VYATTA Linux Router - Part 2

From Johns Hopkins Linux Users Group

Rebuild Procedure

Updated Dec 10, 2009 ajs
I renewed our Vyatta subscription for 2010. Some of the following displayed information is no longer current. However, this update is to verify that the procedure still works and to update parts of the procedure that may have changed.

Preparation

1. Download and burn a Vyatta Live CD, Supported Version 3.4.6 or current version
2. USB DVD Drive
3. Putty Terminal Software

WARNING The following procedure is for demonstration purposes only! It may or may not be a good procedure to apply to your production system. Before setting your own system up, download an read the current documentation! For this procedure, just sit back and enjoy the ride.

VIA C7 is x86 compatible

vyatta@vyatta:~$ uname -a
Linux vyatta 2.6.26-1-486-vyatta #1 SMP Thu Feb 26 03:42:03 GMT 2009 i686 GNU/Linux

Step 1 - Boot the Appliance from the Live CD

1. Plug the RS232 cable into the router and a PC running Putty serial console.

2. Boot the Vyatta 514 appliance with the external CDROM and Vyatta Live CD.

This is a good time to review the device information. The following are startup screen shots in left to right, top to bottom sequence. Click on the images to enlarge them.

Step 2 - Install the Vyatta from the Live CD

1. Login as root, Password vyatta
2. At the system prompt execute the command

install-system

3. If Vyatta was previously installed, use the "Auto" option to destroy the old installation and rebuild with automatic partitioning.

The Vyatta distro comes preconfigured for root and a user account vyatta. My understanding is that the vyatta account is a restricted account specifically associated with the Vyatta components and processes. The root account has access to all the vyatta resources, but not the other way around.

The Vyatta shell (fuse?) Configuration mode is a nice feature. It allows you to make and review configuration settings prior to committing or saving them.

Step 3 - Typical Configuration Scripts

 Linux vyatta 2.6.26-1-486-vyatta #1 SMP Thu Feb 26 03:42:03 GMT 2009 i686
 Welcome to Vyatta.
 This system is open-source software. The exact distribution terms for
 each module comprising the full system are described in the individual
 files in /usr/share/doc/*/copyright.
 vyatta@vyatta:~$ configure

 configure
 set system host-name JHLUGVR1
 set system domain-name jhlug.org
 set interfaces ethernet eth3 address 69.137.232.203/29
 set system name-server 66.187.130.31
 set system gateway-address 69.187.232.1
 set system ntp-server time-a.nist.gov

 vyatta@vyatta# commit
 Stopping NTP server: ntpd.
 Starting NTP server: ntpd.
 [edit]
 vyatta@vyatta# save
 Saving configuration to '/opt/vyatta/etc/config/config.boot'...
 Done
 [edit]
 vyatta@vyatta# exit
 exit
 vyatta@vyatta:~$

 configure
 set system package repository supported distribution stable
 set system package repository supported username vyatta-jhlug.org
 set system package repository supported password dontaskanymore
 commit
 save

LAN Interfaces

Use the show interfaces command to view the hardware interfaces. eth3 is our WAN interface and eth0, eth1, eth2 are our LAN interfaces.

root@JHLUGVR1# show interfaces
 ethernet eth0 {
     hw-id 00:90:fb:19:ed:10
 }
 ethernet eth1 {
     hw-id 00:90:fb:19:ed:0f
 }
 ethernet eth2 {
     hw-id 00:90:fb:19:ed:0e
 }
 ethernet eth3 {
     address 69.17.29.133/27
     hw-id 00:90:fb:19:ed:0d
 }
 loopback lo {
 }

LAN on eth0 with DHCP

Login as vyatta

configure
set interfaces ethernet eth0 address 192.168.5.1/24
set service dhcp-server shared-network-name JHLUG_POOL5 subnet 192.168.5.0/24 start 192.168.5.100 stop 192.168.5.199
set service dhcp-server shared–network-name JHLUG_POOL5 subnet 192.168.5.0/24 default-router 192.168.5.1
set service dhcp-server shared–network-name JHLUG_POOL5 subnet 192.168.5.0/24 dns-server 66.187.130.31
commit
show service dhcp-server
save

show service dhcp-server
shared-network-name JHLUG_POOL5 {
    subnet 192.168.5.0/24 {
        default-router 192.168.5.1
        dns-server 66.187.130.31
        start 192.168.5.100 {
            stop 192.168.5.199
        }
    }
}

NAT - Network Address Translation

set service nat rule 10 source address 192.168.5.0/24
set service nat rule 10 outbound-interface eth3
set service nat rule 10 destination address 0.0.0.0/0
set service nat rule 10 type masquerade
commit
save

Basic Firewall Configuration

set firewall name ALLOW_ESTABLISHED
set firewall name ALLOW_ESTABLISHED rule 20
set firewall name ALLOW_ESTABLISHED rule 20 action accept
set firewall name ALLOW_ESTABLISHED rule 20 state established enable
commit
set interfaces ethernet eth3 firewall in name ALLOW_ESTABLISHED
set interfaces ethernet eth3 firewall local name ALLOW_ESTABLISHED
commit

show firewall
name ALLOW_ESTABLISHED {
    rule 20 {
        action accept
        state {
            established enable
        }
    }
}

Port Forwarding

UNDER CONSTRUCTION

set firewall name WebServer rule 10
set firewall name WebServer rule 10 action-accept
set firewall name WebServer rule 10 protocol tcp
set firewall name WebServer rule 10 destination address 192.168.5.80
set firewall name WebServer rule 10 destination port http
set interfaces Ethernet eth0 firewall out name WebServer

SSH

 set service ssh
 set service ssh allow-root true
 commit
 save

RIP

 set protocols rip interface eth3
 set protocols rip interface eth0
 set protocols rip redistribute connected
 commit
 save
 run show ip route
 Codes: K - kernel route, C - connected, S - static, R - RIP, O - OSPF,
        I - ISIS, B - BGP, > - selected route, * - FIB route  
 S   0.0.0.0/0 [1/0] via 69.17.29.129 inactive
 C>* 127.0.0.0/8 is directly connected, lo

Where's My Stuff?

Config Scripts are located in: /opt/Vyatta/etc/config

Back      Continued in VYATTA Linux Router - Part 3