This is my current setup with VyOS 2025.06.24-0020-rolling: but I can’t get “dig +short hттps://d1fw3h4w8htlic.cloudfront.net – curl -v hттps://authserver.mojang.com” to work correctly? Can anyone, less of a novice than me, help me? I’d be grateful. "
vyos@vyos:~$ show configuration commands | strip-private
set firewall group address-group internal_servers address 'xxx.xxx.1.100'
set firewall group address-group internal_servers address 'xxx.xxx.1.101'
set firewall group address-group soporte address 'xxx.xxx.14.109'
set firewall ipv4 forward filter default-action 'drop'
set firewall ipv4 forward filter rule 10 action 'jump'
set firewall ipv4 forward filter rule 10 inbound-interface name 'eth0'
set firewall ipv4 forward filter rule 10 jump-target 'WAN_IN'
set firewall ipv4 forward filter rule 20 action 'jump'
set firewall ipv4 forward filter rule 20 inbound-interface name 'eth1'
set firewall ipv4 forward filter rule 20 jump-target 'LAN_IN'
set firewall ipv4 input filter default-action 'drop'
set firewall ipv4 input filter rule 10 action 'jump'
set firewall ipv4 input filter rule 10 inbound-interface name 'eth0'
set firewall ipv4 input filter rule 10 jump-target 'WAN_LOCAL'
set firewall ipv4 input filter rule 20 action 'jump'
set firewall ipv4 input filter rule 20 inbound-interface name 'eth1'
set firewall ipv4 input filter rule 20 jump-target 'LAN_LOCAL'
set firewall ipv4 input filter rule 99999 action 'accept'
set firewall ipv4 input filter rule 99999 description 'Allow localhost input'
set firewall ipv4 input filter rule 99999 inbound-interface name 'lo'
set firewall ipv4 input filter rule 99999 source address 'xxx.xxx.0.0/8'
set firewall ipv4 name LAN_IN default-action 'drop'
set firewall ipv4 name LAN_IN description 'LAN to WAN forwarded traffic'
set firewall ipv4 name LAN_IN rule 10 action 'accept'
set firewall ipv4 name LAN_IN rule 10 description 'Allow established/related'
set firewall ipv4 name LAN_IN rule 10 state 'established'
set firewall ipv4 name LAN_IN rule 10 state 'related'
set firewall ipv4 name LAN_IN rule 20 action 'accept'
set firewall ipv4 name LAN_IN rule 20 description 'Allow all outbound traffic from LAN to WAN'
set firewall ipv4 name LAN_IN rule 20 protocol 'all'
set firewall ipv4 name LAN_IN rule 20 source address 'xxx.xxx.1.0/24'
set firewall ipv4 name LAN_LOCAL default-action 'accept'
set firewall ipv4 name LAN_LOCAL description 'LAN to router traffic'
set firewall ipv4 name LAN_LOCAL rule 10 action 'accept'
set firewall ipv4 name LAN_LOCAL rule 10 description 'Allow established/related'
set firewall ipv4 name LAN_LOCAL rule 10 state 'established'
set firewall ipv4 name LAN_LOCAL rule 10 state 'related'
set firewall ipv4 name WAN_IN default-action 'drop'
set firewall ipv4 name WAN_IN description 'WAN to LAN traffic (Port Forwarding)'
set firewall ipv4 name WAN_IN rule 10 action 'accept'
set firewall ipv4 name WAN_IN rule 10 description 'Allow established/related'
set firewall ipv4 name WAN_IN rule 10 state 'established'
set firewall ipv4 name WAN_IN rule 10 state 'related'
set firewall ipv4 name WAN_IN rule 20 action 'accept'
set firewall ipv4 name WAN_IN rule 20 description 'Allow HTTP/HTTPS to Web Server'
set firewall ipv4 name WAN_IN rule 20 destination group address-group 'internal_servers'
set firewall ipv4 name WAN_IN rule 20 destination port '80,443'
set firewall ipv4 name WAN_IN rule 20 protocol 'tcp'
set firewall ipv4 name WAN_IN rule 30 action 'accept'
set firewall ipv4 name WAN_IN rule 30 description 'Allow Minecraft server'
set firewall ipv4 name WAN_IN rule 30 destination group address-group 'internal_servers'
set firewall ipv4 name WAN_IN rule 30 destination port '25565'
set firewall ipv4 name WAN_IN rule 30 protocol 'tcp'
set firewall ipv4 name WAN_LOCAL default-action 'drop'
set firewall ipv4 name WAN_LOCAL description 'WAN to router traffic'
set firewall ipv4 name WAN_LOCAL rule 10 action 'accept'
set firewall ipv4 name WAN_LOCAL rule 10 description 'Allow established/related'
set firewall ipv4 name WAN_LOCAL rule 10 state 'established'
set firewall ipv4 name WAN_LOCAL rule 10 state 'related'
set firewall ipv4 name WAN_LOCAL rule 15 action 'accept'
set firewall ipv4 name WAN_LOCAL rule 15 description 'Allow DNS TCP responses'
