我正在尝试configurationSRX路由器,以通过我在美国的代理服务器自动转发所有stream量。 我已经创build了一个单独的VLAN并configuration了代理,但不知道如何通过这个路由所有stream量。
这个任务的目的是创build一个testingnetworking,使用户出现在代理服务器的位置。 (与代理的外部IP地址)
这是可能的,我应该如何做到这一点。 我以正确的方式接近这个吗?
谢谢
以下是我通常在JunOS上做这个的方法。 您在SRX上并不重要,但请记住NAT规则仍然适用。
我build议你不要把代理服务器放在与客户端相同的VLAN上。 它可以做一个很好的路由循环。
set routing-options interface-routes rib-group inet IMPORT-PHY set routing-options rib-groups IMPORT-PHY import-rib inet.0 set routing-options rib-groups IMPORT-PHY import-rib to-proxy.inet.0 set firewall family inet filter to-proxy term one from destination-port 80 set firewall family inet filter to-proxy term one from destination-port 443 set firewall family inet filter to-proxy term one then count to-proxy set firewall family inet filter to-proxy term one then log set firewall family inet filter to-proxy term one then routing-instance to-proxy set firewall family inet filter to-proxy term two then count to-default-route set firewall family inet filter to-proxy term two then log set firewall family inet filter to-proxy term two then accept set routing-instances to-proxy instance-type forwarding set routing-instances to-proxy routing-options static route 0.0.0.0/0 next-hop XXXX 然后,将该filter作为家庭inetfilter应用于接口,在您的情况下为VLAN接口。
set interfaces vlan.0 family inet filter input to-proxy
请记住,我的示例只会将端口80/443捕获到代理服务器,如果您有其他应用程序,或者您希望对整个子网执行此操作,则可以在源或目标IP地址上匹配filter,或者只发送一切。
如果要将所有stream量从该VLAN发送到代理服务器,请使用以下几行:
set routing-options interface-routes rib-group inet IMPORT-PHY set routing-options rib-groups IMPORT-PHY import-rib inet.0 set routing-options rib-groups IMPORT-PHY import-rib to-proxy.inet.0 set firewall family inet filter to-proxy term one then count to-proxy set firewall family inet filter to-proxy term one then log set firewall family inet filter to-proxy term one then routing-instance to-proxy set routing-instances to-proxy instance-type forwarding set routing-instances to-proxy routing-options static route 0.0.0.0/0 next-hop XXXX