How to install Vyatta router on Hyper-V – Part 2: Configuration

//
//
NOTE: Recommend you to replace Vyatta by VyOS, for that follow these links:
How to install VyOS Router/Appliance on Hyper-V – Part 1: Setup and Install
How to install VyOS Router/Appliance on Hyper-V – Part 2: Configuration

Completing the series with the Part 2 of How to install Vyatta router on Hyper-V with the configuration process.

On my last Post “How to install Vyatta router on Hyper-V – Part 1: Setup and Install”we had:

– Introduction: My LAB environment
– Phase 1: Download Vyatta and prepare a VM to run Vyatta router
– Phase 2: Install Vyatta on a VM

 

On this post I’ll cover:

– Phase 3: Configure Vyatta Router
– Phase 4: Configure Vyatta Network Services

 

[Phase 3: Configure Vyatta Router]

1. Eject the Vyatta iso image from the Vyatta virtual machine

2. Start the VM

vyatta_boot

3. Login to vyatta

Vyatta login: vyatta
Vyatta password: password defined during the installation process

 

3. Confirm that you have valid NIC’s to be configure (eth0, eth1, eth2), list the NICs:

show interfaces

4. Configure the router interfaces that will serve as a gateway, e.g. 192.168.1.254 for your VM’s on the subnet 192.168.1.x/24

configure
set interfaces ethernet eth0 address 10.0.0.254/24
set interfaces ethernet eth1 address 192.168.0.254/24
set interfaces ethernet eth2 address 172.0.0.254/24
set system gateway-address 192.168.0.1
set system name-server 192.168.0.1
set system host-name vyatta-router
commit
save

 

Note: Just to refresh your memory, when we created and configured the Vyatta VM on Hyper-V we added the network interfaces in the following order: “Internal Network”, “External Network” and “Extranet – DMZ”. When you configure Vyatta interfaces “eth0”, “eth1” and “eth2” the Ip Address and Netmask for those interfaces should respect the exact same order, for instance:

eth0 = 10.0.0.254/24 (“Internal Network” Virtual Switch)
eth1 = 192.168.0.254/24 (“External Network” Virtual Switch)
eth2 = 172.0.0.254/24 (“Extranet – DMZ” Virtual Switch)

Failing to accomplish with this match could mean that you’ll have switched the configurations for the appropriate Virtual Switch and you’ll probably have network issues.

5. Enable the Vyatta Web administration interface (not available on the free version):

set service https
commit
save

 

6. Enable the Vyatta SSH administration:

set service ssh
commit
save

 

 

 

[Phase 4: Configure Vyatta Network Services]

1. Enable NAT Masquerade for the “Internal Network” (10.0.0.0/24) through the eth1 interface connected to the “External Network”

set nat source rule 1
set nat source rule 1 source address 10.0.0.0/24
set nat source rule 1 outbound-interface eth1
set nat source rule 1 translation address masquerade
commit
save

 

The Vyatta interface eth1 on the “External Network” is connected to my “3G ISP Wifi Router” as I am using Wireless Bridging on Hyper-V, while doing this NAT configuration I am providing Internet access to all the VM’s hosted on the 10.0.0.0/24 subnet and masking their Addresses, even on a “Internal only” Hyper-V Switch configuration. 😉

2. Install DNS Server (Bind9) and configure DNS Forwarder for my VM’s on the “External Network” (192.168.0.0/24)

2.1 Install Bind9 package on Vyatta

Bind9 package is not available on Vyatta source, so you’ll need to add the Debian repository to the sources list (vyatta is debian based…).

