본문 바로가기
과제

ansible-server->vyos

jiwonbae 2024. 3. 29. 17:46

vyos

vyos@vyos-150# sh na
 destination {
 }
 source {
 }
[edit]
vyos@vyos-150# set nat source rule 100 outbound-interface eth0
[edit]
vyos@vyos-150# set nat source rule 100 source address 192.168.149.0/24
[edit]
vyos@vyos-150# set nat source rule 100 translation address masquerade
[edit]
vyos@vyos-150# commit
[edit]
vyos@vyos-150# sh nat
 destination {
 }
 source {
     rule 100 {
         outbound-interface eth0
         source {
             address 192.168.149.0/24
         }
         translation {
             address masquerade
         }
     }
 }
[edit]

--dnat
vyos@vyos-150# set interfaces ethernet eth0 address 200.200.200.149/24            
[edit]
vyos@vyos-150# sh int
 ethernet eth0 {
     address 200.200.200.150/24
+    address 200.200.200.149/24
     description outside-1
     hw-id 00:0c:29:37:76:e9
 }
 ethernet eth1 {
     address 192.168.150.254/24
     description inside-dmz
     hw-id 00:0c:29:37:76:f3
 }
 ethernet eth2 {
     address 192.168.149.254/24
     description inside-user
     hw-id 00:0c:29:37:76:fd
 }
 loopback lo {
 }
vyos@vyos-150# set nat destination rule 200 destination address 200.200.200.149   
[edit]
vyos@vyos-150# set nat destination rule 200 inbound-interface eth0
[edit]
vyos@vyos-150# set nat destination rule 200 translation address 192.168.150.200
[edit]
vyos@vyos-150# commit
[edit]
vyos@vyos-150# sh nat
 destination {
     rule 200 {
         destination {
             address 200.200.200.149
         }
         inbound-interface eth0
         translation {
             address 192.168.150.200
         }
     }
 }
 source {
     rule 100 {
         outbound-interface eth0
         source {
             address 192.168.149.0/24
         }
         translation {
             address masquerade
         }
     }
 }
[edit]
vyos@vyos-150# save
Saving configuration to '/config/config.boot'...
Done
[edit]

외부로 통신  x

--snat
vyos@vyos-150# set nat source rule 200 outbound-interface eth0
[edit]
vyos@vyos-150# set nat source rule 200 source address 192.168.150.200
[edit]
vyos@vyos-150# set nat source rule 200 translation address 200.200.200.149
[edit]
vyos@vyos-150# commit
[edit]
vyos@vyos-150# sh nat
 destination {
     rule 200 {
         destination {
             address 200.200.200.149
         }
         inbound-interface eth0
         translation {
             address 192.168.150.200
         }
     }
 }
 source {
     rule 100 {
         outbound-interface eth0
         source {
             address 192.168.149.0/24
         }
         translation {
             address masquerade
         }
     }
     rule 200 {
         outbound-interface eth0
         source {
             address 192.168.150.200
         }
         translation {
             address 200.200.200.149
         }
     }
 }
[edit]

외부로 통신 o

[root@ansible-server ~]# vi /etc/ansible/ansible.cfg
[defaults]
host_key_checking = False
[root@ansible-server ~]# vi /etc/ansible/hosts
[vyos]
200.200.200.245

[vyos:vars]
ansible_python_interpreter=/usr/bin/python3
ansible_user=vyos
ansible_ssh_pass=vyos
ansible_network_os=vyos
ansible_connection=network_cli
[root@ansible-server ~]# vi vyos_setting.yml
---
- name: vyos setting 
  hosts: vyos
  connection: network_cli
  gather_facts: 'no'

  tasks:
    - name: for idempotency, use full-form commands
      vyos.vyos.vyos_config:
        lines:
        - set interface ethernet eth2 description 'eth2 test'
[root@ansible-server ~]# ansible-playbook -i /etc/ansible/hosts vyos_setting.yml -k
SSH password:

PLAY [vyos setting] ***********************************************************************

TASK [for idempotency, use full-form commands] ********************************************
[WARNING]: To ensure idempotency and correct diff the input configuration lines should be
similar to how they appear if present in the running configuration on device
changed: [200.200.200.150]

PLAY RECAP ********************************************************************************
200.200.200.150            : ok=1    changed=1    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0

[root@ansible-server ~]# vi ansible-playbook-test-02.yml
---
- name: ansible-playbook-test-02
  hosts: vyos
  tasks:
    - name: copy file to remote server
      copy:
        src: ~/test.txt
        dest: ~/test.txt

[root@ansible-server ~]# ansible-playbook ansible-playbook-test-02.yml -k
SSH password:

PLAY [ansible-playbook-test-02] ***********************************************************

TASK [Gathering Facts] ********************************************************************
ok: [200.200.200.150]

TASK [copy file to remote server] *********************************************************
ok: [200.200.200.150]

PLAY RECAP ********************************************************************************
200.200.200.150            : ok=2    changed=0    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0

--vyos
vyos@vyos-150# ls
test.txt
저작자표시 비영리 변경금지

'과제' 카테고리의 다른 글

vagrant ansible-server  (0) 2024.03.28
연습문제 - RockyLinux  (1) 2024.03.26
step 3-5  (1) 2024.03.22
파일명 검색받아서 디렉터리면 복사 X , 파일만 지정된 위치에 복사  (0) 2024.03.21
파일명을 입력받으면 해당 파일의 형식을 표시해주는 스크립트  (0) 2024.03.21

'과제' Related Articles

티스토리툴바