要说免费使用的防火墙那多了,但都不开源,而我更喜欢开源的,能学到东西。
可下到源代码
IPCop
http://sourceforge.net/projects/ipcop/develop
可以下载源代码。
svn co https://ipcop.svn.sourceforge.net/svnroot/ipcop ipcop
EFW
http://www.endian.com/
这个比较大,600M源码包,非常全。
Vyatta
基于debian
http://www.vyatta.org/downloads
目前这个是我发现的有专门针对虚拟化平台优化的版本。
http://www.vyatta.org/getting-started/how-to-install
Installing Vyatta Core in a Virtualized Environment
If you’re deploying Vyatta Core on a hypervisor such as VMWare ESX/ESXi or Citrix XenServer,
you’ll want to use the Vyatta virtualization ISO (virt-ISO).
Similar to the LiveCD ISO, the virt-ISO provides a bootable ISO,
except it also includes virtual machine tools and other optimizations
to deliver the best possible experience for users running Vyatta on a virtual machine.
Using the vSphere Client, create a new VM
- Configuration: Custom
- Name: “vyatta”
- Datastore: default
- Virtual Machine Version: 7
- Guest OS: Linux/Other 2.6x Linux
- CPU: “1”
- Memory: “512”
- Network: “2” / vmxnet3
- SCSI Controller: default
- Select a Disk: default
- Create a Disk: “4”GB (thin provisioning and independent / persistent mode)
- Advanced Options: Enable “Support VMI Paravirtualization”
使用了
open-vm-tools
ec2-api-tools 是不是可以通过api来管理此虚拟机,或者获得性能等。ec2-api是什么东东?
获取源代码
http://www.vyatta.org/downloads/source-code
git clone http://git.vyatta.com/build-iso.git
cd build-iso
注意要先调整到一个分支或者tag
build-iso$ git branch –track <branch> origin/<branch>
build-iso$ git checkout <branch>
或者
git checkout tagv1
获取子模块的代码
git submodule init
git submodule update pkgs/SUBMODULE
克隆所有模块
git submodule update
install
启动虚拟机,用缺省的用户名/密码 vyatta/vyatta登陆系统
install image 基于image安装,推荐,可以切换image
install system 基于disk安装,传统硬盘安装方式
There are two types of installations that can be performed on a persistent device:
• Image-based install. The simplest, most flexible, and most powerful way to
install a Vyatta system is using a binary system image. With this method, you can
install multiple versions of the Vyatta system as images and switch between the
images simply and easily. You install the image from a LiveCD then you reboot
your system and it runs the image.
• Disk-based install. A disk-based install also installs from a LiveCD onto a
persistent device such as a hard disk partition. However, unlike an image-based
install, a disk-based install uses a traditional layout of files on the disk.
Additional system images may be added at a later time to a system created using
a disk-based install.
nstall-image (is what I would suggest btw) is using squashfs and is capable of booting/running multiple images of versions
真让我好找,找了一天,终于找到安装脚本了,在pkgs/vyatta-cfg-system
debian install
这个貌似比较重要,vyatta之所以看不太明白,应该是对d-i不了解。
看看internal
http://d-i.alioth.debian.org/doc/internals/
配置ip
vyatta@vyatta:~$ configure
vyatta@vyatta# set interfaces ethernet eth0 address 192.168.1.81/24
vyatta@vyatta# commit
vyatta@vyatta# exit
启动webui
vyatta@R1# set service https
不过需要商业版才能使用webui
linux-image
vyatta的内核配置
/home/liwei/work/src_analysis/tag_vyatta_src/pkgs/linux-image/debian/arch/i386/config.586-vyatta-virt