Monday, February 28, 2011

Vyatta Router Configuration Example of vR1

Here is the config.boot file of vR1_FW1 described in my previous article. You may tweak the file and upload that into your Vyatta router if you want to create a similar environment.

interfaces {
    ethernet eth0 {
        duplex auto
        hw-id 00:0c:29:fc:9e:47
        smp_affinity auto
        speed auto
    }
    ethernet eth2 {
        duplex full
        hw-id 00:0c:29:fc:9e:3d
        smp_affinity auto
        speed 10000
        vif 100 {
            address 172.16.10.1/24
            description MSG_VLAN
        }
        vif 200 {
            address 172.16.20.1/24
            description APP_VLAN
        }
        vif 300 {
            address 10.10.30.1/24
            description DB_VLAN
        }
    }
    ethernet eth3 {
        address dhcp
        description "External IF"
        duplex full
        hw-id 00:0c:29:fc:9e:33
        smp_affinity auto
        speed 10000
    }
    loopback lo {
    }
}
protocols {
    static {
        route 0.0.0.0/0 {
            next-hop 192.168.75.55 {
            }
        }
    }
}
service {
    dhcp-server {
        disabled false
        shared-network-name APP_POOL {
            authoritative disable
            description "Application address pool"
            subnet 172.16.20.0/24 {
                default-router 172.16.20.1
                dns-server 192.168.0.1
                domain-name a.kein.com
                lease 86400
                start 172.16.20.100 {
                    stop 172.16.20.199
                }
            }
        }
        shared-network-name MSG_POOL {
            authoritative disable
            description "MSG_VLAN address pool"
            subnet 172.16.10.0/24 {
                default-router 172.16.10.1
                dns-server 192.168.0.1
                lease 86400
                start 172.16.10.100 {
                    stop 172.16.10.199
                }
            }
        }
    }
    https
    nat {
        rule 10 {
            outbound-interface eth2
            source {
                address 192.168.65.0/24
            }
            type masquerade
        }
        rule 20 {
            outbound-interface eth3
            source {
                address 172.16.10.0/24
            }
            type masquerade
        }
        rule 30 {
            outbound-interface eth3
            source {
                address 172.16.20.0/24
            }
            type masquerade
        }
        rule 40 {
            outbound-interface eth3
            source {
                address 10.10.30.0/24
            }
            type masquerade
        }
    }
    telnet {
        port 23
    }
}
system {
    host-name vR1_FW1
    login {
        user vyatta {
            authentication {
                encrypted-password XXXXXXXXX
            }
            level admin
        }
    }
    ntp-server 0.vyatta.pool.ntp.org
    package {
        auto-sync 1
        repository community {
            components main
            distribution stable
            password ""
            url http://packages.vyatta.com/vyatta
            username ""
        }
        repository lenny {
            components "main contrib non-free"
            distribution lenny
            password ""
            url http://mirrors.kernel.org/debian
            username ""
        }
    }
    syslog {
        global {
            facility all {
                level notice
            }
            facility protocols {
                level debug
            }
        }
    }
    time-zone GMT
}
at
Labels: , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)