One Bad Pixel
The night time is the right time.
«
»

Part 3: Vyatta Basic Setup

Previous: Part 2: Installing Vyatta Community 6.5R1.

Now that you have your Vyatta router installed, you probably want to make it do something useful, or, if you are like me, probably need to get it running in a basic way so that you can get back on the Interwebs.

For the purpose of this article, I will assume that your outside interface is “eth0” and your inside interface is “eth1”. I will cover how to configure both DHCP and Static for your outside interface. I will also assume your LAN is 172.16.0.0/24. If you are not familiar with how to convert netmasks to CIDR, you should probably become familiar with this, as it is used exclusively in Vyatta. You can thank the developers later after you are good at this.

First, a quick primer on how configuration in Vyatta works. After logging in, you will be at a “$” prompt. This is the regular operational prompt. Much like a Cisco router, you have not entered into “config” mode. In order to get into configuration mode, type “config”. You will be moved to a “#” prompt, indicating you are in configuration mode. To see your existing configuration, type “show” when you are in configuration mode. You can also show smaller segments of the configuration by appending the location of the config you wish to see, such as “show interfaces” or “show system”.

Lets setup some basic information about the router.. I won’t go into a ton of detail as most of these commands are self explanatory. Items starting with a # are comments and should not be entered into the router (although if you do put them in, the router will safely ignore them).


set system host-name OneBadPixel-Vyatta
set system name-server 8.8.8.8
set system name-server 8.8.4.4
set interfaces ethernet eth0 description Outside
set interfaces ethernet eth1 description Inside
set interfaces ethernet eth1 address 172.16.0.1/24
set service ssh
commit

At this point, you have given the system a name, named the ethernet interfaces, added some DNS servers, added a private address to your inside interface, and enabled SSH service. We still do not have any routes to the Internet or addresses assigned to the outside interface. Lets do that next.
DHCP:


set interfaces ethernet eth0 address dhcp 
commit

Static:


set interfaces ethernet eth0 address 10.1.1.2/30 
set system gateway-address 10.1.1.1
commit

Lastly, we probably need to setup some rules to allow NAT translation from our inside interface.


set nat source rule 999 description "NAT inside to outside"
set nat source rule 999 outbound-interface eth0
set nat source rule 999 source address 172.16.0.0/24
set nat source rule 999 translation address masquerade
commit

Hopefully, if all is going well at this point, your hosts on the 172.16.0.0/24 network (statically configured) can now get to the Internet. Lets make their life simpler by adding a DHCP server to the inside interface.


#we start the pool at 100 and stop at 199, but you can use more, like 50-250 or whatever.
set service dhcp-server shared-network-name ETH1_POOL subnet 172.16.0.0/24 start 172.16.0.100 stop 172.16.0.199
set service dhcp-server shared-network-name ETH1_POOL subnet 172.16.0.0/24 default-router 172.16.0.1
#if you want to cache DNS and provide it from the router, use the next 2 lines
set service dhcp-server shared-network-name ETH1_POOL subnet 172.16.0.0/24 dns-server 172.16.0.1
set service dns forwarding listen-on eth1
#if you dont want to cache DNS and provide it from the router, use the following 2 lines instead
#uses Google DNS, but you could specify any DNS servers here, or internal ones even
set service dhcp-server shared-network-name ETH1_POOL subnet 172.16.0.0/24 dns-server 8.8.8.8
set service dhcp-server shared-network-name ETH1_POOL subnet 172.16.0.0/24 dns-server 8.8.4.4
set service dhcp-server shared-network-name ETH1_POOL authoritative enable
commit

Your router should now be serving DHCP to your internal LAN and they are happily surfing the Internet.

Next: Part 4: Adding Stateful Firewall to Vyatta

 

13 Responses for “Part 3: Vyatta Basic Setup”

  1. Peter Says:

    good article so far!

    Thanks,
    Peter///

  2. Peter Says:

    Where is the “Next: Adding Stateful Firewall to Vyatta” section?

  3. Jim Says:

    Good question peter. I have been really busy and haven’t written it yet. I will try to get it online this week. Since I started the series I have also setup L2TP server, OpenVPN, and IPSec VPNs, so those will be articles sometime soon also.

  4. Part 4: Adding Stateful Firewall to Vyatta | One Bad Pixel Says:

    […] Newest CommentsJim on Part 3: Vyatta Basic SetupPeter on Part 3: Vyatta Basic SetupPeter on Part 3: Vyatta Basic SetupJim on Blog FixedMichael on […]

  5. Jim Says:

    Peter, thanks for following my posts.. I have added part 4 to the series and have began working on part 5.

  6. Julien Says:

    Thank you so much,
    great article, i need to know about firewalling and allowing ports LAN and WAN,
    much appreciate it really !

  7. Part 2: Installing Vyatta Community 6.5R1 | One Bad Pixel Says:

    […] Part 3: Vyatta Basic Setup […]

  8. Scott Says:

    I know this is a long shot, but…

    I am trying to install a copy of VC6.6R1 on a Lanner FW-8771C, which has two quad-port Intel NICs onboard. When I type ‘show interfaces’ all I see is ‘lo’ (‘install image’ doesn’t appear to have created/enabled the network ports); but when I type ‘sudo lspci’ it shows me all eight network ports.

    Do you have any idea how I can get VC to see/register the cards?

    Thanks, in advance, for any possible assistance…

  9. Jim Says:

    Hey Scott, I’m afraid I am not very familiar with that hardware to know what the issue is.. It should pick them up and add them automagically, so something is amiss.. I posted a newer article about VyOS, so I do recommend you switch to VyOS as Brocade has killed the Vyatta project, so you are likely to get more current and more frequent updates re-installing with VyOS (vyos.net). If you already have your system running, its documented on the vyos site how to migrate, and I have done dozens of migrations and its painless. Might try the VyOS forums or IRC on irc.freenode.org #vyos and ask if anyone has ideas.

  10. Scott Says:

    Thanks, Jim.

    As stated, I knew it was a long shot. I provided the hardware information in case you wanted to look the sepcifications up online. Lanner used to be one of the OEMs for Vyatta hardware, so it’s basically an updated version of the old 2600 appliance. As it turns out, it’s too updated and the final version of VCE doesn’t contain the necessary IGB drivers.

    I had been watching the VyOS project with interest, but was trying to stick with VCE due to our fairly sizeable investment in their (pre-Brocade) subscription software and devices. I downloaded a copy of the latest (Helium) nightly build, which installed perfectly and recognized the network cards so I’m off to the races now…

  11. Jim Says:

    Great.. I have a few of the Vyatta VSE 6.6R1 and 6.6R3 systems, apparently 6.6R6 is out now, but I am just buying time until I can replace them.. Hoping VyOS will put in multicast routing, which is the only feature I needed from VSE and why they still exist in my network.
    Glad to hear Helium did the trick for you. If you have VC6.5 or VC6.6 in the field, I highly recommend doing the migration to hydrogen, which I have documented here. I have done about 30 of them and haven’t encountered any issues or differences at all.

  12. http://www.voucherslug.co.uk/expedia-codes Says:

    http://www.voucherslug.co.uk/expedia-codes

    Part 3: Vyatta Basic Setup | One Bad Pixel

  13. FirstEdward Says:

    I have noticed you don’t monetize your site, don’t waste your traffic, you can earn additional bucks
    every month because you’ve got hi quality content.
    If you want to know how to make extra money, search for: Mrdalekjd methods for $$$

Leave a comment!