VyOS - DefiantCoder/Tech-Journals GitHub Wiki

Home

Changes are made to the running configuration by entering “configure” mode. These changes are applied to the running configuration via “commit”. The changes persist after reload only if you “save” them. You leave configuration mode via the “exit” command.

Edit settings

configure

commit
save
exit

Discard settings

  • In edit if you don't want to save your changes
exit discard

Add User

configure
set system login user [username] full-name ["full name"]
set system login user [username] authentication plaintext-password [password]

Setting Hostname

configure
set system host-name fw1-yourname
commit
save
exit

Repeat exit until you get to a login prompt. Then you should see your new hostname, so go ahead and log in back to configure.

setting a new password

configure
set system login user [username] authentication plaintext-password [password]
commit
save

Adding a description

This is important to allow you to differentiate between connections

configure
set interfaces ethernet eth0 description <NameOfConnection>
commit
save
exit

Commands

shows interfaces and connections

show interfaces

show service

Export Configuration

show configuration commands | grep -v "syslog global\|ntp\|login\|console\|config\|hw-id\|loopback\|conntrack"

Sets the Interfaces IP address

set interfaces ethernet eth<X> address <IPADDRESS/MASK>

Deletes an interface

delete interfaces ehternet eth<0> address <CurrentAddress/ or dhcp>

Set password

set system login user <username> authentication plaintext-password <newpassword>

Set the gateway next-hop & name server

configure
# sets the default gateway to the gateway firewall
set protocols static route <0.0.0.0/0> next-hop <10.0.17.2>
# sets the DNS server to the gateway firewall
set system name-server <10.0.17.2>
commit
save

Configure NAT & DNS Forwarding

configure
set nat source rule 10 description "NAT FROM DMZ to WAN"
set nat source rule 10 outbound-interface eth<0>
set nat source rule 10 source address <172.16.50.0/29>
set nat source rule 10 translation address <masquerade>
commit
save

Configure DNS forwarding

# This is the dns server / gateway for this network
set service dns forwarding listen-address <172.16.50.2>
# This is the Netmask for that network
set service dns forwarding allow-from <172.16.50.0/29>
set service dns forwarding system
commit
save

Setting RIP

*(On fw01) enables RIP on the eth2 interface (LAN in this case) and advertises it on the 50.0/29 network (DMZ network in this case)

set protocols rip interface eth2
# share routes to the DMZ
set protocols rip network 172.16.50.0/29
  • (On fw-mgmt) enables RIP on eth0 interface (LAN in this case) and advertise the .200.0/28 netowork (MGMT network in this case)
set protocols rip interface eth0
# share routes to the management network
set protocols rip network '172.16.200.0/28'

Forward Authentication events from VyOS

Configuring Firewalls

set firewall name <WAN-to-DMZ> default-action drop
set firewall name <DMZ-to-WAN> default-action drop
set firewall name <WAN-to-DMZ> enable-default-log 
set firewall name <DMZ-to-WAN> enable-default-log
⚠️ **GitHub.com Fallback** ⚠️