ChamplainTechJournals/net-sec-controls-sec350/vyos.md

VyOS

an open source networking OS based on Debian
https://docs.vyos.io/en/sagitta/

Overview

• VyOS has two modes: operational and configuration mode
• The operational mode is used to view the system status and run commands (command prompt displays $)
• the configuration mode is used to modify the system configuration (command prompt displays #)

Commands

Basics

• enter configuration mode from operational mode: configure
• exit configuration mode: exit
• commit current set of changes commit
• save current changes: save
  • commit, followed by save will save configuration changes

Change Password

set system login user vyos authentication plaintext-password [password]

Set Hostname

set system host-name fw01-charlotte

Interfaces

• set IP: set interfaces ethernet ethX address 172.16.50.X./24
• add description: set interfaces ethernet ethX description SEC350-WAN
• show interfaces

Gateway and DNS Server

• create default route (gateway): set protocols static route 0.0.0.0/0 next-hop 10.0.17.2
• set DNS server: set system name-server 10.0.17.2

NAT

set nat source rule 10 description "NAT FROM DMZ to WAN"
set nat source rule 10 outbound-interface eth0
set nat source rule 10 source address 172.16.50.0/29
set nat source rule 10 translation address masquerade
show nat source translations

DNS Forwarding

set service dns forwarding listen-address 172.16.50.2
set service dns forwarding allow-from 172.16.50.0/29
set service dns forwarding system

Forward authentication events from vyos to a remote syslog server

set system syslog host 172.16.50.5 facility authpriv level info

Export configuration

show configuration commands | grep -v "syslog global\|ntp\|login\|console\|config\|hw-id\|loopback\|conntrack"