diff options
Diffstat (limited to 'docs/quick-start.rst')
-rw-r--r-- | docs/quick-start.rst | 32 |
1 files changed, 16 insertions, 16 deletions
diff --git a/docs/quick-start.rst b/docs/quick-start.rst index 04746017..bb651c29 100644 --- a/docs/quick-start.rst +++ b/docs/quick-start.rst @@ -9,14 +9,14 @@ for a device with two interfaces. Enter configuration mode: -.. code-block:: console +.. code-block:: none vyos@vyos$ configure vyos@vyos# Configure network interfaces: -.. code-block:: console +.. code-block:: none set interfaces ethernet eth0 address dhcp set interfaces ethernet eth0 description 'OUTSIDE' @@ -25,14 +25,14 @@ Configure network interfaces: Enable SSH for remote management: -.. code-block:: console +.. code-block:: none set service ssh port '22' Configure DHCP Server and DNS ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ -.. code-block:: console +.. code-block:: none set service dhcp-server shared-network-name LAN subnet 192.168.0.0/24 default-router '192.168.0.1' set service dhcp-server shared-network-name LAN subnet 192.168.0.0/24 dns-server '192.168.0.1' @@ -43,7 +43,7 @@ Configure DHCP Server and DNS And a DNS forwarder: -.. code-block:: console +.. code-block:: none set service dns forwarding cache-size '0' set service dns forwarding listen-address '192.168.0.1' @@ -55,7 +55,7 @@ NAT and Firewall Configure Source NAT for our "Inside" network. -.. code-block:: console +.. code-block:: none set nat source rule 100 outbound-interface 'eth0' set nat source rule 100 source address '192.168.0.0/24' @@ -65,7 +65,7 @@ Add a set of firewall policies for our "Outside" interface. This configuration creates a proper stateful firewall that blocks all traffic: -.. code-block:: console +.. code-block:: none set firewall name OUTSIDE-IN default-action 'drop' set firewall name OUTSIDE-IN rule 10 action 'accept' @@ -86,7 +86,7 @@ could create some additional rules to allow the traffic. These rules allow SSH traffic and rate limit it to 4 requests per minute. This blocks brute-forcing attempts: -.. code-block:: console +.. code-block:: none set firewall name OUTSIDE-LOCAL rule 30 action 'drop' set firewall name OUTSIDE-LOCAL rule 30 destination port '22' @@ -101,14 +101,14 @@ blocks brute-forcing attempts: Apply the firewall policies: -.. code-block:: console +.. code-block:: none set interfaces ethernet eth0 firewall in name 'OUTSIDE-IN' set interfaces ethernet eth0 firewall local name 'OUTSIDE-LOCAL' Commit changes, save the configuration, and exit configuration mode: -.. code-block:: console +.. code-block:: none vyos@vyos# commit vyos@vyos# save @@ -127,7 +127,7 @@ One common use of traffic policy is to limit bandwidth for an interface. In the example below we limit bandwidth for our LAN connection to 200 Mbit download and out WAN connection to 50 Mbit upload: -.. code-block:: console +.. code-block:: none set traffic-policy shaper WAN-OUT bandwidth '50Mbit' set traffic-policy shaper WAN-OUT default bandwidth '50%' @@ -140,7 +140,7 @@ download and out WAN connection to 50 Mbit upload: Resulting in the following configuration: -.. code-block:: console +.. code-block:: none traffic-policy { shaper WAN-OUT { @@ -164,7 +164,7 @@ Resulting in the following configuration: Once defined, a traffic policy can be applied to each interface using the interface-level traffic-policy directive: -.. code-block:: console +.. code-block:: none set interfaces ethernet eth0 traffic-policy out 'WAN-OUT' set interfaces ethernet eth1 traffic-policy out 'LAN-OUT' @@ -184,7 +184,7 @@ additional configuration steps that should be taken. Create a user to replace the default `vyos` user: -.. code-block:: console +.. code-block:: none set system login user myvyosuser level admin set system login user myvyosuser authentication plaintext-password mysecurepassword @@ -192,7 +192,7 @@ Create a user to replace the default `vyos` user: Set up SSH key based authentication. For example, on Linux you'd want to run ``ssh-keygen -t rsa``. Then the contents of ``id_rsa.pub`` would be used below: -.. code-block:: console +.. code-block:: none set system login user myvyosuser authentication public-keys myusername@mydesktop type ssh-rsa set system login user myvyosuser authentication public-keys myusername@mydesktop key contents_of_id_rsa.pub @@ -204,7 +204,7 @@ confirmed that your new user can access your server, without a password, delete the original ``vyos`` user and probably disable password authentication for SSH: -.. code-block:: console +.. code-block:: none delete system login user vyos set service ssh disable-password-authentication |