Linux:VyOS

From Cheatsheet
Revision as of 15:55, 17 November 2024 by Patrick (talk | contribs)
Jump to navigationJump to search


Notes are for Vyos 1.4 unless otherwise noted.

Commandline

Basics

# Enter configuration mode
configure

# Commit changed configuration to RAM
commit

# Discard uncommitted changes
discard

# Save committed changes
save

# Exit the configuration mode
exit
# Use ? to list available parameters for a command:
vyos@vyos# set
Possible completions:
 > cluster      Clustering
 > container    Container applications
 > firewall     Firewall
 > high-availability
                High availability settings
 > interfaces   Network interfaces
...
...

Checks

# Show the routers' full configuration
show

# Show interface configuration
show interfaces

# Show OS version
show version

Configuration

Common

# Configure a hostname for this router
set system host-name LinuxRouter

# Configure DNS servers
set system name-server 176.9.37.132
set system name-server 195.10.195.195

# Create a default route for this router, pointing to 1.2.3.4
set protocols static route 0.0.0.0/0 next-hop 1.2.3.4

SSH

Enable SSH by configuring a port to listen on
set service ssh port <port>

# Add an ed25519 key to the vyos user, with the description of 'doomguy'
set system login user vyos authentication public-keys 'doomguy' type ssh-ed25519
set system login user vyos authentication public-keys 'doomguy' key AAAAC3NzaC1128iqaushdkjah12873iqghdkahsk

# Disable password authentication
set service ssh disable-password-authentication

# Optionally set an IP to listen on
set service ssh listen-address 192.168.77.202

Network

Interfaces

# Give interface eth0 en IP-adress and description
set interfaces ethernet eth1 address '10.0.0.1/24'
set interfaces ethernet eth1 description 'Local network gateway'

NAT

# Set an interface as outbound
set nat source rule 100 outbound-interface 'eth0'

# Set an internal range to NAT for
set nat source rule 100 source address 10.0.0.0/8

# The method of NAT translation is masquerade as the IP (on eth0)
set nat source rule 100 translation address masquerade
Port-forward

The example below is a basic configuration for a port-forward listening on the WAN interface 1022, forwarding to a host on the LAN for SSH access

Firewall
# Set this firewall rule to accept
set firewall name 'rockylinuxssh' rule 65 action accept

# Enable the firewall rule
set firewall name 'rockylinuxssh' rule 65 state new enable

# Set protocol to allow through this rule
set firewall name 'rockylinuxssh' rule 65 protocol 'tcp_udp'

# Set the IP of the host on the local network, to port-forward to
set firewall name 'rockylinuxssh' rule 65 destination address 10.0.0.10

# Set the port to forward to, of the host on the local network
set firewall name 'rockylinuxssh' rule 65 destination port 22
NAT rule








Retrieved from "https://wiki.brammerloo.nl/index.php?title=Linux:VyOS&oldid=717"