|
NGX R65 Bridge mode 的测试结果
配置环境:
PC1---------FW -----PC2
PC1 10.60.56.20 FW 10.60.56.3 PC2 10.60.56.30
桥模式配置成功后的状态:
[Expert@FWA]# brctl show
bridge name bridge id STP enabled interfaces
br0 8000.001921a65bab no eth0
eth2
show接口信息:
Choose a connection to display ('e' to exit):
------------------------------------------------------------------
1) br0
2) eth0
3) eth1
4) eth2
5) lo
------------------------------------------------------------------
(Note: configuration changes are automatically saved)
Your choice:1
br0 ip: 10.60.56.3, broadcast: 10.60.56.255, netmask: 255.255.255.0
bridge name bridge id STP enabled interfaces
br0 8000.001921a65bab no eth0
eth2
上文br0是配置桥接口的地址10.60.56.3
Eth0和eth2是Bridge接口,这是很重要的概念。
接口信息
[Expert@FWA]# ifconfig -a
br0 Link encap:Ethernet HWaddr 00:19:21:A6:5B:AB
inet addr:10.60.56.3 Bcast:10.60.56.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:4612 errors:0 dropped:0 overruns:0 frame:0
TX packets:2795 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:572885 (559.4 Kb) TX bytes:2551356 (2.4 Mb)
eth0 Link encap:Ethernet HWaddr 00:EE:EE:02:96:FC
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:9197 errors:77 dropped:0 overruns:0 frame:119
TX packets:9599 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:991947 (968.6 Kb) TX bytes:9940606 (9.4 Mb)
Interrupt:18 Base address:0xc00
eth1 Link encap:Ethernet HWaddr 00:EE:EE:02:8B:F2
inet addr:192.168.56.1 Bcast:192.168.56.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:16029 errors:0 dropped:0 overruns:0 frame:0
TX packets:17564 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:1883330 (1.7 Mb) TX bytes:14918004 (14.2 Mb)
Interrupt:20 Base address:0xd800
eth2 Link encap:Ethernet HWaddr 00:19:21:A6:5B:AB
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:8426 errors:2 dropped:0 overruns:0 frame:0
TX packets:6605 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:8030989 (7.6 Mb) TX bytes:967109 (944.4 Kb)
Interrupt:20 Base address:0xd400
配置方式:
[FWA]# sysconfig
Choose a configuration item ('e' to exit):
------------------------------------------------------------------
1) Host name 4) Time and Date 7) DHCP Server Configuration 10) Products Installation
2) Domain name 5) Network Connections 8) DHCP Relay Configuration 11) Products Configuration
3) Domain name servers 6) Routing 9) Export Setup
------------------------------------------------------------------
(Note: configuration changes are automatically saved)
Your choice: 5
Choose a network connections configuration item ('e' to exit):
------------------------------------------------------------------
1) Add new connection 3) Remove connection 5) Show connection configuration
2) Configure connection 4) Select management connection
------------------------------------------------------------------
(Note: configuration changes are automatically saved)
Your choice:1 添加新的链接配置
注意:
1. 配置之前,要选择一个管理接口,该接口不能配置成桥模式接口
2. 桥模式接口不要配置IP地址,但是要给这两接口生成的桥接口配置ip地址
3. 配置完成后请在防火墙属性中,把Topology重新get一遍,并修改其中链接外网桥接口为external.
配置完成:
测试项目:
1. NAT
2. VPN SSL VPN , RemoteAccess VPN
配置桥模式后,两个桥接口的地址变成 Br0口的地址 10.60.56.3
因此VPN的地址就为该地址
选择指定的地址。
经过测试NAT 测试通过, SSL VPN, ipsec RemoteAccess没有问题,site2site VPN很少用。 |
|