This is a quick guide setup guide for the Vyatta 6.4 open source router. This article assumes that you will install Vyatta 6.4 in VMware ESXi. For more information on creating a private network in ESXi Server see this article.
Vyatta can be downloaded from http://www.vyatta.org
Version 6.4 has a LiveCD installer so there is a little work to get it going.
I used the VI Client to create a new VM. Select File, then New Virtual Machine.
Choose the following Settings:
- Configuration: Custom
- Name: "MyVyatta" Note: This name is whatever you want it to be.
- Datastore: Choose the datastore you wish Vyatta to install on.
- Virtual Machine Version: 7
- Guest OS: Linux/Other 2.6x Linux
- CPU: "1"
- Memory: "512"
- Network: "2" / vmxnet3
- SCSI Controller: keep the defaults
- Select a Disk: keep the default
- Create a Disk: "4"GB then select thin provisioning
- Click CD/DVD Drive 1
- Select "Connect at power on"
- Select Device Type: "Datastore ISO File"
- Click "Browse..." and choose the LiveCD ISO file that you got from Vyatta.org
- Click CD/DVD Drive 1
- Unselect "Connect at power on"
- Select Device Type: "Client Device"
Start the Vyatta VM and once it powers up, log back in.
Once you are logged into the Vyatta console you need to enter configuration mode, this is done by typing “configure” in the console.
Next use the show interfaces command to see the network configuration of your Vyatta router.
By using the MAC address of your network card you should be able to match your network card to the correct Vyatta ethernet interface.
You must set the IP address range for the Private Network in Vyatta. Because my private network is on eth1 I will use the following command to give it a static IP address.
#set interfaces ethernet eth1 address 192.168.1.1/24
Then commit the IP address by using the commit command
If you have a PC with a statically assigned IP address on the private network, you can test if the IP address took by pinging the IP address of your router inside of a virtual machine on the private network, if not, just continue.
Give the router a hostname and domain name by entering the following commands
#set system host-name <your-router-name>
#set system domain-name <your.domain.name>
Set up the Timzone by typing
#set system time-zone <your-time-zone>
Hit the tab key for timezone options.
Now we setup external interface to gets its address from a DHCP server. Please note, if you need PPPOE for your internet provider you will need to take other steps. My internet provider uses DHCP so I don't have the ability to test any other configuration
#set interfaces ethernet eth0 address dhcp
Now that the hostname, domain name, and IP information is set, its time to configure the private network to have a DHCP server.
The process below enables the DHCP server for the 192.168.1.0/24 network. It will distribute IP addresses at 50 and stop at 100. I also setup the outside DNS server and the default router for the DHCP server to give to clients.
This command names the network PRIVATE and sets the DHCP address range to start at 192.168.1.50 and stop handing out addresses at 100
#set service dhcp-server shared-network-name PRIVATE subnet 192.168.1.0/24 start 192.168.1.50 stop 192.168.1.100
Now setup the DNS and Default gateway. I use OpenDNS for my all of my DNS needs, it's free and allows for content filtering.
#set service dhcp-server shared-network-name PRIVATE subnet 192.168.1.0/24 dns-server 188.8.131.52
#set service dhcp-server shared-network-name PRIVATE subnet 192.168.1.0/24 dns-server 184.108.40.206
#set service dhcp-server shared-network-name PRIVATE subnet 192.168.1.0/24 default-router 192.168.1.1
The last step to setup connectivity for the private network is to setup NAT. NAT will allow you to connect to the internet from any device on the private network.
#Set nat source rule 10
#Set nat source rule 10 source address 192.168.1.0/24
#Set nat source rule 10 outbound-interface eth0
#set nat source rule 10 translation address masquerade
Once you have added NAT, check to see if your private network PC can access the internet. At this point, there should be full access from the private network to anywhere on your network.