Friday, June 20, 2008
Configuring a home Vyatta router with DHCP Client/Server and NAT
I struggled with this quite a bit the first time around finding a source of information to configure Vyatta's router solution just because examples are hard to find (not that there are any problems with it) so here is the configuration and examples that I had, I left IP addresses in there for examples but they may have to be changed depending on your home network setup
Before entering the below commands you have to be in configure mode and after commit them to memory (the commits are in there but will not put the configure in as you could do it all in one or multipule configure sessions)
Configure Outside interface for DHCP (eth0 is my outside interface)
Configure DHCP server for the internal network (note because of line wrap this looks funny but "set service" is the start of a new line that continues all the way to the next set service. One per line)
Set NAT (genaric rule to enable nat)
Forwarding SSH (creates a rule to forward ssh from any source to any destination that comes to the outside interface eth0 , this is because I have a dynamic IP address externaly so setting the destination is not useful and do not know the IP that I will be coming from) This acts like "port forwarding" in home routers
Before entering the below commands you have to be in configure mode and after commit them to memory (the commits are in there but will not put the configure in as you could do it all in one or multipule configure sessions)
Configure Outside interface for DHCP (eth0 is my outside interface)
dhclient eth0Configure inside interface with static IP address (eth1 is my inside interface)
commit
set interfaces ethernet eth1 address 192.168.11.1/24
commit
Configure DHCP server for the internal network (note because of line wrap this looks funny but "set service" is the start of a new line that continues all the way to the next set service. One per line)
set service dhcp-server shared-network-name LAN subnet 192.168.11.0/24 start 192.168.11.10This toruns on the dhcp server for the 192.168.11.0/24 network and starts handing out IP addresses at 10 and stops at 50 I also set my outside DNS server as handed out by DHCP and the default router handed out
set service dhcp-server shared-network-name LAN subnet 192.168.11.0/24 start 192.168.11.10 stop 192.168.11.50
set service dhcp-server shared-network-name LAN subnet 192.168.11.0/24 dns-server 24.159.193.40
set service dhcp-server shared-network-name LAN subnet 192.168.11.0/24 default-router 192.168.11.1
commit
Set NAT (genaric rule to enable nat)
set service nat rule 1 outbound-interface eth0
set service nat rule 1 source address 192.168.11.0/24
set service nat rule 1 type masquerade
Forwarding SSH (creates a rule to forward ssh from any source to any destination that comes to the outside interface eth0 , this is because I have a dynamic IP address externaly so setting the destination is not useful and do not know the IP that I will be coming from) This acts like "port forwarding" in home routers
set service nat rule 2
set service nat rule 2 type destination
set service nat rule 2 inbound-interface eth0
set service nat rule 2 protocol tcp
set service nat rule 2 destination address 0.0.0.0/0
set service nat rule 2 destination port ssh
set service nat rule 2 source address 0.0.0.0/0
set service nat rule 2 inside-address address 192.168.11.48
commit
Labels: Linux, NAT, router, Vyatta
# posted by Slackerhobo : 11:31 AM
Comments:
Links to this post:
<< Home
Very nice how-to. One comment, the way you got your address via "dhclient eth0" will of course work, but if you want it saved in your vyatta configuration you can instead use:
configure
set interfaces ethernet eth0 address dhcp
commit
That way it'll work after a reboot too. Also, if it's done this way then the show command will work. For example:
vyatta@vDUT:~$ show dhcp client leases
interface : eth3
ip address : 10.1.0.177 [Active]
subnet mask: 255.255.255.0
domain name: test.net
router : 10.1.0.1
name server: 10.0.0.31
dhcp server: 10.1.0.13
lease time : 300
last update: Thu Jun 26 13:31:49 GMT 2008
expiry : Thu Jun 26 13:36:48 GMT 2008
reason : BOUND
configure
set interfaces ethernet eth0 address dhcp
commit
That way it'll work after a reboot too. Also, if it's done this way then the show command will work. For example:
vyatta@vDUT:~$ show dhcp client leases
interface : eth3
ip address : 10.1.0.177 [Active]
subnet mask: 255.255.255.0
domain name: test.net
router : 10.1.0.1
name server: 10.0.0.31
dhcp server: 10.1.0.13
lease time : 300
last update: Thu Jun 26 13:31:49 GMT 2008
expiry : Thu Jun 26 13:36:48 GMT 2008
reason : BOUND
I want to mention that I have had several reboots now and the DHCP client appears to work after boot each time
I will go back and take a look and modify if I in fact did another path I had some downtime between configuration and the how to so had to pull some of the lines from history
I just logged in and the "show dhcp client leases" works I will review my configuration steps
I will go back and take a look and modify if I in fact did another path I had some downtime between configuration and the how to so had to pull some of the lines from history
I just logged in and the "show dhcp client leases" works I will review my configuration steps
Your post was very useful. Thanks a lot, I had it as a reference while setting up a router at home. I used a dual nic system with eth0 on the outside and eth1 on the inside. The only thing that I needed to do was to run a "save" command after committing, without this it seems that the config changes don't actually survive a reboot. Running VC5.0.2. Thanks again!
Thanks for the info ... this is one of my first posts and I have been meaning to A) Revisit it (as it is a year or more behind current)and B) do a step by step update for running it as a virtual appliance on ESX
Glad to see people are still looking at it :)
Glad to see people are still looking at it :)
I really don't see a point in setting the start address for dhcp twice.
Other than that, good info.
Other than that, good info.
# posted by 
: October 15, 2009 11:39 AM
: October 15, 2009 11:39 AM
Nice article dude, helped me quite a bit.
I was wondering though if you've played with qos-policy traffic-limiter? i just cant seem to get vyatta to traffic shape incoming traffic from source.
ronald
I was wondering though if you've played with qos-policy traffic-limiter? i just cant seem to get vyatta to traffic shape incoming traffic from source.
ronald
I have not done a qos policy as I am not really doing any p2p VPN's and QOS to the internet is not really worth it.
I am planning on a full refresh including VPN's and when I get the time to do so I will make sure to test some of my standard QOS policy's on vyatta
I am planning on a full refresh including VPN's and when I get the time to do so I will make sure to test some of my standard QOS policy's on vyatta
Links to this post:
<< Home
Subscribe to Posts [Atom]
Post a Comment