Vyatta Virtual Router on Hyper-V

Vyatta Virtual Router on Hyper-V

  • Comments 5
  • Likes
I’m currently building a new demo/test environment on my Windows Server 2008 Hyper-V server. And I wanted to have a Virtual Router running on Hyper-V which should handle the routing between the virtual networks on Hyper-V.

First some background info on my network at home.

image

So I looked for a software router which could be installed as a guest on my Hyper-V host. I started with BrazilFW, but I had trouble to get the Gateway and DNS running (failed) although a colleague was able to get BrazilFW running on Hyper-V by upgrading the SYSLINUX (bootloader for Linux). Then I tried Freesco and m0n0wall, but both would not start on Hyper-V. So I finally found Vyatta via SourceForge.

Vyatta is a Linux-based, open network operating system that integrates advanced enterprise-class routing, security, bandwidth management and more. Vyatta runs on standard x86 hardware, VMWare & Xen and offers config via Linux-shell, CLI and web GUI.

It runs on VMWare & Xen so why would not it run on Hyper-V? And I was correct it runs great on Hyper-V ;-) These are steps I’ve taken to get it running on Hyper-V.

  1. Downloading ISO image from Vyatta’s website
    Vyatta Community Edition 4.0 (VC4)
  2. Create a new Virtual Machine in Hyper-V Manager
    Attach the ISO downloaded in step 1 to the new Vyatta Virtual Machine so it can boot from the ISO.
  3. Configure the Vyatta Virtual Machine
    Add the Network Adapters for the Internet, and the needed subnets to Vyatta Virtual Machine.
    Remark: Use Legacy Network Adapters!
    image

    I added a 1 GB harddisk and gave it 128 MB RAM.
  4. Installing Vyatta
    You can boot from the ISO you downloaded in step 1.  because it’s also a “Live CD”
    You’ll first need to login to Vyatta once it’s booted up. The default logins are (user: root pass: Vyatta) To install to the drive you will issue the command:
    install-system
    During the install you will be asked how much diskspace to allot to the different partitions. I went with the default. Once that’s complete, pop the CD out, and reboot to your installed Vyatta. Now we can start configuring the system.
  5. Configuring Ethernet Interfaces
    Log on the system.
    Configure the first NIC (eth0) which is going to be used for Internet access.

    eht0:

    vyatta@vyatta> configure
    [edit]
    vyatta@vyatta# set interfaces ethernet eth0 address 192.168.1.254/24
    [edit]
    vyatta@vyatta# commit
    [edit]
    vyatta@vyatta# exit
    exit
    vyatta@vyatta>


    eth1:

    vyatta@vyatta> configure
    [edit]
    vyatta@vyatta# set interfaces ethernet eth1 address 192.168.2.254/24
    [edit]
    vyatta@vyatta# commit
    [edit]
    vyatta@vyatta# exit
    exit
    vyatta@vyatta>


    eth2:

    vyatta@vyatta> configure
    [edit]
    vyatta@vyatta# set interfaces ethernet eth2 address 192.168.3.254/24
    [edit]
    vyatta@vyatta# commit
    [edit]
    vyatta@vyatta# exit
    exit
    vyatta@vyatta>

    Check interfaces configuration:

    vyatta@vyatta:~$ configure
    [edit]
    vyatta@vyatta# show interfaces ethernet
    eth0 {
         address 192.168.1.254/24
         description Internet
         hw-id 00:15:5d:00:01:22
    }
    eth1 {
         address 192.168.2.254/24
         description "subnet1:MOM 2005"
          hw-id 00:15:5d:00:01:23
    }
    eth2 {
         address 192.168.3.254/24
         description "subnet2:OPSMGR 2007"
    }


  6. Save Configuration

    vyatta@vyatta# save
    Saving configuration to
    '/opt/vyatta/etc/config/config.boot'...
    Done
    [edit]


  7. Configuring Access to a DNS Server

    vyatta@vyatta# set system name-server 192.168.1.1
    [edit]
    vyatta@vyatta# commit
    [edit]
    vyatta@vyatta#


  8. Specifying the Default Gateway

    vyatta@vyatta# set system gateway-address 192.168.1.1
    [edit]
    vyatta@vyatta# commit
    [edit]
    vyatta@vyatta#


  9. Configuring the Firewall
    We want to block the traffic from subnet1 to subnet2 and visa-versa.
    Firewall block-subnet1 rules:

    vyatta@vyatta# set firewall name block-subnet1
    [edit]
    vyatta@vyatta# set firewall name block-subnet1 rule 1
    [edit]
    vyatta@vyatta# set firewall name block-subnet1 rule 1 source address 192.168.2.0/24
    [edit]
    vyatta@vyatta# set firewall name block-subnet1 rule 1 action drop
    [edit]
    vyatta@vyatta# set firewall name block-subnet1 rule 2
    [edit]
    vyatta@vyatta# set firewall name block-subnet1 rule 2 action accept
    vyatta@vyatta# commit
    [edit]
    vyatta@vyatta#

