diff options
Diffstat (limited to 'docs/ch03-quick-start.rst')
| -rw-r--r-- | docs/ch03-quick-start.rst | 103 |
1 files changed, 103 insertions, 0 deletions
diff --git a/docs/ch03-quick-start.rst b/docs/ch03-quick-start.rst new file mode 100644 index 00000000..cf6c2169 --- /dev/null +++ b/docs/ch03-quick-start.rst @@ -0,0 +1,103 @@ +Quick Start Guide +================= + +Below is a very basic configuration example that will provide a NAT gateway +for a device with two interfaces. + +Enter configuration mode: + +.. code-block:: sh + + vyos@vyos$ configure + vyos@vyos# + +Configure network interfaces: + +.. code-block:: sh + + set interfaces ethernet eth0 address dhcp + set interfaces ethernet eth0 description 'OUTSIDE' + set interfaces ethernet eth1 address '192.168.0.1/24' + set interfaces ethernet eth1 description 'INSIDE' + +Enable SSH for remote management: + +.. code-block:: sh + + set service ssh port '22' + +Configure Source NAT for our "Inside" network. + +.. code-block:: sh + + set nat source rule 100 outbound-interface 'eth0' + set nat source rule 100 source address '192.168.0.0/24' + set nat source rule 100 translation address masquerade + +Configure a DHCP Server: + +.. code-block:: sh + + set service dhcp-server disabled 'false' + set service dhcp-server shared-network-name LAN subnet 192.168.0.0/24 default-router '192.168.0.1' + set service dhcp-server shared-network-name LAN subnet 192.168.0.0/24 dns-server '192.168.0.1' + set service dhcp-server shared-network-name LAN subnet 192.168.0.0/24 domain-name 'internal-network' + set service dhcp-server shared-network-name LAN subnet 192.168.0.0/24 lease '86400' + set service dhcp-server shared-network-name LAN subnet 192.168.0.0/24 start 192.168.0.9 stop '192.168.0.254' + +And a DNS forwarder: + +Please note that the `listen-on` statement is deprecated. Please use +`listen-address` instead! + +.. code-block:: sh + + set service dns forwarding cache-size '0' + set service dns forwarding listen-on 'eth1' + set service dns forwarding name-server '8.8.8.8' + set service dns forwarding name-server '8.8.4.4' + +Add a set of firewall policies for our "Outside" interface: + +.. code-block:: sh + + set firewall name OUTSIDE-IN default-action 'drop' + set firewall name OUTSIDE-IN rule 10 action 'accept' + set firewall name OUTSIDE-IN rule 10 state established 'enable' + set firewall name OUTSIDE-IN rule 10 state related 'enable' + set firewall name OUTSIDE-LOCAL default-action 'drop' + set firewall name OUTSIDE-LOCAL rule 10 action 'accept' + set firewall name OUTSIDE-LOCAL rule 10 state established 'enable' + set firewall name OUTSIDE-LOCAL rule 10 state related 'enable' + set firewall name OUTSIDE-LOCAL rule 20 action 'accept' + set firewall name OUTSIDE-LOCAL rule 20 icmp type-name 'echo-request' + set firewall name OUTSIDE-LOCAL rule 20 protocol 'icmp' + set firewall name OUTSIDE-LOCAL rule 20 state new 'enable' + set firewall name OUTSIDE-LOCAL rule 30 action 'drop' + set firewall name OUTSIDE-LOCAL rule 30 destination port '22' + set firewall name OUTSIDE-LOCAL rule 30 protocol 'tcp' + set firewall name OUTSIDE-LOCAL rule 30 recent count '4' + set firewall name OUTSIDE-LOCAL rule 30 recent time '60' + set firewall name OUTSIDE-LOCAL rule 30 state new 'enable' + set firewall name OUTSIDE-LOCAL rule 31 action 'accept' + set firewall name OUTSIDE-LOCAL rule 31 destination port '22' + set firewall name OUTSIDE-LOCAL rule 31 protocol 'tcp' + set firewall name OUTSIDE-LOCAL rule 31 state new 'enable' + +Apply the firewall policies: + +.. code-block:: sh + + set interfaces ethernet eth0 firewall in name 'OUTSIDE-IN' + set interfaces ethernet eth0 firewall local name 'OUTSIDE-LOCAL' + +Commit changes, save the configuration, and exit configuration mode: + +.. code-block:: sh + + vyos@vyos# commit + vyos@vyos# save + Saving configuration to '/config/config.boot'... + Done + vyos@vyos# exit + vyos@vyos$ |