I’ve just installed the latest 1.3 rolling release, and I’m trying to setup a basic PPPoE connection, with DHCP/DNS for LAN clients - however, I think I’m missing something fairly obvious. I haven’t touched VyOS in quite some time.
The router can get internet connectivity - the LAN clients get a DHCP lease, but no internet connectivity.
I’ve using the following two docs pages:
- setup the PPPoE connection
- Quick Start — VyOS 1.4.x (sagitta) documentation - to setup DHCP, DNS forwarding, NAT and firewalls.
I’m able to establish a PPPoE link (eth0) - and from the router itself, I can ping the outside world (e.g. 8.8.8.8).
On the LAN interface (eth1), I do get a DHCP lease - however, I don’t seem to have any internet connectivity at all.
My hunch is it’s something to do with my firewall rules? (The PPPoE documentation page mentions In, Out, and Local rules - but the quick start page only gave examples for In and Local, so those are the two I used).
Here is my current configuration:
vyos@vyos# show
firewall {
name NET-IN {
default-action drop
rule 10 {
action accept
state {
established enable
related enable
}
}
}
name NET-LOCAL {
default-action drop
rule 10 {
action accept
state {
established enable
related enable
}
}
rule 20 {
action accept
icmp {
type-name echo-request
}
protocol icmp
state {
new enable
}
}
}
}
interfaces {
ethernet eth0 {
hw-id 80:a2:35:7f:de:e3
}
ethernet eth1 {
address 10.5.1.1/24
description INSIDE
hw-id 80:a2:35:7f:de:e4
}
ethernet eth2 {
hw-id 80:a2:35:7f:de:e5
}
ethernet eth3 {
hw-id 80:a2:35:7f:de:e6
}
ethernet eth4 {
hw-id 80:a2:35:7f:de:e7
}
ethernet eth5 {
hw-id 80:a2:35:7f:de:e8
}
ethernet eth6 {
hw-id 80:a2:35:7f:de:e9
}
ethernet eth7 {
hw-id 80:a2:35:7f:de:ea
}
ethernet eth8 {
hw-id 80:a2:35:7f:de:eb
}
ethernet eth9 {
hw-id 80:a2:35:7f:de:ec
}
ethernet eth10 {
hw-id 80:a2:35:7f:de:ed
}
ethernet eth11 {
hw-id 80:a2:35:7f:de:ee
}
loopback lo {
}
pppoe pppoe0 {
authentication {
password SANITISED
user victorhooi@internode.on.net
}
default-route auto
firewall {
in {
name NET-IN
}
local {
name NET-LOCAL
}
}
mtu 1492
source-interface eth0
}
}
nat {
source {
rule 100 {
outbound-interface eth0
source {
address 10.5.1.0/24
}
translation {
address masquerade
}
}
}
}
service {
dhcp-server {
shared-network-name LAN {
subnet 10.5.1.0/24 {
default-router 10.5.1.1
dns-server 10.5.1.1
domain-name internal-network
lease 86400
range 0 {
start 10.5.1.9
stop 10.5.1.254
}
}
}
}
dns {
forwarding {
allow-from 10.5.1.0/24
cache-size 0
listen-address 10.5.1.1
}
}
ssh {
port 22
}
}
system {
config-management {
commit-revisions 100
}
console {
device ttyS0 {
speed 115200
}
}
host-name vyos
login {
user vyos {
authentication {
encrypted-password SANITISED
plaintext-password ""
}
}
}
name-server 8.8.8.8
name-server 8.8.4.4
ntp {
server 0.pool.ntp.org {
}
server 1.pool.ntp.org {
}
server 2.pool.ntp.org {
}
}
syslog {
global {
facility all {
level info
}
facility protocols {
level debug
}
}
}
}
Are you able to see anything I’ve missed above?