I’ve setup VyOS on my Hyper-V home lab, but I’m having problems in configuring it for routing from the external interface.
I have the following equipment/networks:
Router - 192.168.1.1
Hyper-V - DHCP on 192.168.1.0 network
Management PC - DHCP on 192.168.1.0 network
On Hyper-V I have two networks, one external and one internal and the VyOS VM uses the External on eth0 and Internal on eth1.
Right now, from any VM running on the internal network, I can ping any external IP and have internet access, so that part of the NAT is working correctly.
What I want now is from my management PC to be able to RDP to the VM’s running on the internal network. I’ve added a static route from the management PC to the External IP of VyOS, but it fails.
What configuration do I need to make on the VyOS router?
For your understanding, below are my configuration steps:
This will list 3 interfaces. Then we configure them as follows:
[code]configure
set interfaces ethernet eth0 address dhcp
set interfaces ethernet eth0 description “External”
set interfaces ethernet eth1 address 192.168.10.1/24
set interfaces ethernet eth1 description “Internal”
set system host-name Router
set system domain-name internal.lab
set service dns forwarding dhcp eth0
set service dns forwarding listen-on eth1
set service webproxy listen-address 192.168.10.1
set service webproxy listen-address 192.168.10.1 disable-transparent
set nat source rule 10 source address 192.168.10.0/24
set nat source rule 10 outbound-interface eth0
set nat source rule 10 translation address masquerade[/code]
What should I add, so that from my management PC I can RDP to my VM’s on the 192.168.10.0 network?
I have all the physical hardware in the same network, the 192.168.1.0/24 and the physical hardware is:
Router (from the ISP for Internet access)
Hyper-V server
Management PC
On the Hyper-V server, I have an External and Internal switch, created from Hyper-V. The external is on the 192.168.1.0/24 network (DHCP) and the internal is in the 192.168.10.0/24 network with the IP 192.168.10.2.
The VyOS has 2 NIC’s as on the first post. One external on 192.168.1.0 and other internal on the 192.168.10.0 network.
All the other VM’s running on the Hyper-V server are on the 192.168.10.0 network.
This is how I forward RDP from my outside to my window server
set nat destination rule 1100 description ‘rdp access’
set nat destination rule 1100 destination port ‘3389’
set nat destination rule 1100 inbound-interface ‘eth1’
set nat destination rule 1100 protocol ‘tcp’
set nat destination rule 1100 source address a.b.c.d ← allow rdp access only from trusted source address(es)
set nat destination rule 1100 translation address 192.168.1.128 ← windows server that has rdp running
set nat destination rule 1100 translation port 3389
OK, so I tested this, adjusted to my needs, tested several changes, but didn’t manage to get it working.
set nat destination rule 1100 description 'rdp access'
set nat destination rule 1100 destination port '3389'
set nat destination rule 1100 inbound-interface 'eth1' <- Changed to eth0 which is my External interface, but also tested with eth1, just to make sure
set nat destination rule 1100 protocol 'tcp'
set nat destination rule 1100 source address 'a.b.c.d' <- Changed to my management PC IP (192.168.1.105). Also tested with 192.168.1.0/24
set nat destination rule 1100 translation address `192.168.1.128` <- Tested to 192.168.10.11 as is one of my running VM's. Also tested with the full network range
set nat destination rule 1100 translation port `3389`
On my management PC, I’ve added a static route from 192.168.10.0/24 to the External IP from the VyOS (192.168.1.128 in my case).
What is wrong here? What is preventing the external machines on the 192.168.1.0/24 network to RDP to any machine on the 192.168.10.0/24 network?