I have set up some virtual machines inside ESXi and segregated virtual machines into two subnets using two VyOS router (one router for one subnet) now I want SSH and XRDP (RDP for Linux machines) connection to every those virtual machines from outside of vyos router how do I set up it within VyOS I have already enabled SSH and xRDP in those machines. I am a completely newbie to networking please let me know if the question is unclear or you need any more information.
Hello @zeroh . First of all, welcome to VyOS community.
The information given may not be enough to give you a precise answer. As far as I understand from your description, seems you have some linux endpoints in a network that is behind VyOS router. If that’s the case, you may need to NAT those required ssh and RDP connections, to the desire endpoints.
Please, review the documentation.
https://docs.vyos.io/en/crux/configuration/nat/index.html
https://support.vyos.io/en/kb/articles/nat-basics-2
Hi @n.fort Thanks for the quick response. yes they are some Linux endpoints in the network behind VyOS router and I am trying to access them from outside in windows. I have gone through the provided documentation and did
set nat destination rule 10 description ‘Port Forward to 192.168.0.100’
set nat destination rule 10 destination port ‘3389’
set nat destination rule 10 inbound-interface ‘eth0’
set nat destination rule 10 protocol ‘tcp’
set nat destination rule 10 translation address ‘192.168.0.100’
For RDP and gave port 22 for SSH
but when I tried to connect to it from my windows PC it shows connection time out.
I haven’t set any firewalls within VyOS.
You need also source nat rule match source 192.168.0.100 and outbound-interface eth0
I have set interfaces as
set interfaces ethernet eth0 address 192.168.0.10/24
set interfaces ethernet eth0 description Internet
set interfaces ethernet eth1 address 192.168.1.10/24
set interfaces ethernet eth1 description vLAN10
and source nat address
set nat source rule 11 outbound-interface eth0
set nat source rule 11 source address 192.168.1.10/24
set nat source rule 11 translation address masquerade
default gateway
set protocols static route 0.0.0.0/0 next-hop 192.168.0.10
Your default gateway config is not ok.
Your config:
- set interfaces ethernet eth0 address 192.168.0.10/24
- set protocols static route 0.0.0.0/0 next-hop 192.168.0.10
Next hop shouldn’t be the router itself
Thanks! It should be the gateway address of the physical router right? I have setup two routers in ESXi and changed the gateway address of both to 192.168.0.1? now the internet access to machines are working but ssh and RDP is not working.
Right now, your linux endpoints can reach internet, but they can’t be accessed from a device located externaly to that network? If that’s the situation, sound like a routing problem.
Again, I’m trying to guess your config and requirements. A network diagram, or a better description of your network topology would be neccesary to understand what’s happening.
This is the setup, I want to access from windows PC to linux vm1 both RDP and SSH. Before setting up VyOS in the ESXi I had access to RDP and SSH to linux vm from my windows pc only after setting VyOS , lost access. and i can ping to VyOS router from windows PC. Let me know if any more details are needed
gateway address :10.45.32.1
so far what i did in VyOS is
configure
set interfaces ethernet eth0 address 10.45.32.22/24
set interfaces ethernet eth0 description Internet
set interfaces ethernet eth1 address 10.45.32.40/27
set interfaces ethernet eth1 description LAN
set service ssh
set service ssh allow-root
set protocols static route 0.0.0.0/0 next-hop 10.45.32.1
set nat source rule 101 outbound-interface eth0
set nat source rule 101 source address 10.45.32.40/27
set nat source rule 101 translation address masquerade
set nat destination rule 101 description ‘Port Forward: ssh to 10.45.32.40’
set nat destination rule 101 destination port ‘22’
set nat destination rule 101 inbound-interface ‘eth0’
set nat destination rule 101 protocol ‘tcp’
set nat destination rule 101 translation address ‘10.45.32.40’
set nat destination rule 102 description ‘Port Forward: ssh to 10.45.32.44’
set nat destination rule 102 destination port ‘22’
set nat destination rule 102 inbound-interface ‘eth0’
set nat destination rule 102 protocol ‘tcp’
set nat destination rule 102 translation address ‘10.45.32.44’
commit
save
for getting ssh access to linux vm-1 and linux vm-2 from windows pc
as of now I am trying to fix only first VyOS router , I gave two router to prevent communication between linux vm-1,2 with Linux vm-3,4 .
My requirement is to set up two network in ESXi which can’t communicate each other but should have internet access to both and should be able to SSH and RDP from outside of ESXi to both networks,so when I set up vm in esxi I had SSH and RDP access from my windows machine but two networks in ESXi were not segregated for that I used VyOS.
@zeroh, analizing your network diagram and the commands executed on one router, there seems to be some basic errors in your deployment:
- Network segmentation: you define the network 10.45.32.0/24 for your “internet network”, and also 10.45.32.32/27 for your “Virtal LAN network”. Second network (/27) is part of the fist one (/24).
- Routing: no information how “Windows PC” should reach your virtual endpoints.
If possible, you should reconsider changing your network addresses. It’s definetly a misconfiguration of networking, and not a VyOS issue
That’s really great @n.fort thanks for pointing out my rookie mistake, I will reconfigure it and hope it would work fine.
This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.