fw01 (vyOS) - jude-lindale/Wiki GitHub Wiki

  1. First is to make sure that fw01 is set to the right network adapter in this case there should be three adapters:

2023-01-16 14_26_37-VMware Horizon

  1. Using the default credentials to login, the next step is to set the hostname:

    configure
    set system host-name fw1-jude
    commit 
    save
    exit
    
  2. Next logout and log back in so the hostname can take effect

  3. Check the interface assignment using the following command:

     show interfaces
    
  4. If any of the interfaces have an dhcp assignment delete it using:

    configure delete interfaces ethernet eth# address dhcp

  5. Next is to give each interface a description using the following commands:

    configure
    set interfaces ethernet eth0 description SEC350-WAN
    set interfaces ethernet eth1 description JUDE-DMZ
    set interfaces ethernet eth2 description JUDE-LAN
    commit 
    save
    exit
    
  6. Then give each interface its assinged IP address usign the following command

    configure
    set interfaces ethernet eth0 address 10.0.17.119/24
    set interfaces ethernet eth1 address 172.16.50.2/29
    set interfaces ethernet eth1 address 172.16.150.2/24
    commit 
    save
    exit
    
  7. Next is to inform the SEC350-WAN interface how to get to the internet using the following commands:

    configure
    set protocols static route 0.0.0.0/0 next-hop 10.0.17.2
    set system name-server 10.0.17.2
    commit 
    save
    exit
    
  8. lastly make sure that fw1 can ping google.com

Configuring fw01 for NAT and DNS Forwarding on fw01

  1. To configure fw01 for NAT and DNS Forwarding on fw01 run the following commands:

    configure
    set nat source rule 10 description "NAT FROM DMZ to WAN"
    set nat source rule 10 outbound-interface eth0
    set nat source rule 10 source address 172.16.50.0/29
    set nat source rule 10 translation address masquerade
    commit
    save
    exit
    

Configuring fw01 for DNS forwarding

  1. to configure fw01 for DNS forwarding run the following commands:

    configure
    set service dns forwarding listen-address 172.16.50.2
    set service dns forwarding allow-from 172.16.50.0/29
    set service dns forwarding system
    commit
    save
    exit