topsec防火墙命令行配置adsl

topsec防火墙是支持ADSL的，虽然有点大材小用了，但理论上只要是PPPOE网络都可以这样配置，比无线路由器稳定。我配置的NGFGarea有8个以太口，我用eth0连接adsl modem,通过配置NAT转换给局域网lan1提供数据（lan1包含eth1-eth7）。有些地方比如dhcp配置还是结合webui界面吧。

1)eth0配置拨号adsl

TopsecOS#

network adsl set dev eth0 username 300000123456 passwd x1y2b3m4 attribute adsl

TopsecOS#

network adsl show config

network adsl show running

network adsl stop

network adsl start

2)定义wan/lan区域

define area add name adsl-2013 attribute adsl access on

define area add name lan1 attribute 'eth1 eth2 eth3 eth4 eth5 eth6 eth7' access on

3) 配置nat

nat policy add srcarea 'lan1' dstarea 'adsl-2013' trans_src adsl

nat policy show

4) 拨号

network adsl start

注意不能在物理接口配置页面将eth0口与adsl属性绑定，否则无法拨号成功。

5)配置lan1允许访问webui,ping,dhcp,telnet服务

pf service show

pf service add name dhcp area lan1 addressname any
pf service add name webui area lan1 addressname any
pf service add name ping area lan1 addressname any
pf service add name telnet area lan1 addressname any

将lan1划分一个vlan规划一段IP,vlan配置网关IP(192.168.100.254)

#network vlan add id 1

#network interface vlan.0001 ip add 192.168.100.254 mask 255.255.255.0

#network interface vlan.1 show

#network interface eth4 show

#network interface eth1 show

在vlan.0001上开启DHCP(192.168.100.100-200)，虽然命令行能实现，但webui图形界面配置会更方便些。

#network dhcp server add_subnet subnet 192.168.100.0 submask 255.255.255.0 sub_start 192.168.100.100 sub_end 192.168.100.200  gateway 192.168.100.254 def-lease-day 7  max-lease-day 7  pri_dns 8.8.8.8 sec_dns 202.106.196.115

#network dhcp server start on vlan.0001

#network dhcp show config

firewall policy show

配置eth1

#network interface eth1 switchport

#network interface eth1 switchport mode access   设置为交换接口

#network interface eth1 switchport access-vlan 1

#network interface eth1 switchport access allowed-vlan 0001 设置接口属于vlan1

再配置eth2

network interface eth2 switchport

network interface eth2 switchport mode access   设置为交换接口

network interface eth2 switchport access-vlan 1

network interface eth2 switchport access allowed-vlan 0001 设置接口属于vlan1

给eth3-eth7同样的配置

6)检查eth1口配置

network interface eth1 show configuration

如果之前eth1配置过ip,用下面的命令删除

network interface eth1 ip delete 192.168.1.244

相关日志