Linux:VyOS: Difference between revisions
From Cheatsheet
Jump to navigationJump to search
(→BGP) Tag: Manual revert |
No edit summary |
||
| Line 1: | Line 1: | ||
[[Category:Cheatsheet]] | [[Category:Cheatsheet]] | ||
Notes are for Vyos 1.4 unless otherwise noted. | |||
== Commandline == | == Commandline == | ||
| Line 55: | Line 57: | ||
set system name-server 176.9.37.132 | set system name-server 176.9.37.132 | ||
set system name-server 195.10.195.195 | set system name-server 195.10.195.195 | ||
# Create a default route for this router, pointing to 1.2.3.4 | |||
set protocols static route 0.0.0.0/0 next-hop 1.2.3.4 | |||
</syntaxhighlight> | </syntaxhighlight> | ||
| Line 61: | Line 66: | ||
Enable SSH by configuring a port to listen on | Enable SSH by configuring a port to listen on | ||
set service ssh port <port> | set service ssh port <port> | ||
# Add an ed25519 key to the vyos user, with the description of 'doomguy' | |||
set system login user vyos authentication public-keys 'doomguy' type ssh-ed25519 | |||
set system login user vyos authentication public-keys 'doomguy' key AAAAC3NzaC1128iqaushdkjah12873iqghdkahsk | |||
# Disable password authentication | |||
set service ssh disable-password-authentication | |||
# Optionally set an IP to listen on | # Optionally set an IP to listen on | ||
| Line 66: | Line 78: | ||
</syntaxhighlight> | </syntaxhighlight> | ||
=== NAT === | === Network === | ||
==== Interfaces ==== | |||
<syntaxhighlight lang='bash'> | |||
# Give interface eth0 en IP-adress and description | |||
set interfaces ethernet eth1 address '10.0.0.1/24' | |||
set interfaces ethernet eth1 description 'Local network gateway' | |||
</syntaxhighlight> | |||
==== NAT ==== | |||
<syntaxhighlight lang='bash'> | <syntaxhighlight lang='bash'> | ||
# Set an interface as outbound | # Set an interface as outbound | ||
| Line 76: | Line 96: | ||
# The method of NAT translation is masquerade as the IP (on eth0) | # The method of NAT translation is masquerade as the IP (on eth0) | ||
set nat source rule 100 translation address masquerade | set nat source rule 100 translation address masquerade | ||
</syntaxhighlight> | |||
===== Port-forward ===== | |||
The example below is a basic configuration for a port-forward listening on the WAN interface 1022, forwarding to a host on the LAN for SSH access | |||
====== Firewall ====== | |||
<syntaxhighlight lang='bash'> | |||
# Set this firewall rule to accept | |||
set firewall name 'rockylinuxssh' rule 65 action accept | |||
# Enable the firewall rule | |||
set firewall name 'rockylinuxssh' rule 65 state new enable | |||
# Set protocol to allow through this rule | |||
set firewall name 'rockylinuxssh' rule 65 protocol 'tcp_udp' | |||
# Set the IP of the host on the local network, to port-forward to | |||
set firewall name 'rockylinuxssh' rule 65 destination address 10.0.0.10 | |||
# Set the port to forward to, of the host on the local network | |||
set firewall name 'rockylinuxssh' rule 65 destination port 22 | |||
</syntaxhighlight> | |||
====== NAT rule ====== | |||
<syntaxhighlight lang='bash'> | |||
</syntaxhighlight> | </syntaxhighlight> | ||
Revision as of 15:55, 17 November 2024
Notes are for Vyos 1.4 unless otherwise noted.
Commandline
Basics
# Enter configuration mode configure # Commit changed configuration to RAM commit # Discard uncommitted changes discard # Save committed changes save # Exit the configuration mode exit
# Use ? to list available parameters for a command:
vyos@vyos# set
Possible completions:
> cluster Clustering
> container Container applications
> firewall Firewall
> high-availability
High availability settings
> interfaces Network interfaces
...
...
Checks
# Show the routers' full configuration show # Show interface configuration show interfaces # Show OS version show version
Configuration
Common
# Configure a hostname for this router set system host-name LinuxRouter # Configure DNS servers set system name-server 176.9.37.132 set system name-server 195.10.195.195 # Create a default route for this router, pointing to 1.2.3.4 set protocols static route 0.0.0.0/0 next-hop 1.2.3.4
SSH
Enable SSH by configuring a port to listen on set service ssh port <port> # Add an ed25519 key to the vyos user, with the description of 'doomguy' set system login user vyos authentication public-keys 'doomguy' type ssh-ed25519 set system login user vyos authentication public-keys 'doomguy' key AAAAC3NzaC1128iqaushdkjah12873iqghdkahsk # Disable password authentication set service ssh disable-password-authentication # Optionally set an IP to listen on set service ssh listen-address 192.168.77.202
Network
Interfaces
# Give interface eth0 en IP-adress and description set interfaces ethernet eth1 address '10.0.0.1/24' set interfaces ethernet eth1 description 'Local network gateway'
NAT
# Set an interface as outbound set nat source rule 100 outbound-interface 'eth0' # Set an internal range to NAT for set nat source rule 100 source address 10.0.0.0/8 # The method of NAT translation is masquerade as the IP (on eth0) set nat source rule 100 translation address masquerade
Port-forward
The example below is a basic configuration for a port-forward listening on the WAN interface 1022, forwarding to a host on the LAN for SSH access
Firewall
# Set this firewall rule to accept set firewall name 'rockylinuxssh' rule 65 action accept # Enable the firewall rule set firewall name 'rockylinuxssh' rule 65 state new enable # Set protocol to allow through this rule set firewall name 'rockylinuxssh' rule 65 protocol 'tcp_udp' # Set the IP of the host on the local network, to port-forward to set firewall name 'rockylinuxssh' rule 65 destination address 10.0.0.10 # Set the port to forward to, of the host on the local network set firewall name 'rockylinuxssh' rule 65 destination port 22