set firewall ipv4 name WAN_LOCAL rule 15 destination port '53'
set firewall ipv4 name WAN_LOCAL rule 15 protocol 'tcp'
set firewall ipv4 name WAN_LOCAL rule 15 state 'established'
set firewall ipv4 name WAN_LOCAL rule 16 action 'accept'
set firewall ipv4 name WAN_LOCAL rule 16 description 'Allow DNS UDP responses'
set firewall ipv4 name WAN_LOCAL rule 16 destination port '53'
set firewall ipv4 name WAN_LOCAL rule 16 protocol 'udp'
set firewall ipv4 name WAN_LOCAL rule 16 state 'established'
set firewall ipv4 name WAN_LOCAL rule 20 action 'accept'
set firewall ipv4 name WAN_LOCAL rule 20 description 'Allow remote admin SSH'
set firewall ipv4 name WAN_LOCAL rule 20 destination port '22222'
set firewall ipv4 name WAN_LOCAL rule 20 protocol 'tcp'
set firewall ipv4 name WAN_LOCAL rule 20 source group address-group 'soporte'
set firewall ipv4 output filter default-action 'accept'
set firewall ipv4 output filter rule 99999 action 'accept'
set firewall ipv4 output filter rule 99999 description 'Allow localhost output'
set firewall ipv4 output filter rule 99999 destination address 'xxx.xxx.0.0/8'
set firewall ipv4 output filter rule 99999 outbound-interface name 'lo'
set interfaces ethernet eth0 address 'dhcp'
set interfaces ethernet eth0 description 'WAN'
set interfaces ethernet eth0 hw-id 'xx:xx:xx:xx:xx:10'
set interfaces ethernet eth1 address 'xxx.xxx.1.1/24'
set interfaces ethernet eth1 description 'LAN'
set interfaces ethernet eth1 hw-id 'xx:xx:xx:xx:xx:ca'
set nat destination rule 10 description 'Web Server HTTP'
set nat destination rule 10 destination port '80'
set nat destination rule 10 inbound-interface name 'eth0'
set nat destination rule 10 protocol 'tcp'
set nat destination rule 10 translation address 'xxx.xxx.1.100'
set nat destination rule 20 description 'Web Server HTTPS'
set nat destination rule 20 destination port '443'
set nat destination rule 20 inbound-interface name 'eth0'
set nat destination rule 20 protocol 'tcp'
set nat destination rule 20 translation address 'xxx.xxx.1.100'
set nat destination rule 30 description 'Minecraft Server'
set nat destination rule 30 destination port '25565'
set nat destination rule 30 inbound-interface name 'eth0'
set nat destination rule 30 protocol 'tcp'
set nat destination rule 30 translation address 'xxx.xxx.1.101'
set nat source rule 100 outbound-interface name 'eth0'
set nat source rule 100 source address 'xxx.xxx.1.0/24'
set nat source rule 100 translation address 'masquerade'
set protocols static route xxx.xxx.0.0/0 next-hop xxx.xxx.0.1
set service dhcp-server listen-interface 'eth1'
set service dhcp-server shared-network-name xxxxxx authoritative
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.1.0/24 lease '259200'
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.1.0/24 option default-router 'xxx.xxx.1.1'
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.1.0/24 option domain-name xxxxxx
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.1.0/24 option name-server 'xxx.xxx.1.1'
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.1.0/24 range 0 start 'xxx.xxx.1.200'
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.1.0/24 range 0 stop 'xxx.xxx.1.250'
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.1.0/24 subnet-id '1'
set service dns forwarding allow-from 'xxx.xxx.1.0/24'
set service dns forwarding cache-size '10000'
set service dns forwarding listen-address 'xxx.xxx.1.1'
set service dns forwarding name-server xxx.xxx.9.10
set service dns forwarding name-server xxx.xxx.14.14
set service ntp allow-client xxxxxx 'xxx.xxx.0.0/8'
set service ntp allow-client xxxxxx 'xxx.xxx.1.0/24'
set service ntp listen-address 'xxx.xxx.1.1'
set service ntp server xxxxx.tld
set service ntp server xxxxx.tld
set service ssh port '22222'
set system config-management commit-revisions '100'
set system console device ttyS0 speed '115200'
set system host-name xxxxxx
set system ipv6 disable-forwarding
set system login user xxxxxx authentication encrypted-password xxxxxx
set system login user xxxxxx authentication plaintext-password xxxxxx
set system name-server 'xxx.xxx.1.1'
set system name-server 'xxx.xxx.8.8'
set system option reboot-on-upgrade-failure '5'
set system syslog local facility all level 'info'
set system syslog local facility local7 level 'debug'