Vyatta - My Basic Setup Guide
So if you haven’t already been introduced to Vyatta… Vyatta meet reader, reader meet Vyatta.
Vyatta is a fairly new Opensource, Debian based router that’s taking geeks by storm. And I can tell you from personal experience with Vyatta that it’s a powerful system.
So as I mentioned in a previous article, I would put together a quick start guide on getting Vyatta working “out of the box.” Here it is…
***Please note, at the time of this writing, the latest version was Vyatta Community Edition 2.0 - these commands might not work on the newest release.
STEP 1: Installing and Updating Vyatta
Let’s assume you have already downloaded the ISO Image from Vyatta’s website and burned it to CD and you have the hardware there that you want to run Vyatta on. For my example, I’m running an AMD Sempron 2600, 1GB Ram, 80GB HD, 2 Ethernet Cards (min. suggestion for a good router.) Okay, pop the CD in the drive and boot up to the CD. It should start loading the OS and Vyatta.
Vyatta is setup so you don’t have to have a hard drive to run it. It can run directly from the CD, as it’s setup in a “live cd” format. Problem with this is, if you reboot, you lose your configuration settings. So we’ll want to install it to the drive, in my case 80GB is major overkill. To do this, you’ll first need to login to Vyatta once it’s booted up. The default logins are (user: root pass: vyatta) To install to the drive you will issue the command:
install-systemDuring the install you will be asked how much diskspace to allot to the different partitions. I went with the default. Once that’s complete, pop the CD out, and reboot to your installed Vyatta. Now we can start configuring the system. Let’s start by setting up the Debian repos and making sure we’re running the latest version of Vyatta. So you need to get into the Vyatta configure Cli. You can go this by logging in as root and then running the commands:
su vyatta
configure
set system package repository community component "experimental testing main"
set system package repository community url http://archive.vyatta.com/vyatta
set system package repository etch component main
set system package repository main url http://mirrors.kernel.org/debian
commit
exit
exitNow you can update to the latest version of Vyatta and update any packages with Debian:
apt-get update
apt-get -y install vc-base
full-upgradeSTEP 2: Configuring Ethernet Interfaces
I have some static IPs from my internet provider, so I’m going to assign one of them to one of the ethernet cards, and the other ethernet card will be used for my LAN. Below is sample code from my setup:
su vyatta configureset interfaces ethernet eth0 address 141.99.208.118 prefix-length 29 set interfaces ethernet eth0 description "Internet" set interfaces ethernet eth1 address 192.168.15.1 prefix-length 24 set interfaces ethernet eth1 description "OfficeLan" commit
So I created my first interface with my ISP’s IP: 141.99.208.118 /29 which is netmask: 255.255.255.248 (If you need to know how to get your prefix-length - good luck. It’s hard to explain without having some networking knowledge.) I also, added a description for this interface as “Internet” as I tend to get forgetful. This ethernet card will be plugged into my internet connection.
The second interface I created with the LAN IP: 192.168.15.1 /24 which is netmask: 255.255.255.0, and gave it a description as “Lan.” This ethernet will be plugged into a Switch or Hub which my workstations and IP phones are plugged into.
By the way, you may have noticed the “commit” command. This basically commits my settings to the system. If there’s something missing, or conflicting, it will let me know during the commit.
STEP 3: Setting Up Route and NAT
So the workstations and phones that will be connected to the same switch as my LAN ethernet, will have 192.168.15.x IPs, I want them to have an internet connection and the rest of the world to see their IP as: 141.99.208.118. I need to setup my route and NAT. Below I’m doing that.
set protocols static route 0.0.0.0/0 next-hop 141.99.208.117
set service nat rule 1
set service nat rule 1 type source
set service nat rule 1 translation-type masquerade
set service nat rule 1 outbound-interface eth0
set service nat rule 1 protocols all
set service nat rule 1 source network 192.168.15.0/24
set service nat rule 1 destination network 0.0.0.0/0
commitSo in the above, I setup the route with the next-hop being my default gateway from my ISP: 141.99.208.117. This will give my LAN the internet connection. The rest translates my LAN IPs into the ISP IP.
