Linux:VyOS
From Cheatsheet
Jump to navigationJump to search
Commands are for Vyos 1.4 unless otherwise noted.
Commandline
Basics
# Enter configuration mode configure # Commit changed configuration to RAM commit # Discard uncommitted changes discard # Save committed changes save # Exit the configuration mode exit # Use delete and then the already configured command, to remove/delete/undo said configured command delete
# Use ? to list available parameters for a command:
vyos@vyos# set
Possible completions:
> cluster Clustering
> container Container applications
> firewall Firewall
> high-availability
High availability settings
> interfaces Network interfaces
...
...
Checks
# Show the routers' full configuration show # Show interface configuration show interfaces # Show OS version show version
Configuration
Common
# Configure a hostname for this router set system host-name LinuxRouter # Configure DNS servers set system name-server 176.9.37.132 set system name-server 195.10.195.195 # Create a default route for this router, pointing to 1.2.3.4 set protocols static route 0.0.0.0/0 next-hop 1.2.3.4
SSH
# Enable SSH by configuring a port to listen on set service ssh port <port> # Add an ed25519 key to the vyos user, with the description of 'doomguy' set system login user vyos authentication public-keys 'doomguy' type ssh-ed25519 set system login user vyos authentication public-keys 'doomguy' key AAAAC3NzaC1128iqaushdkjah12873iqghdkahsk # Optionally disable password authentication set service ssh disable-password-authentication # Optionally set an IP to listen on set service ssh listen-address 192.168.77.202
DHCP-relay
# Set the interfaces where the DHCP-server listens on and where the client lives set service dhcp-relay interface eth1 set service dhcp-relay interface eth0 # Configure the IP of the DHCP-server set service dhcp-relay server 10.0.0.20 # Discard packets coming from a relay-agent, so you only keep packets coming directly from DHCP-clients set service dhcp-relay relay-options relay-agents-packets discard
Network
Interfaces
# Give interface eth0 an IP-adress and description set interfaces ethernet eth1 address '10.0.0.1/24' set interfaces ethernet eth1 description 'Local network gateway'
Network Address Translation (NAT)
# Set an interface as outbound set nat source rule 100 outbound-interface 'eth0' # Set an internal range to NAT for set nat source rule 100 source address 10.0.0.0/8 # The method of NAT translation is masquerade as the IP (on eth0) set nat source rule 100 translation address masquerade
Port-forward
The example below is a basic configuration for a port-forward listening on the WAN interface 1022, forwarding to a host on the LAN for SSH access
Firewall
# Set this firewall rule to accept set firewall name 'rockylinuxssh' rule 65 action accept # Enable the firewall rule set firewall name 'rockylinuxssh' rule 65 state new enable # Set protocol to allow through this rule set firewall name 'rockylinuxssh' rule 65 protocol 'tcp_udp' # Set the IP of the host on the local network, to port-forward to set firewall name 'rockylinuxssh' rule 65 destination address 10.0.0.10 # Set the port to forward to, of the host on the local network set firewall name 'rockylinuxssh' rule 65 destination port 22
NAT rule
# Give a name to the NAT rule set nat destination rule 65 description 'ROCKYLINUXFORWARDSSH' # Set the port to listen on set nat destination rule 65 destination port 1022 # Set the interface to listen on set nat destination rule 65 inbound-interface 'eth0' # Set the protocol to translate to set nat destination rule 65 protocol 'tcp_udp' # Set the IP-address to forward to, when earlier configured communication happens on eth0 port 1022 set nat destination rule 65 translation address 10.0.0.10 # Set the port to forward to, when earlier configured communication happens on eth0 port 1022 set nat destination rule 65 translation port 22