Logon as root and edit the apt sources.list:

 

sudo nano /etc/apt/sources.list

Define an additional apt repository (debian repository) by inserting the following line:

deb http://http.us.debian.org/debian stable main

Install DNS Bind9:

sudo apt-get install bind9 bind9-doc dnsutils

2.2 Configure the DNS Server files

Go to the bind folder:

cd /etc/bind

Create a backup of ”named.conf.local” to “named.conf.local_ORIGINAL”:

cp named.conf.local named.conf.local_ORIGINAL

Create the forward lookup file “labdom.com” from the default template file “db.local”:

cp db.local labdom.com

Create the reverse lookup file “labdom.com.loopback” from the default template file “db.127”:

cp db.127 labdom.com.loopback

Now lets configure “name.conf.local”, for that start editing the file:

nano named.conf.local

Add the following entries to the “named.conf.local”, to configure the forward and lookup zone and their location, at the end Press [CONTROL]+[X] Keys to Save the file and Exit:

#Public Zone
Zone “labdom.com” IN {
type master;
file “/etc/bind/labdom.com”;
allow-update {none;};
};

 

#Reverse zone
Zone “0.168.192.in-addr.arpa” IN {
type master;
file “/etc/bind/labdom.com.loopback”;
allow-update {none;};
};

2.3 Configure the DNS Forward lookup zone “labdom.com”

Edit the forward lookup zone file “labdom.com” with the following:

nano /etc/bind/labdom.com

Add the following entries to the “labdom.com” and at the end Press [CONTROL]+[X] Keys to Save the file and Exit:

$TTL 604800
@ IN SOA labdom.com. root.labdom.com. (
2 ;Serial
604800 ;Refresh
86400 ;Retry
2419200 ;Expire
604800 ) ;Negative Cache TTL
;

@ IN NS main.debian.lan.
@ IN A 192.168.100.1
@ IN AAAA ::1
DA IN A 192.168.0.50

On the forward lookup “labdom.com” zone we added the “A” record for the host name “DA” with the IP 192.168.0.50.

The arrangement for the forward lookup file can be something like this:

vyatta_forward_lookup

 

2.4 Configure the DNS loopback zone “0.168.192.in-addr.arpa

Edit the reverse lookup zone or loopback file “labdom.com.loopback” with the following:

nano /etc/bind/labdom.com.loopback

Add the following entries to the “labdom.com.loopback” and at the end Press [CONTROL]+[X] Keys to Save the file and Exit:

$TTL 604800
@ IN SOA labdom.com. root.labdom.com. (
1 ;serial
604800 ;refresh
86400 ;retry
2419200 ;expire
604800 ) ;negative cache TTL
;
@ IN NS labdom.com.
50 IN PTR DA.labdom.com.

On the loopback “labdom.com.loopback” zone we added the “PTR” record for “DA.labdom.com”.

The arrangement for loopback file can be something like this in the final output:

vyatta_reverse_lookup

2.5 Configure the DNS Forwarders for public name resolution

Edit the dns options file “named.conf.options” with the following:

nano /etc/bind/named.conf.options

Add the following entries and press [CONTROL]+[X] to save and exit

forwarders {
192.168.0.1;
};

Restart the bind9 daemon:

service bind9 restart

3. Configure webproxy for the network 172.0.0.x/24

 

set service webproxy default-port 8080
set service webproxy listen-address 172.0.0.254
set service webproxy disable-access-log
commit
save

4. Configure the name resolvers for Vyatta

Edit the dns options file “resolv.conf” with the following:

nano /etc/resolv.conf

Add the following entries and press [CONTROL]+[X] to save and exit

nameserver 127.0.0.1
nameserver 192.168.0.1

 

With this dns resolvers configuration pointing to the localhost “127.0.0.1” Vyatta will return DNS queries for it’s own DNS zones “labdom.com” and “0.168.192.in-addr.arpa”, also pointing to the 3G ISP Router IP address 192.168.0.1 it will either resolve DNS queries on the Internet.

 

This completes the series of “How to install Vyatta router on Hyper-V”.

R-Tape Loading error,
Luís Rato
//
//

Anúncios

~ por Luis Rato em 20 de Setembro de 2013.

15 Respostas to “How to install Vyatta router on Hyper-V – Part 2: Configuration”

  1. Hello Luis, nice post!
    Did you had any kind of issue while updating the repository after add the debian url?
    I’m getting the following error on Version 6.6 after use the following repository url:

    deb http://ftp.br.debian.org/debian oldstable main #new repository url for squeezy#

    (http://davicruz.com.br/vyatta6.6.png)

    I already tried to clean the repository folder but I had no success on it.

