2,187
edits
Difference between revisions of "Vyatta"
Jump to navigation
Jump to search
Added Google Ad
m (→TCPdump: Corrections and addition of link to TCPdump manual) |
(Added Google Ad) |
||
| (5 intermediate revisions by the same user not shown) | |||
| Line 1: | Line 1: | ||
{{#widget:Widget:GoogleAdSenseSkyscraper}} | |||
Unix based Open Source firewall router that sees itself in competition with Cisco. The firewall module is not on by default, so once interfaces are defined it will pass traffic freely. All configuration is done via the CLI <ref>There was a web interface available with the free version (which was just a pretty version of the CLI anyway), but this now only available via the paid-for version due to its use of the [[Acronyms#R|REST]] [[Acronyms#A|API]] (which is a premium feature).</ref>. | Unix based Open Source firewall router that sees itself in competition with Cisco. The firewall module is not on by default, so once interfaces are defined it will pass traffic freely. All configuration is done via the CLI <ref>There was a web interface available with the free version (which was just a pretty version of the CLI anyway), but this now only available via the paid-for version due to its use of the [[Acronyms#R|REST]] [[Acronyms#A|API]] (which is a premium feature).</ref>. | ||
| Line 51: | Line 52: | ||
#* <code> show system name-server </code> | #* <code> show system name-server </code> | ||
#* <code> show system domain-search </code> | #* <code> show system domain-search </code> | ||
=== SNMP Server === | |||
To set up the SNMP service and allow a polling server to interact with (for example perform SNMP Gets, etc) with the router | |||
# Go into configuration mode | |||
#* <code> configure </code> | |||
# Create a SNMP community (don't use public!) | |||
#* <code> set service snmp community public </code> | |||
# Create a SNMP client that's allowed to make SNMP requests | |||
#* <code> set service snmp community public client 192.168.1.25 </code> | |||
# Apply changes and move back up to top-level part of config | |||
#* <code> commit </code> | |||
To set up SNMP trapping (assumes you're already in config mode) | |||
# Configure a trap destination (repeat for further destinations) | |||
#* <code> set service snmp trap‐target 192.168.10.199 </code> | |||
# Apply changes | |||
#* <code> commit </code> | |||
If you have the firewall enabled, you'll need to allow SNMP traffic in, eg | |||
<pre> | |||
set firewall name eth0-local rule 70 description 'VYATTA SNMP' | |||
set firewall name eth0-local rule 70 action 'accept' | |||
set firewall name eth0-local rule 70 destination port '161' | |||
set firewall name eth0-local rule 70 protocol 'udp' | |||
set firewall name eth0-local rule 70 source address '192.168.1.25' | |||
</pre> | |||
== Configuration == | == Configuration == | ||
| Line 190: | Line 217: | ||
delete service nat rule 42 | delete service nat rule 42 | ||
== Troubleshooting == | == Troubleshooting and General Commands == | ||
{|class="vwikitable" | {|class="vwikitable" | ||
|- | |- | ||
! Command !! Comments | ! Command !! Comments | ||
|- | |||
|<code> reboot </code> || | |||
|- | |||
|<code> shutdown </code> || | |||
|- | |- | ||
|<code> show arp </code> || | |<code> show arp </code> || | ||
| Line 213: | Line 244: | ||
|<code> show flow-accounting interface eth0 host 10.1.1.1 </code> || Show flow accounting for specific IP through <code> eth0 </code> | |<code> show flow-accounting interface eth0 host 10.1.1.1 </code> || Show flow accounting for specific IP through <code> eth0 </code> | ||
|} | |} | ||
=== Unable to Commit Interface Change (RTNETLINK) === | |||
When trying to commit interface changes you receive an error like... | |||
<pre>admin@router# commit | |||
[ interfaces ethernet eth1 address ] | |||
RTNETLINK answers: File exists | |||
Commit failed</pre> | |||
A <code> show interfaces </code> shows the config to be correct, but a <code> show configuration </code> shows that the config hasn't been saved properly. | |||
To resolve - restart the router (<code>reboot</code>). | |||
On restart the conflicted part of the configuration is lost (so can no longer be seen via <code> show interfaces </code>). However it can be reapplied, and shouldn't generate an error this time around. | |||
=== TCPdump === | === TCPdump === | ||
| Line 237: | Line 282: | ||
== Notes == | == Notes == | ||
<references /> | <references /> | ||
[[Category:Vyatta]] | |||