一、設定wan ip
IP->Address->新增
Address:10.10.X.1/29
Network:10.10.x.0
Interface:wan
二、設定lan ip
IP->Address->新增
Address:163.23.x.x/26
Network:163.23.x.x
Interface:lan
三、路由設定
IP->Routes->新增
General
Dst.Address:0.0.0.0/0
Gateway:10.10.x.4
四、設定DNS
IP->DNS
168.95.1.1
163.23.200.1
五、Nat
(1)對內偽裝
IP->Firewall
NAT->新增
General
Chain:srcnat
Src.Address:內部的虛擬網段(如192.168.1.0/24),也可在「advanced下,寫入Src.Address List內」
Action
Action:masquerade(偽裝)
(2)對外以真實IP出去
IP->Firewall
NAT->新增
General
Chain:srcnat
Src.Address:內部的虛擬網段(如192.168.1.0/24)
Action
Action:src-nat
To Addresses:163.23.x.x
(3)校時使用真實IP出去
IP->Firewall
NAT->新增
Chain:srcnat
Src.Address:10:10.x.1
Action
Action:src-nat
To Addresses:163.23.x.x
六、DHCP
IP->DHCP Server->DHCP Setup->選定lan->輸入虛擬網段192.168.1.0/24->gateway192.168.1.1->give out(欲分配的IP範圍)->dns 168.95.1.1->分配時間
最後,記得去偽裝,還有設定該lan port的IP Address為192.168.1.1
七、IPv6
(1)wan ip
IPv6->Address>新增
Address:2001:288:xxxx::371/124
Interface:wan
(2)lan ip
IPv6->Address>新增
Address:2001:288:xxxx::1/64
Interface:lan
(3)Routes
IPv6->Routes->新增
General
Dst. Address: ::/0
Gateway:2001:288:xxxx::374
(4)再去設定各port的IP
IPv6->Address>新增
Address:2001:288:xxxx:1::1/64
Interface:port1
Address:2001:288:xxxx:2::1/64
Interface:port2
沒有留言:
張貼留言