- 論壇徽章:
- 0
|
![]()
實現(xiàn): 192.168.2.1和 192.168.2.2 訪問公網(wǎng)通過untrust eth2,
192.168.2.1和 192.168.2.2 訪問eth3的mip通過eth3的接口地址
其它內(nèi)網(wǎng)IP地址訪問公網(wǎng)通過untrust eth3
192.168.3.0/24 ping外網(wǎng)通過eth2
說明: 沒有設置ECMP來做鏈路負載.這不是本文的重點.
set interface ethernet2 ip 1.1.1.1/30
set interface ethernet2 route
set interface ethernet3 ip 2.2.2.1/24
set interface ethernet3 route
set interface ethernet4 ip 192.168.0.1/16
set interface ethernet4 nat
set interface "ethernet3" mip 2.2.2.100 host 192.168.1.100 netmask 255.255.255.255 vr "trust-vr"
set vrouter "trust-vr"
set source-routing enable
unset add-default-route
set route 0.0.0.0/0 interface ethernet3 gateway 2.2.2.254 preference 20
set route 0.0.0.0/0 interface ethernet2 gateway 1.1.1.2 preference 20 metric 20
set route source 192.168.2.1/32 interface ethernet2 gateway 1.1.1.2 preference 20
set route source 192.168.2.2/32 interface ethernet2 gateway 1.1.1.2 preference 20
set access-list extended 1 src-ip 192.168.2.1/32 dst-ip 2.2.2.1/24 entry 1
set access-list extended 1 src-ip 192.168.2.2/32 dst-ip 2.2.2.1/24 entry 2
set access-list extended 2 src-ip 192.168.3.0/24 dst-ip 0.0.0.0/0 protocol icmp entry 2
set match-group name MIP
set match-group MIP ext-acl 1 match-entry 1
set match-group name icmp
set match-group icmp ext-acl 2 match-entry 1
set action-group name UU
set action-group UU next-interface ethernet3 next-hop 2.2.2.1 action-entry 1
set action-group name icmp
set action-group icmp next-interface ethernet2 next-hop 1.1.1.2 action-entry 1
set pbr policy name UUMIP
set pbr policy UUMIP match-group MIP action-group UU 1
set pbr policy UUMIP match-group icmp action-group icmp 2
exit
set interface ethernet4 pbr UUMIP
本文來自ChinaUnix博客�����,如果查看原文請點:http://blog.chinaunix.net/u/21125/showart_1386175.html |
|
免費注冊
發(fā)表于 2008-11-07 14:37