Linux:VyOS: Difference between revisions

From Cheatsheet
Jump to navigationJump to search
VisualWikitext
No edit summary
 
(4 intermediate revisions by the same user not shown)
Line 1: Line 1:
[[Category:Cheatsheet]]
[[Category:Cheatsheet]]


Notes are for Vyos 1.4 unless otherwise noted.
Commands are for Vyos 1.4 unless otherwise noted.


== Commandline ==
== Commandline ==
Line 20: Line 20:
# Exit the configuration mode
# Exit the configuration mode
exit
exit
# Use delete and then the already configured command, to remove/delete/undo said configured command
delete
</syntaxhighlight>
</syntaxhighlight>


Line 64: Line 67:
=== SSH ===
=== SSH ===
<syntaxhighlight lang='bash'>
<syntaxhighlight lang='bash'>
Enable SSH by configuring a port to listen on
# Enable SSH by configuring a port to listen on
set service ssh port <port>
set service ssh port <port>


Line 71: Line 74:
set system login user vyos authentication public-keys 'doomguy' key AAAAC3NzaC1128iqaushdkjah12873iqghdkahsk
set system login user vyos authentication public-keys 'doomguy' key AAAAC3NzaC1128iqaushdkjah12873iqghdkahsk


# Disable password authentication
# Optionally disable password authentication
set service ssh disable-password-authentication
set service ssh disable-password-authentication


# Optionally set an IP to listen on
# Optionally set an IP to listen on
set service ssh listen-address 192.168.77.202
set service ssh listen-address 192.168.77.202
</syntaxhighlight>
=== DHCP-relay ===
* https://docs.vyos.io/en/latest/configuration/service/dhcp-relay.html
<syntaxhighlight lang='bash'>
# Set the interfaces where the DHCP-server listens on and where the client lives
set service dhcp-relay interface eth1
set service dhcp-relay interface eth0
# Configure the IP of the DHCP-server
set service dhcp-relay server 10.0.0.20
# Discard packets coming from a relay-agent, so you only keep packets coming directly from DHCP-clients
set service dhcp-relay relay-options relay-agents-packets discard
</syntaxhighlight>
</syntaxhighlight>


Line 81: Line 98:
==== Interfaces ====
==== Interfaces ====
<syntaxhighlight lang='bash'>
<syntaxhighlight lang='bash'>
# Give interface eth0 en IP-adress and description
# Give interface eth0 an IP-adress and description
set interfaces ethernet eth1 address '10.0.0.1/24'
set interfaces ethernet eth1 address '10.0.0.1/24'
set interfaces ethernet eth1 description 'Local network gateway'
set interfaces ethernet eth1 description 'Local network gateway'
</syntaxhighlight>
</syntaxhighlight>


==== NAT ====
==== Network Address Translation (NAT) ====
<syntaxhighlight lang='bash'>
<syntaxhighlight lang='bash'>
# Set an interface as outbound
# Set an interface as outbound
Line 98: Line 115:
</syntaxhighlight>
</syntaxhighlight>


===== Port-forward =====
==== Port-forward ====
The example below is a basic configuration for a port-forward listening on the WAN interface 1022, forwarding to a host on the LAN for SSH access
The example below is a basic configuration for a port-forward listening on the WAN interface 1022, forwarding to a host on the LAN for SSH access
====== Firewall ======
===== Firewall =====
<syntaxhighlight lang='bash'>
<syntaxhighlight lang='bash'>
# Set this firewall rule to accept
# Set this firewall rule to accept
Line 118: Line 135:
</syntaxhighlight>
</syntaxhighlight>


====== NAT rule ======
===== NAT rule =====
<syntaxhighlight lang='bash'>
<syntaxhighlight lang='bash'>
# Give a name to the NAT rule
set nat destination rule 65 description 'ROCKYLINUXFORWARDSSH'
# Set the port to listen on
set nat destination rule 65 destination port 1022
# Set the interface to listen on
set nat destination rule 65 inbound-interface 'eth0'
# Set the protocol to translate to
set nat destination rule 65 protocol 'tcp_udp'
# Set the IP-address to forward to, when earlier configured communication happens on eth0 port 1022
set nat destination rule 65 translation address 10.0.0.10


# Set the port to forward to, when earlier configured communication happens on eth0 port 1022
set nat destination rule 65 translation port 22
</syntaxhighlight>
</syntaxhighlight>

Latest revision as of 16:03, 17 November 2024


Commands are for Vyos 1.4 unless otherwise noted.

