Vyatta – Router running on VMware Workstation – Part 2 DNS, Firewall and NAT

July 17, 2013

Page content

Brace Yourself - Firewal and NAT is coming

In previous post https://www.wojcieh.net/vyatta-router-running-on-vmware-workstation-part-1/ we configured basic network connectivity between two networks. Today we will enable NAT, Firewall and DNS.

NAT

Configuring NAT on Vyatta is quite simple. To do it type following commands:

set nat source rule 10 outbound-interface eth0
set nat source rule 10 source address 10.0.0.0/24
set nat source rule 10 translation address masquerade
set nat source rule 10 description “LAN to WAN”

Firewall

In my case I decided to use simple firewall rules based on zones. At the beginning it might be difficult to understand but if you will spend a while it should be crystal clear.

First part is to create firewall rules - I used WAN-TO-LAN and LAN-TO-WAN rules.

WAN-TO-LAN

set firewall name WAN-TO-LAN
- set firewall name WAN-TO-LAN default-action drop
- set firewall name WAN-TO-LAN rule 10 action accept
- set firewall name WAN-TO-LAN rule 10 protocol all
- set firewall name WAN-TO-LAN rule 10 state established enable
- set firewall name WAN-TO-LAN rule 10 state related enable

Here you see how rule WAN-TO-LAN should look like in configuration.

name WAN-TO-LAN {
  default-action drop
    rule 10 {
            action accept  
            protocol all
            }
}

LAN-TO-WAN

set firewall name LAN-TO-WAN
set firewall name LAN-TO-WAN default-action drop
set firewall name LAN-TO-WAN rule 10 action accept

Here you see how rule LAN-TO-WAN should look like in configuration.

name LAN-TO-WAN
{
  default-action drop
    rule 10 {
            action accept
          }
}

Zone policies

Now we will create zones - in my case WAN and LAN and we will assign them to apriopriate ethernet interfaces.

set zone-policy zone WAN
set zone-policy zone WAN description “WAN”
set zone-policy zone WAN default-action drop
set zone-policy zone WAN interface eth0
set zone-policy zone LAN
set zone-policy zone LAN description “LAN”
set zone-policy zone LAN default-action drop
set zone-policy zone LAN interface eth1

Assign firewall to zones

This one is tricky - read carefully syntax of commands.

WAN firewall - set zone-policy zone WAN from LAN firewall name LAN-TO-WAN

LAN firewall - set zone-policy zone LAN from WAN firewall name WAN-TO-LAN

Here you see how zone WAN should look like.

default-action drop
description WAN
  from LAN {
firewall {
  name LAN-TO-WAN
  }
}

interface eth0

Here you see how zone LAN should look like.

default-action drop
description LAN
from WAN {
firewall {
name WAN-TO-LAN
}
} 
interface eth1

DNS configuration

DNS configuration is quite simple. In order to make it work enter following commands:

set service dns forwarding name-server **IP **(In my case it is 192.168.255.254)
set service dns forwarding listen-on eth1

In order to really test it from Domain Controller I set forwarded to Vyatta LAN IP - 10.0.0.1 and I deleted all root hints.

EOT

Wow - this was really long post. I hope you will find it really usefull and all will work in you environment as well.

With over 16 years in the IT industry, I am a seasoned and innovative IT professional with a track record of success. Drawing from my extensive work experience in large and complex corporate environments, I bring knowledge to help customers and businesses achieve their goals with precision, professionalism, and cost-effectiveness. leading vendor certifications have recognized my expertise from AWS, Alibaba Cloud, Google Cloud, VMware, and Microsoft. I am dedicated to contributing to the IT community, as evidenced by my VMware vExpert awards from 2014-2023, including vExpert Pro 2018-2023, vExpert Cloud Provider 2022, and VMware vExpert NSX 2017 Award.