General configuration, VM Router setup, and DNS

I just want to apologize right-off-the-bat for this discussion/question because talking about this topic seems to upset everyone even though many seem to do this setup all the time.

I like to use a VM as my main router in my home. Let me clearly…

• Ubuntu (Host) with 2 NIC’s - one setup as a WAN going directly to the cable modem, and the other setup as the LAN line going to a wireless 4 port router/switch in bridge mode.

• Host - Running Virtualbox with one VM (Vyos - router) acting has the router for the whole setup.

• The host and the Bridged router/switch have static IP address.

Ok, so now that we have that out of the way let me talk a little about what is going on. First I need to mention that I do have the vyos router routing traffic from LAN to WAN, and computers setup with DHCP, and static IP’s are getting internet through the WAN. So it is working.

In Virtualbox I have given the VM (vyos) 4 NIC’s eth0-eth3. Eth0 is bridged to the hosts NIC that is connected to the modem and the other 3 VM NIC’s are bridged to the NIC that is acting as the LAN going to the wireless switch in bridge mode. Vyos is getting internet access through the WAN using DHCP (eth0), and the LAN IP is set to 192.168.2.1/24 (eth1). I have setup Vyos to serve IP address’s from 192.168.2.10 - 192.168.2.254 over the 192,168.2.0/24 network including the DNS server, and seems to be working. I have also setup a NAT rule connecting 192.168.2.0/24 to the WAN interface and all computers can get on the internet.

The problem is with my two static connections - 192.168.2.2 (router/switch in bridge mode) and 192.168.2.3 (Host). They don’t seem to be getting served DNS. If I set the DNS to something outside my network like 8.8.8.8 then it works, but if I set it to the default gateway (192.168.2.1) than it does not work/connect. I have used my default gateway to resolve DNS before with out any problem. I am unsure what I need to setup to get this working in vyos.

This is where people seem to get mad/upset for some reason even though a lot of them do this - The host is getting its connection through the VM. Sorry, but this is a good setup and I have ran it successfully before. Its not a problem if you start your router from your host not in headless. I don’t like running headless and only want to connect to my router from the Host’s Desktop, and yes I did say DESKTOP. I like having a desktop on my host because it is easier to deal with files and my host also runs a file server.

Now that, that’s out of the way… Once I am able to get this fully configured I would like to setup static networks of 192.168.3.1/32 on eth2, and 192.168.4.1/32 on eth3 both NATed to the WAN. 192.168.3.2 will be for PS4 (1) and 192.168.4.2 will hopefully also be able to go through the wifi a long with the 192.168.2.0/24 network so I can use it for my other PS4, but if not I will just use that address for my Host. One of the reasons I would like to do this is so I can port forward both PS4’s on the same port for gaming. (If this wont work let me know)

Any thoughts, changes or help with the DNS problem would be great. Keep in mind that I am NOT a network admin with lots of knowledge, and I don’t want to buy anything else. I have some Linux command line knowledge, but not anything super below the surface. I have a wireless 4 port router/switch, and a computer with 2 motherboard NIC’s running NON-ECC ram. And remember I want to control the router from my host desktop.

Also, if anyone has any good routing rules for gaming that would be a great help.

Thanks for your understanding and help.

I’m confused on who ‘they’ are. Aside from running it in virtualbox, this sounds like a perfectly sane and fine setup. It’s truly no different than running a dedicated virtual host and your router in a VM.

None of this matters to the issue at hand here. How you like to run your server is your business.

I think the most beneficial thing here would be to know how you have your VyOS DNS forwarding configuration setup. Please share your sanitized configuration here.

I’m not sure what is expected of this setup.

You only have ONE port that you can open. That means that forward can only go to ONE service on your network. You cannot open the same port for more than one machine.

Thanks for the really quick response.

You are the first to tell me over the last 15 years that having a desktop does not blow my configuration away. And to be honest running a routerOS in Virtualbox on Ubuntu ran faster than running it over ESXi.

I am sorry to say that I don’t have those settings any longer, because I had to reconfigure all the settings to get back the internet connection. Plus running in VBox has some cut and past limitations that I have not been able to work out. The documentation says that Vyos comes pre-installed with vmware tools or open vmware tools, that might be a better way to go if I need to cut and past. Also, after doing some research VMware player might give me a bit of a performance boost too.

The biggest thing is I like to virtualize my router. I thought this time I would try to create a few different networks to try to solve a few of my problems…

1. I have 2 PS4’s and play the same games on them both at the same time. The games seem to play better if they have their ports forwarded so in my ignorance even after lots of googling thought maybe if I created two different networks (192.168.3.0/32 and 192.168.4.0/32) I could port forward both at the same time.