Commandline

Basics

# Enter configuration mode
configure

# Commit changed configuration to RAM
commit

# Discard uncommitted changes
discard

# Save committed changes
save

# Exit the configuration mode
exit

# Use delete and then the already configured command, to remove/delete/undo said configured command
delete
# Use ? to list available parameters for a command:
vyos@vyos# set
Possible completions:
 > cluster      Clustering
 > container    Container applications
 > firewall     Firewall
 > high-availability
                High availability settings
 > interfaces   Network interfaces
...
...

Checks

# Show the routers' full configuration
show

# Show interface configuration
show interfaces

# Show OS version
show version

Configuration

Common

# Configure a hostname for this router
set system host-name LinuxRouter

# Configure DNS servers
set system name-server 176.9.37.132
set system name-server 195.10.195.195

# Create a default route for this router, pointing to 1.2.3.4
set protocols static route 0.0.0.0/0 next-hop 1.2.3.4

SSH

# Enable SSH by configuring a port to listen on
set service ssh port <port>

# Add an ed25519 key to the vyos user, with the description of 'doomguy'
set system login user vyos authentication public-keys 'doomguy' type ssh-ed25519
set system login user vyos authentication public-keys 'doomguy' key AAAAC3NzaC1128iqaushdkjah12873iqghdkahsk

# Optionally disable password authentication
set service ssh disable-password-authentication

# Optionally set an IP to listen on
set service ssh listen-address 192.168.77.202

DHCP-relay

# Set the interfaces where the DHCP-server listens on and where the client lives
set service dhcp-relay interface eth1
set service dhcp-relay interface eth0

# Configure the IP of the DHCP-server
set service dhcp-relay server 10.0.0.20

# Discard packets coming from a relay-agent, so you only keep packets coming directly from DHCP-clients
set service dhcp-relay relay-options relay-agents-packets discard

Network

Interfaces

# Give interface eth0 an IP-adress and description
set interfaces ethernet eth1 address '10.0.0.1/24'
set interfaces ethernet eth1 description 'Local network gateway'

Network Address Translation (NAT)

# Set an interface as outbound
set nat source rule 100 outbound-interface 'eth0'

# Set an internal range to NAT for
set nat source rule 100 source address 10.0.0.0/8

# The method of NAT translation is masquerade as the IP (on eth0)
set nat source rule 100 translation address masquerade

Port-forward

The example below is a basic configuration for a port-forward listening on the WAN interface 1022, forwarding to a host on the LAN for SSH access

Firewall
# Set this firewall rule to accept
set firewall name 'rockylinuxssh' rule 65 action accept

# Enable the firewall rule
set firewall name 'rockylinuxssh' rule 65 state new enable

# Set protocol to allow through this rule
set firewall name 'rockylinuxssh' rule 65 protocol 'tcp_udp'

# Set the IP of the host on the local network, to port-forward to
set firewall name 'rockylinuxssh' rule 65 destination address 10.0.0.10

# Set the port to forward to, of the host on the local network
set firewall name 'rockylinuxssh' rule 65 destination port 22
NAT rule
# Give a name to the NAT rule
set nat destination rule 65 description 'ROCKYLINUXFORWARDSSH'

# Set the port to listen on
set nat destination rule 65 destination port 1022

# Set the interface to listen on
set nat destination rule 65 inbound-interface 'eth0'

# Set the protocol to translate to
set nat destination rule 65 protocol 'tcp_udp'

# Set the IP-address to forward to, when earlier configured communication happens on eth0 port 1022
set nat destination rule 65 translation address 10.0.0.10

# Set the port to forward to, when earlier configured communication happens on eth0 port 1022
set nat destination rule 65 translation port 22
Retrieved from "https://wiki.brammerloo.nl/index.php?title=Linux:VyOS&oldid=722"