4 physical NIC’s: 1 directly connected to the modem (PPPoE connection), 3 NIC’s connected to 3 WiFI routers (these 2 routers are in Access Point operational mode, therefore NAT and DHCP are disabled on these devices).
5 virtual switches created: 4 External (with assigned NIC) and one Internal
Current VyOS configuration:
ppp0 - managed to setup successfully (I receive ping reply from www.yahoo.com)
eth0 - in which the cable from the modem is plugged in has no IP Address (physical WAN port, I guess)
eth1 - cable from WiFi AP 1 - 192.168.1.10
eth2 - cable from WiFi AP 2 - 192.168.1.20
eth3 - cable from WiFi AP 3 - 192.168.1.30
I’ve managed to install VyOS on a VM. The purpose of this VM is to be the facing Router to the Internet (ISP Modem → VyOS Router → 3 WiFi AP’s → Client devices).
Questions:
Can I assign 192.168.1.1 to eth0 and act as a DHCP server and DNS forwarder (from ppp0)?
When I configure NAT, do I need to NAT to interface ppp0 with source 192.168.1.0/24? And also, is it safe?
If I can NAT to ppp0, the Firewall rules (packages from the OUTSIDE), should be only applied to ppp0 interface?
Well, in order to make things work, I had to change some physical configurations, as:
I renounced on assigning physical interfaces to the router. It seems that trying/creating a physical switch from the other physical interfaces of the Hyper-V host wasn’t a good idea.
I bought a physical switch, and my vyos config suffered some internal modifications
no more eth2 and eth3, now I have only eth0 (which is reserved for pppoe0) and eth1 (which is the LAN interface, and also the communication port with the physical switch)
eth1 address - 192.168.1.1 (DHCP service on it), everything is working well internally.
Now, my other issue is with the TCP clamping (changing TCP-MSS in order to make Internet browsing work properly). It seems that the only way that I can make this working is to sudo su and apply the following iptables command line:
iptables -t mangle -I POSTROUTING 1 -p tcp -o pppoe0 --tcp-flags SYN SYN -j TCPMSS --set-mss 1452
The issue is that this command line has to be applied every time my Router reboots, and this is because the mentioned iptables command wont be written in the config file.
Any advises?