Stefan Stranger's Weblog - Manage your IT Infrastructure

Vyatta Virtual Router on Hyper-V

First some background info on my network at home.

So I looked for a software router which could be installed as a guest on my Hyper-V host. I started with BrazilFW, but I had trouble to get the Gateway and DNS running (failed) although a colleague was able to get BrazilFW running on Hyper-V by upgrading the SYSLINUX (bootloader for Linux). Then I tried Freesco and m0n0wall, but both would not start on Hyper-V. So I finally found Vyatta via SourceForge.

Vyatta is a Linux-based, open network operating system that integrates advanced enterprise-class routing, security, bandwidth management and more. Vyatta runs on standard x86 hardware, VMWare & Xen and offers config via Linux-shell, CLI and web GUI.

It runs on VMWare & Xen so why would not it run on Hyper-V? And I was correct it runs great on Hyper-V ;-) These are steps I’ve taken to get it running on Hyper-V.

1. Downloading ISO image from Vyatta’s website
   Vyatta Community Edition 4.0 (VC4)
   
2. Create a new Virtual Machine in Hyper-V Manager
   Attach the ISO downloaded in step 1 to the new Vyatta Virtual Machine so it can boot from the ISO.
   
3. Configure the Vyatta Virtual Machine
   Add the Network Adapters for the Internet, and the needed subnets to Vyatta Virtual Machine.
   Remark: Use Legacy Network Adapters!
   
   
   I added a 1 GB harddisk and gave it 128 MB RAM.
   
4. Installing Vyatta
   You can boot from the ISO you downloaded in step 1.  because it’s also a “Live CD”
   You’ll first need to login to Vyatta once it’s booted up. The default logins are (user: root pass: Vyatta) To install to the drive you will issue the command:
   

   install-system

   During the install you will be asked how much diskspace to allot to the different partitions. I went with the default. Once that’s complete, pop the CD out, and reboot to your installed Vyatta. Now we can start configuring the system.
   
5. Configuring Ethernet Interfaces
   Log on the system.
   Configure the first NIC (eth0) which is going to be used for Internet access.
   
   eht0:

   vyatta@vyatta> configure [edit] vyatta@vyatta# set interfaces ethernet eth0 address 192.168.1.254/24 [edit] vyatta@vyatta# commit [edit] vyatta@vyatta# exit exit vyatta@vyatta>

   
   eth1:
   

   vyatta@vyatta> configure [edit] vyatta@vyatta# set interfaces ethernet eth1 address 192.168.2.254/24 [edit] vyatta@vyatta# commit [edit] vyatta@vyatta# exit exit vyatta@vyatta>

   
   eth2:
   

   vyatta@vyatta> configure [edit] vyatta@vyatta# set interfaces ethernet eth2 address 192.168.3.254/24 [edit] vyatta@vyatta# commit [edit] vyatta@vyatta# exit exit vyatta@vyatta>

   Check interfaces configuration:
   

   vyatta@vyatta:~$ configure [edit] vyatta@vyatta# show interfaces ethernet eth0 {      address 192.168.1.254/24      description Internet      hw-id 00:15:5d:00:01:22 } eth1 {      address 192.168.2.254/24      description "subnet1:MOM 2005"       hw-id 00:15:5d:00:01:23 } eth2 {      address 192.168.3.254/24      description "subnet2:OPSMGR 2007" }

   
   
6. Save Configuration
   

   vyatta@vyatta# save Saving configuration to '/opt/vyatta/etc/config/config.boot'... Done [edit]

   
   
7. Configuring Access to a DNS Server
   

   vyatta@vyatta# set system name-server 192.168.1.1 [edit] vyatta@vyatta# commit [edit] vyatta@vyatta#

   
   
8. Specifying the Default Gateway
   

   vyatta@vyatta# set system gateway-address 192.168.1.1 [edit] vyatta@vyatta# commit [edit] vyatta@vyatta#

   
   
9. Configuring the Firewall
   We want to block the traffic from subnet1 to subnet2 and visa-versa.
   Firewall block-subnet1 rules:

   vyatta@vyatta# set firewall name block-subnet1 [edit] vyatta@vyatta# set firewall name block-subnet1 rule 1 [edit] vyatta@vyatta# set firewall name block-subnet1 rule 1 source address 192.168.2.0/24 [edit] vyatta@vyatta# set firewall name block-subnet1 rule 1 action drop [edit] vyatta@vyatta# set firewall name block-subnet1 rule 2 [edit] vyatta@vyatta# set firewall name block-subnet1 rule 2 action accept vyatta@vyatta# commit [edit] vyatta@vyatta#

   Do the same for subnet2.
   

   vyatta@vyatta# set firewall name block-subnet2 [edit] vyatta@vyatta# set firewall name block-subnet2 rule 1 [edit] vyatta@vyatta# set firewall name block-subnet2 rule 1 source address 192.168.3.0/24 [edit] vyatta@vyatta# set firewall name block-subnet2 rule 1 action drop [edit] vyatta@vyatta# set firewall name block-subnet2 rule 2 [edit] vyatta@vyatta# set firewall name block-subnet2 rule 2 action accept vyatta@vyatta# commit [edit] vyatta@vyatta#

   
   
10. Apply the rule set to an interfaces
    

vyatta@vyatta# set interfaces ethernet eth1 firewall out name block-subnet2 [edit] vyatta@vyatta# set interfaces ethernet eth2 firewall out name block-subnet1 [edit] vyatta@vyatta# commit [edit] vyatta@vyatta#

Final configuration:

Don’t forget to save your configuration!

Now you are done! Check out the documentation for Vyatta before starting. I used the QuickStart and the Command Reference.