    Do the same for subnet2.

    vyatta@vyatta# set firewall name block-subnet2
    [edit]
    vyatta@vyatta# set firewall name block-subnet2 rule 1
    [edit]
    vyatta@vyatta# set firewall name block-subnet2 rule 1 source address 192.168.3.0/24
    [edit]
    vyatta@vyatta# set firewall name block-subnet2 rule 1 action drop
    [edit]
    vyatta@vyatta# set firewall name block-subnet2 rule 2
    [edit]
    vyatta@vyatta# set firewall name block-subnet2 rule 2 action accept
    vyatta@vyatta# commit
    [edit]
    vyatta@vyatta#


  10. Apply the rule set to an interfaces
  11. vyatta@vyatta# set interfaces ethernet eth1 firewall out name block-subnet2
    [edit]
    vyatta@vyatta# set interfaces ethernet eth2 firewall out name block-subnet1
    [edit]
    vyatta@vyatta# commit
    [edit]
    vyatta@vyatta#

Final configuration:

vyatta@vyatta:~$ show configuration
firewall {
    name block-subnet1 {
        rule 1 {
            action drop
            source {
                address 192.168.2.0/24
            }
        }
        rule 2 {
            action accept
        }
    }
    name block-subnet2 {
        rule 1 {
            action drop
            source {
                address 192.168.3.0/24
            }
        }
        rule 2 {
            action accept
        }
    }
    name block-subnet3 {
        rule 1 {
            action drop
            source {
                address 192.168.2.0/24
            }
        }
        rule 2 {
            action accept
        }
        rule 3 {
            action drop
            source {
                address 192.168.3.0/24
            }
        }
    }
}
interfaces {
    ethernet eth0 {
        address 192.168.1.254/24
        description Internet
        hw-id 00:15:5d:00:01:22
    }
    ethernet eth1 {
        address 192.168.2.254/24
        description "subnet1:MOM 2005"
        firewall {
            out {
                name block-subnet2
            }
        }
        hw-id 00:15:5d:00:01:23
    }
    ethernet eth2 {
        address 192.168.3.254/24
        description "subnet2:OPSMGR 2007"
        firewall {
            out {
                name block-subnet1
            }
        }
        hw-id 00:15:5d:00:01:24
    }
    loopback lo {
    }
}
service {
    nat {
        rule 1 {
            outbound-interface eth0
            source {
                address 192.168.2.0/24
            }
            type masquerade
        }
        rule 2 {
            outbound-interface eth0
            source {
                address 192.168.3.0/24
            }
            type masquerade
        }
    }
    ssh {
    }
}
system {
    gateway-address 192.168.1.1
    login {
        user root {
            authentication {
                encrypted-password ****************
            }
        }
        user vyatta {
            authentication {
                encrypted-password ****************
            }
        }
    }
    name-server 192.168.1.1
    ntp-server 69.59.150.135
    package {
        repository community {
            components main
            distribution stable
            url http://packages.vyatta.com/vyatta
        }
    }
}
vyatta@vyatta:~$

Don’t forget to save your configuration!

Now you are done! Check out the documentation for Vyatta before starting. I used the QuickStart and the Command Reference.

Your comment has been posted.   Close
Thank you, your comment requires moderation so it may take a while to appear.   Close
Leave a Comment
  • I’m currently tweaking my demo environment and in this environment I’m using a Virtual Router

  • HI Stefan,

    I am working on a test environment, need your help and experience to come out of a problem,

    I have 5 sites and Hyper V only allow 4 legacy network adaptor, so i have to add a Network Adaptor. and problem starts here. When I ran Integration services for Linux in my vyatta machine it fails with the following error,

    ================================================

    Checking if required components are installed...rpm: can't open kernel-source':No such file or directory

    rpm: can't open gcc: No such file or directory.

    ================================================

    Please provide your wise suggestions.

    Thanks,

    Junaid

  • To use make wifi signals without having wifi router .. with the Help of <b>VIRTUAL ROUTER</b> its very easy just download the software from this blog and use it for free ...

    www.windowsactivator.blogspot.com

  • We are trying to do exactly what is described here except with three private VLANs and allowed to talk to each other.  So far nothing seems to be working even VMs in same virtual VLAN won't be able to ping each other. On Vyatta virtual router its interfaces can ping each other but not any VM.  Another issue with Vyatta is that the configuration won't get saved even though the save config.boot command successful everytime.