diff options
Diffstat (limited to 'docs/quick-start.rst')
-rw-r--r-- | docs/quick-start.rst | 32 |
1 files changed, 16 insertions, 16 deletions
diff --git a/docs/quick-start.rst b/docs/quick-start.rst index 9021dea9..04746017 100644 --- a/docs/quick-start.rst +++ b/docs/quick-start.rst @@ -9,14 +9,14 @@ for a device with two interfaces. Enter configuration mode: -.. code-block:: sh +.. code-block:: console vyos@vyos$ configure vyos@vyos# Configure network interfaces: -.. code-block:: sh +.. code-block:: console set interfaces ethernet eth0 address dhcp set interfaces ethernet eth0 description 'OUTSIDE' @@ -25,14 +25,14 @@ Configure network interfaces: Enable SSH for remote management: -.. code-block:: sh +.. code-block:: console set service ssh port '22' Configure DHCP Server and DNS ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ -.. code-block:: sh +.. code-block:: console set service dhcp-server shared-network-name LAN subnet 192.168.0.0/24 default-router '192.168.0.1' set service dhcp-server shared-network-name LAN subnet 192.168.0.0/24 dns-server '192.168.0.1' @@ -43,7 +43,7 @@ Configure DHCP Server and DNS And a DNS forwarder: -.. code-block:: sh +.. code-block:: console set service dns forwarding cache-size '0' set service dns forwarding listen-address '192.168.0.1' @@ -55,7 +55,7 @@ NAT and Firewall Configure Source NAT for our "Inside" network. -.. code-block:: sh +.. code-block:: console set nat source rule 100 outbound-interface 'eth0' set nat source rule 100 source address '192.168.0.0/24' @@ -65,7 +65,7 @@ Add a set of firewall policies for our "Outside" interface. This configuration creates a proper stateful firewall that blocks all traffic: -.. code-block:: sh +.. code-block:: console set firewall name OUTSIDE-IN default-action 'drop' set firewall name OUTSIDE-IN rule 10 action 'accept' @@ -86,7 +86,7 @@ could create some additional rules to allow the traffic. These rules allow SSH traffic and rate limit it to 4 requests per minute. This blocks brute-forcing attempts: -.. code-block:: sh +.. code-block:: console set firewall name OUTSIDE-LOCAL rule 30 action 'drop' set firewall name OUTSIDE-LOCAL rule 30 destination port '22' @@ -101,14 +101,14 @@ blocks brute-forcing attempts: Apply the firewall policies: -.. code-block:: sh +.. code-block:: console set interfaces ethernet eth0 firewall in name 'OUTSIDE-IN' set interfaces ethernet eth0 firewall local name 'OUTSIDE-LOCAL' Commit changes, save the configuration, and exit configuration mode: -.. code-block:: sh +.. code-block:: console vyos@vyos# commit vyos@vyos# save @@ -127,7 +127,7 @@ One common use of traffic policy is to limit bandwidth for an interface. In the example below we limit bandwidth for our LAN connection to 200 Mbit download and out WAN connection to 50 Mbit upload: -.. code-block:: sh +.. code-block:: console set traffic-policy shaper WAN-OUT bandwidth '50Mbit' set traffic-policy shaper WAN-OUT default bandwidth '50%' @@ -140,7 +140,7 @@ download and out WAN connection to 50 Mbit upload: Resulting in the following configuration: -.. code-block:: sh +.. code-block:: console traffic-policy { shaper WAN-OUT { @@ -164,7 +164,7 @@ Resulting in the following configuration: Once defined, a traffic policy can be applied to each interface using the interface-level traffic-policy directive: -.. code-block:: sh +.. code-block:: console set interfaces ethernet eth0 traffic-policy out 'WAN-OUT' set interfaces ethernet eth1 traffic-policy out 'LAN-OUT' @@ -184,7 +184,7 @@ additional configuration steps that should be taken. Create a user to replace the default `vyos` user: -.. code-block:: sh +.. code-block:: console set system login user myvyosuser level admin set system login user myvyosuser authentication plaintext-password mysecurepassword @@ -192,7 +192,7 @@ Create a user to replace the default `vyos` user: Set up SSH key based authentication. For example, on Linux you'd want to run ``ssh-keygen -t rsa``. Then the contents of ``id_rsa.pub`` would be used below: -.. code-block:: sh +.. code-block:: console set system login user myvyosuser authentication public-keys myusername@mydesktop type ssh-rsa set system login user myvyosuser authentication public-keys myusername@mydesktop key contents_of_id_rsa.pub @@ -204,7 +204,7 @@ confirmed that your new user can access your server, without a password, delete the original ``vyos`` user and probably disable password authentication for SSH: -.. code-block:: sh +.. code-block:: console delete system login user vyos set service ssh disable-password-authentication |