实现: 192.168.2.1和 192.168.2.2 访问公网通过untrust eth2,
192.168.2.1和 192.168.2.2 访问eth3的mip通过eth3的接口地址
其它内网IP地址访问公网通过untrust eth3
192.168.3.0/24 ping外网通过eth2
说明: 没有设置ECMP来做链路负载.这不是本文的重点.
set interface ethernet2 ip 1.1.1.1/30
set interface ethernet2 route
set interface ethernet3 ip 2.2.2.1/24
set interface ethernet3 route
set interface ethernet4 ip 192.168.0.1/16
set interface ethernet4 nat
set interface “ethernet3” mip?2.2.2.100 host 192.168.1.100 netmask 255.255.255.255 vr “trust-vr”
set vrouter “trust-vr”
set source-routing enable
unset add-default-route
set route 0.0.0.0/0 interface ethernet3 gateway?2.2.2.254 preference 20
set route 0.0.0.0/0 interface ethernet2 gateway?1.1.1.2? ?preference 20 metric 20
set route source 192.168.2.1/32 interface ethernet2 gateway 1.1.1.2 preference 20
set route source 192.168.2.2/32 interface ethernet2 gateway 1.1.1.2 preference 20
set access-list extended 1 src-ip 192.168.2.1/32 dst-ip 2.2.2.1/24 entry 1
set access-list extended 1 src-ip 192.168.2.2/32 dst-ip 2.2.2.1/24 entry 2
set access-list extended?2 src-ip 192.168.3.0/24 dst-ip 0.0.0.0/0 protocol icmp?entry 2
set match-group name MIP
set match-group MIP ext-acl 1 match-entry 1
set match-group name icmp
set match-group icmp ext-acl 2 match-entry 1
set action-group name UU
set action-group UU next-interface ethernet3 next-hop 2.2.2.1 action-entry 1
set action-group name icmp
set action-group icmp next-interface ethernet2 next-hop?1.1.1.2 action-entry 1
set pbr policy name UUMIP
set pbr policy UUMIP match-group MIP action-group?UU 1
set pbr policy UUMIP match-group icmp action-group icmp 2
exit
set interface ethernet4 pbr UUMIP