New VyOs installation - unable to get internet connectivity on LAN interfaces?

I’ve just installed the latest 1.3 rolling release, and I’m trying to setup a basic PPPoE connection, with DHCP/DNS for LAN clients - however, I think I’m missing something fairly obvious. I haven’t touched VyOS in quite some time.

The router can get internet connectivity - the LAN clients get a DHCP lease, but no internet connectivity.

I’ve using the following two docs pages:

I’m able to establish a PPPoE link (eth0) - and from the router itself, I can ping the outside world (e.g. 8.8.8.8).

On the LAN interface (eth1), I do get a DHCP lease - however, I don’t seem to have any internet connectivity at all.

My hunch is it’s something to do with my firewall rules? (The PPPoE documentation page mentions In, Out, and Local rules - but the quick start page only gave examples for In and Local, so those are the two I used).

Here is my current configuration:

vyos@vyos# show
firewall {
    name NET-IN {
        default-action drop
        rule 10 {
            action accept
            state {
                established enable
                related enable
            }
        }
    }
    name NET-LOCAL {
        default-action drop
        rule 10 {
            action accept
            state {
                established enable
                related enable
            }
        }
        rule 20 {
            action accept
            icmp {
                type-name echo-request
            }
            protocol icmp
            state {
                new enable
            }
        }
    }
}
interfaces {
    ethernet eth0 {
        hw-id 80:a2:35:7f:de:e3
    }
    ethernet eth1 {
        address 10.5.1.1/24
        description INSIDE
        hw-id 80:a2:35:7f:de:e4
    }
    ethernet eth2 {
        hw-id 80:a2:35:7f:de:e5
    }
    ethernet eth3 {
        hw-id 80:a2:35:7f:de:e6
    }
    ethernet eth4 {
        hw-id 80:a2:35:7f:de:e7
    }
    ethernet eth5 {
        hw-id 80:a2:35:7f:de:e8
    }
    ethernet eth6 {
        hw-id 80:a2:35:7f:de:e9
    }
    ethernet eth7 {
        hw-id 80:a2:35:7f:de:ea
    }
    ethernet eth8 {
        hw-id 80:a2:35:7f:de:eb
    }
    ethernet eth9 {
        hw-id 80:a2:35:7f:de:ec
    }
    ethernet eth10 {
        hw-id 80:a2:35:7f:de:ed
    }
    ethernet eth11 {
        hw-id 80:a2:35:7f:de:ee
    }
    loopback lo {
    }
    pppoe pppoe0 {
        authentication {
            password SANITISED
            user victorhooi@internode.on.net
        }
        default-route auto
        firewall {
            in {
                name NET-IN
            }
            local {
                name NET-LOCAL
            }
        }
        mtu 1492
        source-interface eth0
    }
}
nat {
    source {
        rule 100 {
            outbound-interface eth0
            source {
                address 10.5.1.0/24
            }
            translation {
                address masquerade
            }
        }
    }
}
service {
    dhcp-server {
        shared-network-name LAN {
            subnet 10.5.1.0/24 {
                default-router 10.5.1.1
                dns-server 10.5.1.1
                domain-name internal-network
                lease 86400
                range 0 {
                    start 10.5.1.9
                    stop 10.5.1.254
                }
            }
        }
    }
    dns {
        forwarding {
            allow-from 10.5.1.0/24
            cache-size 0
            listen-address 10.5.1.1
        }
    }
    ssh {
        port 22
    }
}
system {
    config-management {
        commit-revisions 100
    }
    console {
        device ttyS0 {
            speed 115200
        }
    }
    host-name vyos
    login {
        user vyos {
            authentication {
                encrypted-password SANITISED
                plaintext-password ""
            }
        }
    }
    name-server 8.8.8.8
    name-server 8.8.4.4
    ntp {
        server 0.pool.ntp.org {
        }
        server 1.pool.ntp.org {
        }
        server 2.pool.ntp.org {
        }
    }
    syslog {
        global {
            facility all {
                level info
            }
            facility protocols {
                level debug
            }
        }
    }
}

Are you able to see anything I’ve missed above?

i think you need to configure NAT on pppoe interface
outbound-interface pppoe0

Yes - you’re right!

I deleted the existing NAT entry (which had outbound-interface set to eth0), and re-created it using pppoe0:

set nat source rule 100 outbound-interface 'pppoe0'
set nat source rule 100 source address '10.5.1.0/24'
set nat source rule 100 translation address masquerade

Thank you!

1 Like

This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.