Vyatta: Difference between revisions
Jump to navigation
Jump to search
m (Added firewall example) |
m (Added "Firewall") |
||
| Line 16: | Line 16: | ||
#* Accept all defaults | #* Accept all defaults | ||
# Reboot and disconnect ISO | # Reboot and disconnect ISO | ||
# Login and run following commands to set IP | # Login and run the following commands to set IP address and default gateway | ||
#* <code> configure </code> | #* <code> configure </code> | ||
#* <code> set interfaces ethernet eth0 address 192.168.1.10/24 </code> (repeat for other interfaces) | #* <code> set interfaces ethernet eth0 address 192.168.1.10/24 </code> (repeat for other interfaces) | ||
#* <code> set system gateway-address 192.168.10.1 </code> | |||
# Enable remote ssh access | # Enable remote ssh access | ||
#* <code> set service ssh </code> | #* <code> set service ssh </code> | ||
| Line 36: | Line 37: | ||
== Configuration == | == Configuration == | ||
=== Basic Commands === | |||
In similar fashion to Cisco IOS, configuration has to be entered in config mode, and the configuration can only be viewed in Operator mode. | |||
=== Firewall === | === Firewall === | ||
If an interface has no firewall config, then it passes all traffic. Once any firewall config is applied then that interface acts as a firewall. | If an interface has no firewall config, then it passes all traffic. Once any firewall config is applied then that interface acts as a firewall. | ||
Revision as of 15:18, 1 December 2009
Unix based Open Source firewall router that see itself in competition with Cisco. The firewall module is not on by default, so once interfaces are defined it will pass traffic freely. All configuration is done via the CLI (there is a web interface, but its just a pretty version of the CLI.
Set-up
Installation and Basic Set-up
- Download the LiveOS ISO
- Create Red Hat RHEL5 (32 bit) VM with
- 2GB hard drive
- 2x E1000 NIC
- 128MB RAM
- Connect ISO and allow to boot fully
- Login as
root / vyatta - To install to local disk, run the install script with the following command
install-system- Accept all defaults
- Reboot and disconnect ISO
- Login and run the following commands to set IP address and default gateway
configureset interfaces ethernet eth0 address 192.168.1.10/24(repeat for other interfaces)set system gateway-address 192.168.10.1
- Enable remote ssh access
set service ssh
- Commit changes and save
commitsaveexit
DNS Client
- To set DNS servers, use following command (repeat for more servers)
set system name-server 172.16.0.34
- To set DNS suffix search order, in order of preference (1st entered is 1st used)
set system domain-search domain mydomain.com
- To review config
show system name-servershow system domain-search
Configuration
Basic Commands
In similar fashion to Cisco IOS, configuration has to be entered in config mode, and the configuration can only be viewed in Operator mode.
Firewall
If an interface has no firewall config, then it passes all traffic. Once any firewall config is applied then that interface acts as a firewall.
vyatta@vyatta:~$ configure
vyatta@vyatta# set firewall name home_out rule 10 action accept
vyatta@vyatta# set firewall name home_out rule 10 description "VC client access"
vyatta@vyatta# set firewall name home_out rule 10 destination address 10.1.1.5
vyatta@vyatta# set firewall name home_out rule 10 destination port 80,443,8084,8443,9084
vyatta@vyatta# set firewall name home_out rule 10 protocol tcp
vyatta@vyatta# set interfaces ethernet eth0 firewall in name home_out
vyatta@vyatta# commit
vyatta@vyatta# exit
vyatta@vyatta:~$ show firewall home_out
Active on (eth0,IN)
State Codes: E - Established, I - Invalid, N - New, R - Related
rule action source destination proto state
---- ------ ------ ----------- ----- -----
10 ACCEPT 0.0.0.0/0 10.1.1.5 tcp any
dst ports: 80,443,8084,8443,9084
1025 DROP 0.0.0.0/0 0.0.0.0/0 all any