/32
set qos-policy traffic-limiter SHAPER-IN class 12 bandwidth 4mbit
set qos-policy traffic-limiter SHAPER-IN class 12 match 2 ip source address 192.168.88.12/32
 
set qos-policy traffic-shaper SHAPER-OUT class 13 bandwidth 20mbit
set qos-policy traffic-shaper SHAPER-OUT class 13 match 3 ip destination address 192.168.88.13/32
set qos-policy traffic-limiter SHAPER-IN class 13 bandwidth 4mbit
set qos-policy traffic-limiter SHAPER-IN class 13 match 3 ip source address 192.168.88.13/32
 
set qos-policy traffic-shaper SHAPER-OUT class 14 bandwidth 20mbit
set qos-policy traffic-shaper SHAPER-OUT class 14 match 4 ip destination address 192.168.88.14/32
set qos-policy traffic-limiter SHAPER-IN class 14 bandwidth 4mbit
set qos-policy traffic-limiter SHAPER-IN class 14 match 4 ip source address 192.168.88.14/32
 
set qos-policy traffic-shaper SHAPER-OUT class 15 bandwidth 20mbit
set qos-policy traffic-shaper SHAPER-OUT class 15 match 5 ip destination address 192.168.88.15/32
set qos-policy traffic-limiter SHAPER-IN class 15 bandwidth 4mbit
set qos-policy traffic-limiter SHAPER-IN class 15 match 5 ip source address 192.168.88.15/32
 
set qos-policy traffic-shaper SHAPER-OUT class 16 bandwidth 10mbit
set qos-policy traffic-shaper SHAPER-OUT class 16 match 6 ip destination address 192.168.88.128/25
set qos-policy traffic-limiter SHAPER-IN class 16 bandwidth 2mbit
set qos-policy traffic-limiter SHAPER-IN class 16 match 6 ip source address 192.168.88.128/25
 
set interfaces ethernet eth0 qos-policy in SHAPER-IN
set interfaces ethernet eth0 qos-policy out SHAPER-OUT
set interfaces ethernet eth1 qos-policy in SHAPER-IN
set interfaces ethernet eth1 qos-policy out SHAPER-OUT
set interfaces ethernet eth2 qos-policy in SHAPER-IN
set interfaces ethernet eth2 qos-policy out SHAPER-OUT
 
set service snmp community public authorization ro
 
commit
save

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

This Post Has One Comment

 1. Пешо

  Братчет тия неща нищо не ми говорат.Просто ние широкия кръг хора не сме програмисти.Помисли и за по неуките и напиши по подробно и разбрано.