    Any help would be appreciated!

  2. Excellent post, Im now using vyatta as the router in my virtual lab.

    The only issue I had with the instructions above was setting the interfaces, it appears (certainly on VC6.6R1) that the “set interfaces Ethernet eth0 address” is case sensitive, and the captial E of Ethernet causes a configuration error.

    Thanks for your instructions.
    Carl
    Oxfordsbsguy.com

    • Hi there Carl,

      thank you very much for your feedback. Linux is case sensitive and for some stupid reason I had written “Ethernet” with a Capital letter, I’ve already edited the post to fix that, so thank you very much once again for your contribution on this review.

      Cheers,
      Luís Rato

  3. Great tutorial, so clear and concise!

    One small difference for me is that I needed to run:
    sudo apt-get update

    Before I could run:
    sudo apt-get install bind9 bind9-doc dnsutils

  4. Hi Luis,

    I have a strange problem with my Vyatta which I cannot figure out. Everything has been configured as per your tutorial but the DMZ seems to be mostly blocked to the internet. I have a server sitting in the 171.0.0.0/24 network. It can ping 172.0.0.254 and also resolve partial Bing.com pages but not other websites. It cannot ping Google.com. Obviously this is a port blocking/firewall problem but I cannot figure it out.

    Is this behaviour normal?

    Thanks,

    Blake.

  5. Forget that, I had my DMZ server sitting in the extranet instead of the DMZ. I didn’t name them correctly. Ignore me 😉

  6. Actually, there is some confusion in your documentation.

    The diagram shows three networks:

    Intranet – 10.0.0.0/24 (Hyper-V Internal Network Switch)
    Extranet – 172.0.0.0/24 (Hyper-V Internal Network Switch)
    DMZ – External – 192.168.0.0/24 (Hyper-V External Network Switch)

    Later in your documentation and router config section you say:

    eth0 = 10.0.0.254/24 (“Internal Network” Virtual Switch)
    eth1 = 192.168.0.254/24 (“External Network” Virtual Switch)
    eth2 = 172.0.0.254/24 (“Extranet – DMZ” Virtual Switch)

    So the diagram labels the External Network the DMZ but the instructions label the Extranet the DMZ…..

  7. Step 2.3 also has an error.

    When you nano /etc/bind/labdom.com

    At the bottom you say to enter this:

    @ IN NS main.debian.lan.
    @ IN A 192.168.100.1
    @ IN AAAA ::1
    DA IN A 192.168.0.50

    But your screenshot shows this: (and makes more sense)

    @ IN NS labdom.com.
    @ IN A 192.168.0.254
    @ IN AAAA ::1
    DA IN A 192.168.0.50

  8. Hello Luis,

    First of all, thanks for the posts! They’re a great help in setting up my own lab.

    As to the packages, I found this webpage explaining what is going on:
    http://xmodulo.com/2013/02/how-to-install-debian-packages-on-vyatta.html

    For Vyatta 6, you need to run these commands in configure mode:
    # configure
    # set system package repository squeeze components ‘main contrib non-free’
    # set system package repository squeeze distribution ‘squeeze’
    # set system package repository squeeze url ‘http://mirrors.kernel.org/debian’
    # commit
    # save
    # exit

    After that, run apt-get update and after that run the apt-get install command as listed above.

  9. So once I am done with this, setting an ip-address static on any of my VMs to for instance 10.0.0.3 should allow them access to internet?

  10. Any chance we will be seeing a guide on adding port forwarding from external in to the internal IPs?

    I find the vyatta website a bit cloggy.

Deixe uma Resposta

Preencha os seus detalhes abaixo ou clique num ícone para iniciar sessão:

Logótipo da WordPress.com

Está a comentar usando a sua conta WordPress.com Terminar Sessão / Alterar )

Imagem do Twitter

Está a comentar usando a sua conta Twitter Terminar Sessão / Alterar )

Facebook photo

Está a comentar usando a sua conta Facebook Terminar Sessão / Alterar )

Google+ photo

Está a comentar usando a sua conta Google+ Terminar Sessão / Alterar )

Connecting to %s

 
%d bloggers like this: