Fresh install of vyos not routing properly

i486dx266 · December 8, 2017, 9:07am

Hi,

I’m new to vyos. I have set up a VM with vyos to use as a core router, but it does not route as expected. I have set up 3 interfaces to route between.

[code]vyos@vyos:~$ show interfaces
Codes: S - State, L - Link, u - Up, D - Down, A - Admin Down
Interface IP Address S/L Description

eth0 10.10.10.1/24 u/u INT10
eth1 192.168.1.80/24 u/u PROVIDER
eth2 172.26.2.1/24 u/u VM2
lo 127.0.0.1/8 u/u
::1/128
[/code]

I tried to paste an image of the topology or link to one here because a picture explains more than 1000 words. Was not that easy. Here’s the link to it: Imgur: The magic of the Internet

Local firewalls are off.

Here’s the config:

vyos@vyos:~$ sh conf interfaces { ethernet eth0 { address 10.10.10.1/24 description INT10 duplex auto hw-id xx:xx:xx:xx:xx:19 smp_affinity auto speed auto } ethernet eth1 { address 192.168.1.80/24 description PROVIDER duplex auto hw-id xx:xx:xx:xx:xx:1c smp_affinity auto speed auto } ethernet eth2 { address 172.26.2.1/24 description VM2 duplex auto hw-id xx:xx:xx:xx:xx:2b smp_affinity auto speed auto } loopback lo { } } protocols { static { route 0.0.0.0/0 { next-hop 192.168.1.10 { distance 1 } } } } service { ssh { port 22 } } system { config-management { commit-revisions 20 } console { device ttyS0 { speed 9600 } } host-name vyos login { user vyos { authentication { encrypted-password plaintext-password } level admin } } name-server 192.168.1.6 ntp { server 0.pool.ntp.org { } server 1.pool.ntp.org { } server 2.pool.ntp.org { } } package { auto-sync 1 repository community { components main distribution helium password url http://packages.vyos.net/vyos username "" } } syslog { global { facility all { level notice } facility protocols { level debug } } } time-zone UTC } vyos@vyos:~$

syncer · December 8, 2017, 10:09am

Hello,
you don´t have nat rules, so it will not work
you need to nat to eth1 ip as per diagram

i486dx266 · December 8, 2017, 10:13am

Thanks. I am trying to specifically do routing only, no FW and no NAT. I was under the impression that vyos could be set up as a routing only platform. Is that not so?

syncer · December 8, 2017, 12:48pm

I think you missing idea of how it works
you can’t route private nets to public internet, you need nat

i486dx266 · December 11, 2017, 7:22am

I apologize for not being clear in my explanation.
I am routing between internal networks, not to the internet.

I already have a firewall w/NAT for that. That would be the “route 0.0.0.0/0 next-hop 192.168.1.10 distance 1”. So of course i want the subnets to access internet via the default GW, but that is an entirely different device (pfsense) connected to the 192.168.1.0/24 subnet.

Under no circumstances does the vyos router ever come into direct contact with the ISP modem, as i am sure you can see from the sketch.

We have a similar setup at work, only using Cisco cat 4500x
But then, i’m not the switching/routing guy at work… I’m just the devops guy…

jspace · December 11, 2017, 7:56pm

Sounds like something on the pfsense box.
Do you have a source NAT rule for 10.10.10.0/? in pfsense?
Sorry, I don’t remember where you set that.
If B can ping GW, then routing should be set correctly.