Linux:VyOS: Difference between revisions

Commands are for Vyos 1.4 unless otherwise noted.

Commandline

Basics

# Enter configuration mode
configure

# Commit changed configuration to RAM
commit

# Discard uncommitted changes
discard

# Save committed changes
save

# Exit the configuration mode
exit

# Use delete and then the already configured command, to remove/delete/undo said configured command
delete

# Use ? to list available parameters for a command:
vyos@vyos# set
Possible completions:
 > cluster      Clustering
 > container    Container applications
 > firewall     Firewall
 > high-availability
                High availability settings
 > interfaces   Network interfaces
...
...

Checks

# Show the routers' full configuration
show

# Show interface configuration
show interfaces

# Show OS version
show version

Configuration

Common

# Configure a hostname for this router
set system host-name LinuxRouter

# Configure DNS servers
set system name-server 176.9.37.132
set system name-server 195.10.195.195

# Create a default route for this router, pointing to 1.2.3.4
set protocols static route 0.0.0.0/0 next-hop 1.2.3.4

SSH

# Enable SSH by configuring a port to listen on
set service ssh port <port>

# Add an ed25519 key to the vyos user, with the description of 'doomguy'
set system login user vyos authentication public-keys 'doomguy' type ssh-ed25519
set system login user vyos authentication public-keys 'doomguy' key AAAAC3NzaC1128iqaushdkjah12873iqghdkahsk

# Optionally disable password authentication
set service ssh disable-password-authentication

# Optionally set an IP to listen on
set service ssh listen-address 192.168.77.202

DHCP-relay

• https://docs.vyos.io/en/latest/configuration/service/dhcp-relay.html

# Set the interfaces where the DHCP-server listens on and where the client lives
set service dhcp-relay interface eth1
set service dhcp-relay interface eth0

# Configure the IP of the DHCP-server
set service dhcp-relay server 10.0.0.20

# Discard packets coming from a relay-agent, so you only keep packets coming directly from DHCP-clients
set service dhcp-relay relay-options relay-agents-packets discard

Network

Interfaces

# Give interface eth0 an IP-adress and description
set interfaces ethernet eth1 address '10.0.0.1/24'
set interfaces ethernet eth1 description 'Local network gateway'

Network Address Translation (NAT)

# Set an interface as outbound
set nat source rule 100 outbound-interface 'eth0'

# Set an internal range to NAT for
set nat source rule 100 source address 10.0.0.0/8

# The method of NAT translation is masquerade as the IP (on eth0)
set nat source rule 100 translation address masquerade

Port-forward

The example below is a basic configuration for a port-forward listening on the WAN interface 1022, forwarding to a host on the LAN for SSH access

Firewall

# Set this firewall rule to accept
set firewall name 'rockylinuxssh' rule 65 action accept

# Enable the firewall rule
set firewall name 'rockylinuxssh' rule 65 state new enable

# Set protocol to allow through this rule
set firewall name 'rockylinuxssh' rule 65 protocol 'tcp_udp'

# Set the IP of the host on the local network, to port-forward to
set firewall name 'rockylinuxssh' rule 65 destination address 10.0.0.10

# Set the port to forward to, of the host on the local network
set firewall name 'rockylinuxssh' rule 65 destination port 22

NAT rule

# Give a name to the NAT rule
set nat destination rule 65 description 'ROCKYLINUXFORWARDSSH'

# Set the port to listen on
set nat destination rule 65 destination port 1022

# Set the interface to listen on
set nat destination rule 65 inbound-interface 'eth0'

# Set the protocol to translate to
set nat destination rule 65 protocol 'tcp_udp'

# Set the IP-address to forward to, when earlier configured communication happens on eth0 port 1022
set nat destination rule 65 translation address 10.0.0.10

# Set the port to forward to, when earlier configured communication happens on eth0 port 1022
set nat destination rule 65 translation port 22