VyOS Commands - TeaganLong/SEC-350-Tech-Journal GitHub Wiki

Setting the Hostname

  • configure
  • set system host-name "hostname"
  • commit
  • save
  • exit

Checking Interfaces

  • show interfaces

Checking Firewall Settings

  • show firewall (Firewalls and Rules)
  • show (full configuration for the device)
  • show zone-policy (show zone interface assignments and mapping of firewalls to zones)

Editing Interfaces

  • delete interfaces ethernet eth0 address dhcp
  • set interfaces ethernet eth0 address 10.0.17.150/24
  • commit
  • save

Setting Interface Description

  • configure
  • set interfaces ethernet eth0 description SEC350-WAN
  • commit
  • save
  • exit

Setting DNS and Default Gateway

  • set protocols static route 0.0.0.0/0 next-hop 10.0.17.2
  • set system name
  • set system name-server 10.0.17.2
  • commit
  • save
  • exit

Configuring for NAT

  • set nat source rule 10 description "NAT FROM DMZ to WAN"
  • set nat source rule 10 outbound-interface eth0
  • set nat source rule 10 source address 172.16.50.0/29
  • set nat source rule 10 translation address masquerade
  • commit
  • save

Show NAT Source/Destination Rules

  • show nat (All Source/Destination Rules)
  • show nat source rule "RuleNumber" (Source Rule)
  • show nat destination rule "RuleNumber" (Destination Rule)

Configuring for DNS Forwarding

  • set service dns forwarding listen-address 172.16.50.2
  • set service dns forwarding allow-from 172.16.50.0/29
  • commit
  • save

Checking DNS Configuration

  • show service dns

Create the Zones

  • set zone-policy zone WAN interface eth0

Create the Firewalls

  • set firewall name WAN-to-DMZ default-action drop
  • set firewall name WAN-to-DMZ enable-default-log

Assigning Firewalls to Zones

  • set zone-policy zone DMZ from WAN firewall name WAN-to-DMZ

Create Firewall Rules

  • set firewall name DMZ-to-WAN rule X (Create a rule)
  • Example rule set:
  • set firewall name DMZ-to-WAN rule 10 action accept
  • set firewall name DMZ-to-WAN rule 10 destination address 172.16.200.10
  • set firewall name DMZ-to-WAN rule 10 destination port 514
  • set firewall name DMZ-to-WAN rule 10 protocol udp
  • set firewall name DMZ-to-WAN rule 10 description "description"

Authpriv Configuration

  • set system syslog host 172.16.50.5 facility authpriv level info
  • commit
  • save

Adding kern Facility

  • set system syslog host 172.16.50.5 facility kern level debug
  • commit
  • save

Enable SSH Login

  • set service ssh listen-address 10.0.17.17
  • commit
  • save

Checking the date/setting timezone

  • date (Shows current date/timezone)
  • sudo timedatectl set-timezone UTC

Log Entry with Date Command

  • logger -t testUTC "time is now $(date)"
  • tail /var/log/messages | grep testUTC

Shortcuts

  • clear console (clears the console window)
  • ctrl + c (stops a ping)