Difference between revisions of "Vyatta"
Jump to navigation
Jump to search
m (Added "DNS Client") |
m (Added firewall example) |
||
| Line 34: | Line 34: | ||
#* <code> show system name-server </code> | #* <code> show system name-server </code> | ||
#* <code> show system domain-search </code> | #* <code> show system domain-search </code> | ||
== Configuration == | |||
=== Firewall === | |||
If an interface has no firewall config, then it passes all traffic. Once any firewall config is applied then that interface acts as a firewall. | |||
<pre> | |||
vyatta@vyatta:~$ configure | |||
vyatta@vyatta# set firewall name home_out rule 10 action accept | |||
vyatta@vyatta# set firewall name home_out rule 10 description "VC client access" | |||
vyatta@vyatta# set firewall name home_out rule 10 destination address 10.1.1.5 | |||
vyatta@vyatta# set firewall name home_out rule 10 destination port 80,443,8084,8443,9084 | |||
vyatta@vyatta# set firewall name home_out rule 10 protocol tcp | |||
vyatta@vyatta# set interfaces ethernet eth0 firewall in name home_out | |||
vyatta@vyatta# commit | |||
vyatta@vyatta# exit | |||
vyatta@vyatta:~$ show firewall home_out | |||
Active on (eth0,IN) | |||
State Codes: E - Established, I - Invalid, N - New, R - Related | |||
rule action source destination proto state | |||
---- ------ ------ ----------- ----- ----- | |||
10 ACCEPT 0.0.0.0/0 10.1.1.5 tcp any | |||
dst ports: 80,443,8084,8443,9084 | |||
1025 DROP 0.0.0.0/0 0.0.0.0/0 all any | |||
</pre> | |||
Revision as of 08:30, 30 November 2009
Unix based Open Source firewall router that see itself in competition with Cisco. The firewall module is not on by default, so once interfaces are defined it will pass traffic freely. All configuration is done via the CLI (there is a web interface, but its just a pretty version of the CLI.
Set-up
Installation and Basic Set-up
- Download the LiveOS ISO
- Create Red Hat RHEL5 (32 bit) VM with
- 2GB hard drive
- 2x E1000 NIC
- 128MB RAM
- Connect ISO and allow to boot fully
- Login as
root / vyatta - To install to local disk, run the install script with the following command
install-system- Accept all defaults
- Reboot and disconnect ISO
- Login and run following commands to set IP
configureset interfaces ethernet eth0 address 192.168.1.10/24(repeat for other interfaces)
- Enable remote ssh access
set service ssh
- Commit changes and save
commitsaveexit
DNS Client
- To set DNS servers, use following command (repeat for more servers)
set system name-server 172.16.0.34
- To set DNS suffix search order, in order of preference (1st entered is 1st used)
set system domain-search domain mydomain.com
- To review config
show system name-servershow system domain-search
Configuration
Firewall
If an interface has no firewall config, then it passes all traffic. Once any firewall config is applied then that interface acts as a firewall.
vyatta@vyatta:~$ configure
vyatta@vyatta# set firewall name home_out rule 10 action accept
vyatta@vyatta# set firewall name home_out rule 10 description "VC client access"
vyatta@vyatta# set firewall name home_out rule 10 destination address 10.1.1.5
vyatta@vyatta# set firewall name home_out rule 10 destination port 80,443,8084,8443,9084
vyatta@vyatta# set firewall name home_out rule 10 protocol tcp
vyatta@vyatta# set interfaces ethernet eth0 firewall in name home_out
vyatta@vyatta# commit
vyatta@vyatta# exit
vyatta@vyatta:~$ show firewall home_out
Active on (eth0,IN)
State Codes: E - Established, I - Invalid, N - New, R - Related
rule action source destination proto state
---- ------ ------ ----------- ----- -----
10 ACCEPT 0.0.0.0/0 10.1.1.5 tcp any
dst ports: 80,443,8084,8443,9084
1025 DROP 0.0.0.0/0 0.0.0.0/0 all any