Basic Routing: VyOS router configuration, network address translation (NAT) and firewalling
HTML-код
- Опубликовано: 18 сен 2024
- Introductory video on setting up a VyOS router with basic private network Network Address Translation (NAT). Learn how to start from a blank CLI configuration, and use Kali Linux to test internal and external network connections.
Наука
This is the fastest 41.5 minutes I've had in a long time. Great vid!
Ty for the video i am juest starting out wit vyos
excelent work and with the errors it keeps it authentic.
Quite handy! Planning on doing a VyOS install and managing it with ansible.
For your Kali VM's, how are the network adapters set up? (Bridged, NAT, Host-Only)?
Thank you for this video!
Man! This video is so great! As someone who studied math-cs, I didn’t get to take all these cool networking classes CS students take. Now I’m learning it on my own through my homelab and this was a great help in tying some concepts together.
May I ask, if you read the comments, what class is this? I’m hoping to find the syllabus online to use as a roadmap. Is it U of L’s graduate program? Being a refresher lab?
Thanks for the comment! I wrote this lab for our graduate network security class (CSE 613). That class is part of our graduate certificate in cybersecurity. Glad you found it helpful!
Excellent, Thanks.
That's a great explanation there. I have did all the steps and able to reach the destination gateway but not the destination endpoint IP address, is there any thing I'm missing it out.
Do you happen to know why iam getting this error when setting:
# set nat source rule 10 outbound-interface 'eth0'
i get nat source rule [eth0] is not valid set failed
my WAN is on eth0
Could I use a vyos if I wanted to build my own managed network switch but didn't need layer3 routing capability?
I have all the virtual machines set up, the only problem is how am i gonna make vyatta work as a router, I have created 5 NICs already but Im a bit confused how am i gonna set up the lab based on t a termonology of having a dmz, private net and a public. For my school labs i just set up the interfaces etc and everything works fine, but for my home lab it is confusing.
Thanks doc!
Hey Adrian, quick one, what version of VyOS did you use? I downloaded a rolling update version and it looks like it does not have an eth1. Only eth0 and lo. I am unable to commit any changes because any other configuration step to set up an eth1 or eth2 fails. The console reports that the interfaces do not exist. Is this normal?
Hi there, we used VyOS 1.1.8, which is considerably outdated at this time. While some of the newer builds have a few command changes, they should mostly be similar. Missing eth1 however shouldn't be a change between versions. Sounds like your hardware (or virtual hardware) isn't being picked up. Make sure you have two physical NIC interfaces (or virtual NICs if you're virtualizing) and it should work.
@@AdrianLauf Nice one. I think it must be the fatigue of my late night shift but you just reminded me that I can add more NICs to the VyOS guest in my hypervisor. XD
Still though, thanks for the response. Your video is very instrumental and informative of the subject!! :}
@@thathandsomedevil0828 Glad to hear!
@@AdrianLauf Hello Again! Sorry to dredge this topic once more but I have a query regarding dns forwarding with the vyos router.
My internal vms can ping IP addresses but not domain names. I have set the service dns forwarding with the following parameters:
Allow-from (internal vm network range)
Listen-address (vyos interface IP address internal vms connect to)
Listen-on (vyos interface name facing internal vms)
Name-server (Google name server IP address)
But queries from my internal vms only work with IP addresses not domain names. Am I missing something?
Many thanks in advance!!
What's your (expert) opinion on PfSense by comparison ? I sure hope this turns into a series of yours, because it's precisely the project I'm working on myself: a home router of my own. I actually wish to make the thing WAY overpowered for its particular application. Maybe you can do a vid on switches and other network stuff. Simple things which takes you from the ground up, so the average Joe can at least get a general idea :D
Glad you enjoyed the video! There are many competent products out there. PfSense is definitely one of them. I personally really like Ubiquiti's EdgeRouter series, they're easy to program, and have lots of power. I use the EdgeRouter 4 series, they are quite overpowered for most home use cases, which is what I'd like it to be! I'll see if I can put up videos on more advanced topics in the future.
Just had a look at EdgeRouters prices over here out of curiosity, because I thought they'd cost an arm and a leg, but they're not THAT expensive TBH. In comparison, how would a run of the mill motherboard+CPU+DDR4 RAM setup stack up ? I guess it all comes down to the network hardware rather than the CPU/RAM. I was looking at some Intel NICs I could add onto my MB, though I believe at that point the main bottleneck will be the ISP and clients rather than the router machine itself. I just happened to have some motherboards laying around which I could equip and repurpose as a router (maybe a NAS too to replace my antique off the shelf one... throw some WD golds in it and....). I ran some very unscientific tests with both a rather old MB and a Xeon CPU and a more recent i7 and DDR4 RAM and the newer setup scored slightly better, but that probably comes down to the different network ICs they use....still, I cranked it WAY up to like 32Gbs of DDR4 ECC RAM because I scored some sticks rather cheap, so why not :))
@@DanielsGameVault Yeah, that's one of the reasons I like them - enterprise features at sane prices. Your PC-based setup would have an advantage in a super-small sheer packet test, but the MIPS CPUs on those EdgeRouters do support hardware offloading to the network system, which makes them VERY fast. And, when considering power consumption vs throughput and packet rates, the EdgeRouters win hands down, because they're heavily optimized for the job.
@@AdrianLauf Also the size aspect - an OTS router is going to be much more compact than what's essentially a desktop PC running a Xeon in my closet :)) I also had a look at Mikrotik, for the record. Not a network expert by any means, so I'm not sure what path I should choose. For my home use, I think I'm starting to consider the OTS solution more, because it's purposely built for the job...duuh :))
@@DanielsGameVault I purchased a mini-PC AWOW AK-34 and I have been running VyOS 1.2.7 on it as my everyday home router and it is a pure joy! Before that I was using an EdgeRouter ER-X but it lacked power, especially during VPN encryption. On the contrary, my mini-PC sports an Intel CPU (J3455) (roughly equivalent in power to an i3) but WITH AES-NI microprocessor instructions, which is THE thing you want for fast VPN...
Huh… looks like junOS. Very easy to understand
Just how many routers you got running there bud?