2. I always run a guest network on my setup. Some times more than one, but have never tried to use two different networks over wifi so I thought I would try to make it work. I think some where in my googling I learned this would not work without 2 wireless switches, but why not ask again… see if someone has a better option.

Again thank you for the quick reply, and the “They” comment was just in regards to the fact that over the last 15 years of trying to talk and learn on networking/product forums I have been hit with lots of hostility do to the fact that I virtualize my router over a desktop.

Anyways, I have been using OPNsense for a wile over ESXi and would like to go back to the desktop setup I had before because running headless has been a pain. OPNsense looks really nice, but is pretty complicated to setup and uses lots of ram and cpu. This is why I thought I would try to make the move to Vyos. So far its been easier and faster to setup.

The DNS problem that I am having, not being able to use my Gateway address for my DNS settings on my static computers may not even have anything to do with Vyos. I don’t know… that is why I am asking you guys. who knows… maybe moving to vmware workstation player with vmware tools might fix it.

Thanks for your help and suggestions.

I do understand what you are saying. I was hoping that if I created two different networks NATed to the same WAN I might be able to get around that. Or maybe create two completely different router VM’s over the bridge to the internet might solve the problem.

I have learned that having a bridge on my host computer pointing to the cable modem is pretty helpful.

If you have any ideas please let me know.

You should just enable SSH on your VyOS and remote in and do everything over SSH. Doing it on the console is time consuming when you need cut and paste.

This doesn’t work that way.

You need VLANs or physical segmentation. You can’t make all this happen without doing one of those things.

Without knowing what your configuration on your VyOS is, it’s impossible for us to guess at a correct answer.

When you bridge your interface to the modem, you are giving your bridged network adapter (The VM) your one and only public IP address. Per that one IP address you can only have one each of a port between 1-65535. If you have 2 public IP addresses, you have 2 sets of 1-65535. It doesn’t matter HOW many networks you have behind your WAN, if you only have one public IP address from your ISP, you have only one set of ports to play with.

Thank you for the details. I figured my plan for port forwarding, and wireless would not work. As for having 2 or 3 different networks now that I know can’t use wifi I guess I could go back to using VLANs as I have in the past, but I would like to simply my new setup. Maybe try other ways to separate my gaming systems and file server from my main network. In ESXi and OPNsense VLAN’s were pretty complicated to setup and every time I did it I had to re-learn how. Plus, I always felt like there might be a much more simple design that I was missing.

Anyways… Update— I was able to get VMware Workstation Player to work in Ubuntu, but it took hours. I had find a separate program to help setup the Bridge. Then had to edit the vmx file adding in code I found form a post, on a forum from 2013 that adds extra controls to the network menu allowing me to setup each NIC to one of two bridges I have.

When I finally got Vyos installed I check to see if the tools were installed and it said they were, but still could not cut and paste. Plus, VMware player was taxing my system almost twice as hard as VBox was. At this point I think I should have just used Putty and sshed into it for cut and paste. Maybe I will try the serial port, VBox and putty.

As soon as I am able to get things set back up and Into Vyos with putty I will post my setting so maybe someone can help me workout the Gateway/DNS problem I am having.

Thanks again for your time.

Ok… Well, it was pretty difficult. I could not get the serial port to work so I had to do SSH to get puTTy going. Then PuTTy copy and paste would not work in Ubuntu 18.04. So… had to run PuTTy on my windows machine to get copy and paste working…

Here is my config:

vyos@router:~$ show configuration all
interfaces {
    ethernet eth0 {
        address dhcp
        description WAN
        duplex auto
        hw-id 08:00:27:b9:83:ae
        smp_affinity auto
        speed auto
    }
    ethernet eth1 {
        address 192.168.2.1/24
        description LAN
        duplex auto
        hw-id 08:00:27:a5:40:8f
        smp_affinity auto
        speed auto
    }
    ethernet eth2 {
        duplex auto
        hw-id 08:00:27:d3:df:d0
        smp_affinity auto
        speed auto
    }
    ethernet eth3 {
        duplex auto
        hw-id 08:00:27:87:23:43
        smp_affinity auto
        speed auto
    }
    loopback lo {
    }
}
nat {
    source {
        rule 1 {
            description Internet/Open
            outbound-interface eth0
            source {
                address 192.168.2.0/24
            }
            translation {
                address masquerade
            }
        }
    }
}
service {
    dhcp-server {
        disabled false
        shared-network-name LAN-dhcp {
            authoritative disable
            subnet 192.168.2.0/24 {
                default-router 192.168.2.1
                dns-server 68.105.28.11
                dns-server 68.105.29.11
                dns-server 68.105.28.12
                domain-name hub.local
                lease 86400
                start 192.168.2.11 {
                    stop 192.168.2.254
                }

You don’t need PuTTy on a Linux machine. You just ‘ssh’ using terminal.

