论坛 › 开源桌面 › Vyatta Virtual Router on Hyper-V

cheng029 发表于 2012-7-4 15:28:22

Vyatta Virtual Router on Hyper-V

I’m currently building a new demo/test environment on my Windows Server 2008 Hyper-V server. And I wanted to have a Virtual Router running on Hyper-V which should handle the routing between the virtual networks on Hyper-V.
First some background info on my network at home.

So I looked for a software router which could be installed as a guest on my Hyper-V host. I started with BrazilFW, but I had trouble to get the Gateway and DNS running (failed) although a colleague was able to get BrazilFW running on Hyper-V by upgrading the SYSLINUX (bootloader for Linux). Then I tried Freesco and m0n0wall, but both would not start on Hyper-V. So I finally found Vyatta via SourceForge.
Vyatta is a Linux-based, open network operating system that integrates advanced enterprise-class routing, security, bandwidth management and more. Vyatta runs on standard x86 hardware, VMWare & Xen and offers config via Linux-shell, CLI and web GUI.
It runs on VMWare & Xen so why would not it run on Hyper-V? And I was correct it runs great on Hyper-V ;-) These are steps I’ve taken to get it running on Hyper-V.

[*]Downloading ISO image from Vyatta’s website
Vyatta Community Edition 4.0 (VC4)
[*]Create a new Virtual Machine in Hyper-V Manager
Attach the ISO downloaded in step 1 to the new Vyatta Virtual Machine so it can boot from the ISO.
[*]Configure the Vyatta Virtual Machine
Add the Network Adapters for the Internet, and the needed subnets to Vyatta Virtual Machine.
Remark: Use Legacy Network Adapters!


I added a 1 GB harddisk and gave it 128 MB RAM.
[*]Installing Vyatta
You can boot from the ISO you downloaded in step 1.because it’s also a “Live CD”
You’ll first need to login to Vyatta once it’s booted up. The default logins are (user: root pass: Vyatta) To install to the drive you will issue the command:

install-system
During the install you will be asked how much diskspace to allot to the different partitions. I went with the default. Once that’s complete, pop the CD out, and reboot to your installed Vyatta. Now we can start configuring the system.
[*]Configuring Ethernet Interfaces
Log on the system.
Configure the first NIC (eth0) which is going to be used for Internet access.

eht0:
vyatta@vyatta> configure

vyatta@vyatta# set interfaces ethernet eth0 address 192.168.1.254/24

vyatta@vyatta# commit

vyatta@vyatta# exit
exit
vyatta@vyatta>


eth1:

vyatta@vyatta> configure

vyatta@vyatta# set interfaces ethernet eth1 address 192.168.2.254/24

vyatta@vyatta# commit

vyatta@vyatta# exit
exit
vyatta@vyatta>


eth2:

vyatta@vyatta> configure

vyatta@vyatta# set interfaces ethernet eth2 address 192.168.3.254/24

vyatta@vyatta# commit

vyatta@vyatta# exit
exit
vyatta@vyatta>

Check interfaces configuration:

vyatta@vyatta:~$ configure

vyatta@vyatta# show interfaces ethernet
eth0 {
   address 192.168.1.254/24
   description Internet
   hw-id 00:15:5d:00:01:22
}
eth1 {
   address 192.168.2.254/24
   description "subnet1:MOM 2005"
      hw-id 00:15:5d:00:01:23
}
eth2 {
   address 192.168.3.254/24
   description "subnet2:OPSMGR 2007"
}


[*]Save Configuration

vyatta@vyatta# save
Saving configuration to
'/opt/vyatta/etc/config/config.boot'...
Done



[*]Configuring Access to a DNS Server

vyatta@vyatta# set system name-server 192.168.1.1

vyatta@vyatta# commit

vyatta@vyatta#


[*]Specifying the Default Gateway

vyatta@vyatta# set system gateway-address 192.168.1.1

vyatta@vyatta# commit

vyatta@vyatta#


[*]Configuring the Firewall
We want to block the traffic from subnet1 to subnet2 and visa-versa.
Firewall block-subnet1 rules:
vyatta@vyatta# set firewall name block-subnet1

vyatta@vyatta# set firewall name block-subnet1 rule 1

vyatta@vyatta# set firewall name block-subnet1 rule 1 source address 192.168.2.0/24

vyatta@vyatta# set firewall name block-subnet1 rule 1 action drop

vyatta@vyatta# set firewall name block-subnet1 rule 2

vyatta@vyatta# set firewall name block-subnet1 rule 2 action accept
vyatta@vyatta# commit

vyatta@vyatta#

Do the same for subnet2.

