Firewall configuration

Filofranci · January 8, 2024, 3:59pm

Hi everybody!

I have a problem that I really cannot solve. Hope somebody can help me.

I have installed Vyos on a virtual machine VMWare for windows and I have to configure it so that NAT port 80 in WAN side addresses to port 80 LAN side and access to apache from WAN.

Following the manual, I have used the following instructions:

configure

set interfaces ethernet eth0 address dhcp
set interfaces ethernet eth1 address 192.168.1.1/24
set nat destination rule 10 description ‘Port Forwarding HTTP’
set nat destination rule 10 destination port 80
set nat destination rule 10 inbound-interface ‘eth0’
set nat destination rule 10 translation address ‘192.168.1.2’ #Sostituisci con l’indirizzo IP del server Apache
set nat destination rule 10 translation port 80

It works until line 4). At line 5) it says that eth0 is not valid. If I digit the command “show interfaces” it shows that eth0 exists!

I’m going crazy. Where is my mistake?

Thank you for help

Viacheslav · January 8, 2024, 4:21pm

Which version?
The syntax changed for 1.4/1.5

Borgermeister · January 8, 2024, 5:03pm

On 1.4 this works for me…

set interfaces ethernet eth0 vif 1000 address 'dhcp'
set nat destination rule 100 destination port 'https'
set nat destination rule 100 inbound-interface name 'eth0.1000'
set nat destination rule 100 protocol 'tcp'
set nat destination rule 100 translation address '10.100.0.1'

I’m using a sub interface but should work on ‘eth0’ also…

Filofranci · January 8, 2024, 5:33pm

I’m using 1.5 rolling version , the last available on the site

marc_s · January 8, 2024, 5:37pm

Try set nat destination rule 10 inbound-interface name eth0.

ginko · January 8, 2024, 6:33pm

You need to add the word “name” to the command in 5) see syntax below
5. set nat destination rule 10 inbound-interface name ‘eth0’

Viacheslav · January 8, 2024, 9:23pm

Why not use “tab” or “?” For auto completion?
Why not read the NAT documentation? NAT44 — VyOS 1.5.x (circinus) documentation

Filofranci · January 9, 2024, 9:02am

Seems I’m doing something wrong.
Here I summarize the steps I have followed:

Created a Windows Virtual Machine
Loaded and run Apache in the “virtual” windows
Downloaded and installed VMware for windows
Installed Vyos in the VM
Configured as per my question
It does not work (of course I have added ‘name’). Am I doing something wrong?

Borgermeister · January 10, 2024, 8:06am

Perhaps you can try to configure it again and this time copy the terminal output of your session and paste it in as a code block. This way we can see what you are seeing

vyos@vyos# set nat destination rule 999 inbound-interface
Possible completions:
   group                Match interface-group
   name                 Match interface

[edit]
vyos@vyos# set nat destination rule 999 inbound-interface name
Possible completions:
   <text>               Interface name
   txt*                 Interface name with wildcard
   !<text>              Inverted interface name to match
   eth0
   eth0.1000
   eth0.1001
   eth0.200
   lo
   wg0

[edit]
vyos@vyos# set nat destination rule 999 inbound-interface name eth0
[edit]