How to configure zone based firewall on pppoe on vlan?

Hi Folks,

I’m in the US and trying to configure VyOS with Centurylink fiber. They use PPPOE over a VLAN. I have that configured correctly, but I’m having problems attaching pppoe to the zone-based firewall. I followed the guide here with modifications for my situation: https://blog.kroy.io/2020/05/04/vyos-from-scratch-edition-1/

Interface setup:

interfaces {
    ethernet eth0 {
        hw-id XX:XX:XX:XX:XX:ac
        vif 201 {
            pppoe 1 {
                default-route auto
                mtu 1492
                name-server none
                password xxxxxx
                policy {
                }
                user-id xxxxxx
            }
        }
    }

But for the life of me I can’t figure out the syntax to attach it as an interface to a zone policy.

Here’s just a small subset of the permutations I tried:

[edit]
    vyos@vyos# set zone-policy zone WAN interface pppoe 1

  Configuration path: zone-policy zone WAN interface pppoe [1] is not valid
  Set failed

[edit]
vyos@vyos# set zone-policy zone WAN interface eth0 pppoe 1

  Configuration path: zone-policy zone WAN interface eth0 [pppoe] is not valid
  Set failed

[edit]
vyos@vyos# set zone-policy zone WAN interface eth0 vif 201 pppoe 1

  Configuration path: zone-policy zone WAN interface eth0 [vif] is not valid
  Set failed

[edit]
vyos@vyos# set zone-policy zone WAN interface eth0.201 pppoe 1

  Configuration path: zone-policy zone WAN interface eth0.201 [pppoe] is not valid
  Set failed

I would greatly appreciate any suggestions on appropriate syntax, or a different way I should be approaching this.

Thanks,
Chris

try this

set zone-policy zone WAN interface eth0.201

That allowed it to configure but I’m not sure it worked or not. I was not a good scientist and found one or two other problems also that I changed simultaneously. For this statement I ended up with:

set zone-policy zone WAN interface pppoe1

Now onto traffic shapers :crossed_fingers:

I would get your firewall set up in full and correctly before you add in another config topic.

1 Like

This is most generally used to proliferate DNS worker settings from an Internet specialist organization to customer machines working on the organization ensured by the firewall!