STEP 4: Setting up DHCP Server
While having static LAN IPs set on all my workstations and Phones is best, I do have users that come and go on their laptop. So I want the router to automatically assign IPs. I can set that up below:
set service dhcp-server name OfficeLan start 192.168.15.2 stop 192.168.15.27
set service dhcp-server name OfficeLan network-mask 24
set service dhcp-server name OfficeLan dns-server 4.2.2.2
set service dhcp-server name OfficeLan dns-server 4.2.2.1
set service dhcp-server name OfficeLan default-router 192.168.15.1
set service dhcp-server name OfficeLan interface eth1
set service dhcp-server name OfficeLan domain-name officelan.hostname.com
commitIn the example above, I want no more than 25 dynamic IPs on my network, so the DHCP server is only going to assign IPs in the range: 192.168.15.2 through 192.168.15.27. I setup the default nameservers to be Level3’s: 4.2.2.2 and 4.2.2.1 with the gateway: 192.168.15.1 on my second ethernet. And then I gave it a hostname.
STEP5: Enabling Vyatta GUI
For setting up the Vyatta GUI, you can issue the following command from the Vyatta Cli:
set service http
commit(**Note: This is one such command that changes in the newer version.**)
That’s all you need for a basic setup. There’s additional configurations that can be done, including firewalls, etc. Hopefully I will publish something on those shortly.
You can download the commands mentioned in this article here for quick copy and pasting.
Excellent article!
Short but very informative.
Could you just add to the article how the web interface in Vyatta can be enabled?
I’m planning on installing Vyatta on an old computer.
I’m currently running an Ericsson ABS2200 router based on the ISOS software platform.
“set service http” command isn’t working on version vc4.0.1
Hi Ali,
That’s correct. This article was written for the first community release. Alot of changes have been made since then.
However, the latest command to turn on the web interface is: “set service webgui” and to disable: “delete service webgui”
For added security, I would always suggest disabling the webgui whenever you aren’t using it. If it’s a must to have it on all the time, you can lock it down to listen to a different port with: “set service webgui https-port” OR “set service webgui http-port
” — Set the port number high (eg: 8085)
This is an excellent software base router! I’m impressed with not only it’s functionality, but, also with it’s support.
Best
_Don
Hi
“set service wengui” command isn’t working on version vc4.when i use this commend,it says “invailble commend” .I have try “set service http”,it can’t work too. Thank you for help
iam using version 4.1.4, i could not enable webgui,
set service webgui
The specified configuration node is not valid
Set failed
could you please help me …..
Hi, the above commands are for VC3. I will see about releasing a new article shortly with commands for VC4. So check back soon!
The web gui was not included in VC4. The web gui has been re-included in VC5.
That’s correct. Vc4 doesn’t have the WebGUI. VC5 does, along with alot other great features. I’ll do a writeup on on VC5 soon. The commands have changed slightly for VC5.
Hi,
I have 1 query, how can we enable more than 1 DHCP ranges.
In my office we are having different departments and for each department i would like to have separate DHCP ranges .
also IS it possible to give mac binding (static DHCP) in all these ranges.
Thanks for the help…
Prajakt,
Which version of Vyatta are you running?
Having more than 1 DHCP Range is possible. However, I think it will require an Ethernet Interface for each of the DHCP ranges. Which in that case, you could have the first range of IPs: 192.168.15.2-254 and the second range: 10.10.10.2-254 (if that makes sense.)
Making them Mac Binding, I’m not sure about….
Hi,
Thanks for the prompt reply
We are using version VC5.0.1 .
IN my case i want for sales dept 192.168.0.2-50
developers 192.168.1.2-50
workshop 192.168.2.2-50
They all are running in the same interface 192.168.0.0
Is it possible ???
Thanks for the help ..
Prajakt,
The only practical way to do this is with VLAN tagging, which if you are using different subnets for these different departments you will want to use VLANs anyway. You can create an interface for each tagged VLAN that the router sits on, and assign your different DHCP to each interface from there.
Check http://www.mail-archive.com/vyatta-users@mailman.vyatta.com/msg01170.html for some hints on how to configure multiple DHCP pools with Vyatta.
nice blog and article, i love it…
i assign dhcp to vyatta like yours, but i just wanna 15 user got acces to internet (they payed to it), and the rest still just only LAN connection, would you mind to help me solve this with vyatta, i am hereby need your help
ISP —- Modem —- Vyatta —- switch —- {100 user} but i just wanna {15 user} could acces internet
No one reply ?? but it’s ok i’ve solved the problem with firewall rule, assign them one by one. is there any one here know how to separate vyatta traffic LOCAL and International. i already have local router list