Allow external access


#1

Hi.

I’ve setup VyOS on my Hyper-V home lab, but I’m having problems in configuring it for routing from the external interface.

I have the following equipment/networks:

  • Router - 192.168.1.1
  • Hyper-V - DHCP on 192.168.1.0 network
  • Management PC - DHCP on 192.168.1.0 network

On Hyper-V I have two networks, one external and one internal and the VyOS VM uses the External on eth0 and Internal on eth1.

Right now, from any VM running on the internal network, I can ping any external IP and have internet access, so that part of the NAT is working correctly.

What I want now is from my management PC to be able to RDP to the VM’s running on the internal network. I’ve added a static route from the management PC to the External IP of VyOS, but it fails.

What configuration do I need to make on the VyOS router?

For your understanding, below are my configuration steps:

This will list 3 interfaces. Then we configure them as follows:

[code]configure
set interfaces ethernet eth0 address dhcp
set interfaces ethernet eth0 description “External”
set interfaces ethernet eth1 address 192.168.10.1/24
set interfaces ethernet eth1 description “Internal”
set system host-name Router
set system domain-name internal.lab

set service dns forwarding dhcp eth0
set service dns forwarding listen-on eth1

set service webproxy listen-address 192.168.10.1
set service webproxy listen-address 192.168.10.1 disable-transparent

set nat source rule 10 source address 192.168.10.0/24
set nat source rule 10 outbound-interface eth0
set nat source rule 10 translation address masquerade[/code]

What should I add, so that from my management PC I can RDP to my VM’s on the 192.168.10.0 network?

Thanks,
Mike


#2

Hi.

Adding to this, I’ve added a new NAT rule for destination traffic, but is not working. I set it up as follows:

set nat rule destination 10 inbound-interface eth0 set nat destination rule 10 destination address 192.168.10.0/24 set nat destination rule 10 protocol tcp set nat destination rule 10 translation address 192.168.10.0/24

What am I doing wrong here that doesn’t allow traffic from any external address (or at least from my 192.168.1.0 network) to my 192.168.10.0?

Thanks,
Mike


#3

There is a twice the same network in your list.
But in the config on vyos there is one with 192.168.10.0/24

Could you please give updated info so we can think along ?


#4

The 192.168.10.0/24 network is the internal network where the VM’s are running.


#5

You are not giving enough information.
You made an error in your original posting

Hyper-V - DHCP on 192.168.1.0 network
Management PC - DHCP on 192.168.1.0 network

Both have the same network. 192.168.1.0/24
Could you please update that ?


#6

I have all the physical hardware in the same network, the 192.168.1.0/24 and the physical hardware is:

Router (from the ISP for Internet access)
Hyper-V server
Management PC

On the Hyper-V server, I have an External and Internal switch, created from Hyper-V. The external is on the 192.168.1.0/24 network (DHCP) and the internal is in the 192.168.10.0/24 network with the IP 192.168.10.2.

The VyOS has 2 NIC’s as on the first post. One external on 192.168.1.0 and other internal on the 192.168.10.0 network.

All the other VM’s running on the Hyper-V server are on the 192.168.10.0 network.

Hope that clears all the doubts.

Thanks,
Mike


#7

No doubts

This is how I forward RDP from my outside to my window server

set nat destination rule 1100 description ‘rdp access’
set nat destination rule 1100 destination port ‘3389’
set nat destination rule 1100 inbound-interface ‘eth1’
set nat destination rule 1100 protocol ‘tcp’
set nat destination rule 1100 source address a.b.c.d <- allow rdp access only from trusted source address(es)
set nat destination rule 1100 translation address 192.168.1.128 <- windows server that has rdp running
set nat destination rule 1100 translation port 3389

Please make changes according to your setup


#8

I will try this later on.

Thanks,
Mike


#9

OK, so I tested this, adjusted to my needs, tested several changes, but didn’t manage to get it working.

set nat destination rule 1100 description 'rdp access'
set nat destination rule 1100 destination port '3389'
set nat destination rule 1100 inbound-interface 'eth1' <- Changed to eth0 which is my External interface, but also tested with eth1, just to make sure
set nat destination rule 1100 protocol 'tcp'
set nat destination rule 1100 source address 'a.b.c.d' <- Changed to my management PC IP (192.168.1.105). Also tested with 192.168.1.0/24
set nat destination rule 1100 translation address `192.168.1.128` <- Tested to 192.168.10.11 as is one of my running VM's. Also tested with the full network range
set nat destination rule 1100 translation port `3389`

On my management PC, I’ve added a static route from 192.168.10.0/24 to the External IP from the VyOS (192.168.1.128 in my case).

What is wrong here? What is preventing the external machines on the 192.168.1.0/24 network to RDP to any machine on the 192.168.10.0/24 network?

Thanks,
Mike


#10

Hi,

Trying to config a HomeLAb forCitrix (XenDesktop with SCVMM) I’m facing the same problem.

Ok to ping from internal to external. Internet is working perfectly Inside my Win10 Hyper-V LAB (192.168.2.0/24)…

But impossible to ping from External (where ISP Router has 192.168.1.1)!

I want to Join a physical Server2012R2-HyperV (192.168.1.x) to my DC in LAB Network (192.168.2.x) but NO PING…

Do you received a working solution finaly ?

thx by advance