vyatta@vyatta# set firewall name block-subnet2

vyatta@vyatta# set firewall name block-subnet2 rule 1

vyatta@vyatta# set firewall name block-subnet2 rule 1 source address 192.168.3.0/24

vyatta@vyatta# set firewall name block-subnet2 rule 1 action drop

vyatta@vyatta# set firewall name block-subnet2 rule 2

vyatta@vyatta# set firewall name block-subnet2 rule 2 action accept
vyatta@vyatta# commit

vyatta@vyatta#


[*]Apply the rule set to an interfaces

vyatta@vyatta# set interfaces ethernet eth1 firewall out name block-subnet2

vyatta@vyatta# set interfaces ethernet eth2 firewall out name block-subnet1

vyatta@vyatta# commit

vyatta@vyatta#


Final configuration:

vyatta@vyatta:~$ show configuration
firewall {
    name block-subnet1 {
      rule 1 {
            action drop
            source {
                address 192.168.2.0/24
            }
      }
      rule 2 {
            action accept
      }
    }
    name block-subnet2 {
      rule 1 {
            action drop
            source {
                address 192.168.3.0/24
            }
      }
      rule 2 {
            action accept
      }
    }
    name block-subnet3 {
      rule 1 {
            action drop
            source {
                address 192.168.2.0/24
            }
      }
      rule 2 {
            action accept
      }
      rule 3 {
            action drop
            source {
                address 192.168.3.0/24
            }
      }
    }
}
interfaces {
    ethernet eth0 {
      address 192.168.1.254/24
      description Internet
      hw-id 00:15:5d:00:01:22
    }
    ethernet eth1 {
      address 192.168.2.254/24
      description "subnet1:MOM 2005"
      firewall {
            out {
                name block-subnet2
            }
      }
      hw-id 00:15:5d:00:01:23
    }
    ethernet eth2 {
      address 192.168.3.254/24
      description "subnet2:OPSMGR 2007"
      firewall {
            out {
                name block-subnet1
            }
      }
      hw-id 00:15:5d:00:01:24
    }
    loopback lo {
    }
}
service {
    nat {
      rule 1 {
            outbound-interface eth0
            source {
                address 192.168.2.0/24
            }
            type masquerade
      }
      rule 2 {
            outbound-interface eth0
            source {
                address 192.168.3.0/24
            }
            type masquerade
      }
    }
    ssh {
    }
}
system {
    gateway-address 192.168.1.1
    login {
      user root {
            authentication {
                encrypted-password ****************
            }
      }
      user vyatta {
            authentication {
                encrypted-password ****************
            }
      }
    }
    name-server 192.168.1.1
    ntp-server 69.59.150.135
    package {
      repository community {
            components main
            distribution stable
            url http://packages.vyatta.com/vyatta
      }
    }
}
vyatta@vyatta:~$

Don’t forget to save your configuration!
Now you are done! Check out the documentation for Vyatta before starting. I used the QuickStart and the Command Reference.

cheng029 发表于 2012-7-7 14:35:01

这个帖子不错，大家快来顶起来！

cheng029 发表于 2012-7-7 14:35:10

{:6_407:}

lizh 发表于 2013-5-15 17:31:10

不在课堂上沉睡，就在酒桌上埋醉。

永不落伍 发表于 2013-5-16 16:58:45

我的id是假冒的，大家不要相信我是骗子。

cnq 发表于 2013-5-17 11:25:08

流氓不可怕，就怕流氓有文化。

CHSHJ 发表于 2013-5-18 00:37:16

不知该说些什么。。。。。。就是谢谢

查看完整版本: Vyatta Virtual Router on Hyper-V