Also, please use the </> code blocks for proper formatting in the future.

So here is the thing. Nowhere in your config is it serving any kind of DNS. Your DHCP is telling the clients that the DNS servers are 68.105.28.11, 29.11, and 28.12 (I am assuming these are your ISP DNS servers?). If you are pointing clients to the VyOS router for DNS, it isn’t serving any kind of DNS whatsoever.

Please see the part about DNS forwarding.

https://wiki.vyos.net/wiki/User_Guide#Quick_Start_Guide

It seems you are missing part of your configuration, as I don’t even see your SSH service configured, even though you say you are SSH’ed in.

Yea… for some reason when I used the command it did not show that last little bit but it was down there. I thought maybe it was setting I missed. I will check out the link. Most of the settings that I have come from the first 2 videos on the website.

Thank you again for you time.

Just use ‘Terminal’ on your linux workstation.

ssh into the router, and run sh conf, you may have to hit space bar a few times to get all the output.

just highlight and copy all of the config and post it back here with proper code tags.

The new conf seems to have fix the problem! I did try and go into > set system gateway, and > set system name-server, but both caused anything with a set DNS to go down.

I did set a few of the rules, but most I left off because I don’t them. Let me know if there is any other rules that I might for routing to run smoothly.

Thank you for resolving two of my problems.

vyos@router:~$ show configuration all 
firewall {
    all-ping enable
    broadcast-ping disable
    config-trap disable
    ipv6-receive-redirects disable
    ipv6-src-route disable
    ip-src-route disable
    log-martians enable
    name WAN-In {
        default-action drop
        rule 2 {
            action accept
            state {
                established enable
                related enable
            }
        }
    }
    name WAN-Local {
        default-action drop
        rule 2 {
            action accept
            state {
                established enable
                related enable
            }
        }
    }
    receive-redirects disable
    send-redirects enable
    source-validation disable
    syn-cookies enable
    twa-hazards-protection disable
}
interfaces {
    ethernet eth0 {
        address dhcp
        description WAN
        duplex auto
        firewall {
            in {
                name WAN-In
            }
            local {
                name WAN-Local
            }
        }
        hw-id 08:00:27:b2:8e:53
        smp_affinity auto
        speed auto
    }
    ethernet eth1 {
        address 192.168.2.1/24
        description LAN
        duplex auto
        hw-id 08:00:27:3a:d7:62
        smp_affinity auto
        speed auto
    }
    ethernet eth2 {
        duplex auto
        hw-id 08:00:27:17:9e:01
        smp_affinity auto
        speed auto
    }
    ethernet eth3 {
        duplex auto
        hw-id 08:00:27:09:de:98
        smp_affinity auto
        speed auto
    }
    loopback lo {
    }
}
nat {
    source {
        rule 1 {
            description Internet/Open
            outbound-interface eth0
            source {
                address 192.168.2.0/24
            }
            translation {
                address masquerade
            }
        }
    }
}
service {
    dhcp-server {
        disabled false
        shared-network-name LAN {
            authoritative disable
            subnet 192.168.2.0/24 {
                default-router 192.168.2.1
                dns-server 192.168.2.1
                domain-name LAN-dhcp
                lease 86400
                start 192.168.2.11 {
                    stop 192.168.2.254
                }
            }
        }
    }
    dns {
        forwarding {
            cache-size 0
            listen-on eth1
            name-server 8.8.8.8
            name-server 8.8.4.4
        }
    }
    ssh {
        port 22
    }
}
system {
    config-management {
        commit-revisions 20
    }
    console {
    }
    domain-name hub.local
    host-name router
    login {
        user vyos {
            authentication {
                encrypted-password ****************
                plaintext-password ****************
            }
            level admin
        }
    }
    ntp {
        server 0.pool.ntp.org {
        }
        server 1.pool.ntp.org {
        }
        server 2.pool.ntp.org {
        }
    }
    package {
        auto-sync 1
        repository community {
            components main
            distribution helium
            password ****************
            url http://packages.vyos.net/vyos
            username ""
        }
    }
    syslog {
        global {
            facility all {
                level notice
            }
            facility protocols {
                level debug
            }
        }
    }
    time-zone US/Central
}

This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.