Now that the Vyatta router is in place, we need to configure it to become as firewall and to handle traffic properly.
Once you have logged in to the router, it is a matter of using a series of command. These command are set off by the initial command – configure.
When the series of commands are completed, a commit command must be executed to commit the changes and exit will drop back to the command line.
To set up the NICs on the router, use the following commands. I am assuming that my LAN has an IP range of 192.168.200.0/24 and the Virtual Private LAN is set to 192.168.100.0/24.
set interfaces ethernet eth0 address 192.168.200.2/24 <<External IP
set interfaces ethernet eth1 address 192.168.100.15/24 <<Internal IP
set interfaces ethernet eth1 address 192.168.100.15/24 <<Internal IP
You should also set up a DNS entry and gateway so that the router can forward all requests out via your LAN gateway.
set system name-server 12.34.56.100
set system gateway-address 192.168.200.1
To configure the NAT functionality,
set service nat rule 1 source address 192.168.100.0/24 <<the internal LAN
set service nat rule 1 outbound-interface eth0 <<going out via the external NIC
set service nat rule 1 type masquerade
To configure the firewall to block all incoming traffic. Note: Since this is a test LAN and you have an external router, there isn’t a need to set this up, as it adds complexity to the set up of port forwarding in the next section.
set firewall name ALLOW_ESTABLISHED
set firewall name ALLOW_ESTABLISHED rule 10
set firewall name ALLOW_ESTABLISHED rule 10 action accept
set firewall name ALLOW_ESTABLISHED rule 10 state established enable
set interfaces ethernet eth0 firewall in name ALLOW_ESTABLISHED
set interfaces ethernet eth0 firewall local name ALLOW_ESTABLISHED
Next step – Setting up port forwarding for SBS 2003 and 2008.
