Hi all,
I built a Vyos on a vmware esxi host to use for routing traffic for my lab. I built a simple configuration and I am able to ping between my home lab and my lab servers but other functions(http, https, ssh) do not work. My Windows machine can reach my lab servers but not my home laptop. I added a static route on my home router to send traffic for my lab subnets to 192.168.1.254.
Home Router - 192.168.1.1
Vyos eth0 - 192.168.1.254
Vyos eth1 - 10.191.1.1
Vyos eth2 - 10.191.2.1
Lab machine1 - 10.191.2.11
Lab machine2 - 10.191.2.111
Windows machine - 10.191.1.2
Home laptop - 192.168.1.93
irewall {
all-ping enable
broadcast-ping disable
config-trap disable
ipv6-receive-redirects disable
ipv6-src-route disable
ip-src-route disable
log-martians enable
receive-redirects disable
send-redirects enable
source-validation disable
syn-cookies enable
twa-hazards-protection disable
}
interfaces {
ethernet eth0 {
address 192.168.1.222/24
address 192.168.1.254/24
hw-id 00:0c:29:e2:74:a9
}
ethernet eth1 {
address 10.191.1.1/24
hw-id 00:0c:29:e2:74:b3
}
ethernet eth2 {
address 10.191.2.1/24
hw-id 00:0c:29:e2:74:bd
}
loopback lo {
}
}
nat {
source {
rule 9 {
outbound-interface eth0
source {
address 10.191.1.0/24
}
translation {
address masquerade
}
}
rule 100 {
outbound-interface eth0
source {
address 10.191.2.0/24
}
translation {
address masquerade
}
}
}
}
protocols {
static {
route 0.0.0.0/0 {
next-hop 192.168.1.1 {
}
}
}
}
service {
ssh {
port 22
}
}
system {
config-management {
commit-revisions 100
}
conntrack {
modules {
ftp
h323
nfs
pptp
sip
sqlnet
tftp
}
}
console {
device ttyS0 {
speed 115200
}
}
host-name vyos
login {
user vyos {
authentication {
encrypted-password ****************
plaintext-password ****************
}
}
}
name-server 8.8.8.8
name-server 8.8.4.4
ntp {
allow-clients {
address 10.191.1.0/24
address 10.191.2.0/24
address 192.168.1.0/24
}
listen-address 10.191.1.1
server time1.google.com {
}
server time1.vyos.net {
}
server time2.vyos.net {
}
server time3.vyos.net {
}
}
syslog {
global {
facility all {
level info
}
facility protocols {
level debug
}
}
}
}
zone-policy {
}
Monitor on eth2
vyos@vyos:~$ monitor traffic interface eth2
tcpdump: verbose output suppressed, use -v[v]… for full protocol decode
listening on eth2, link-type EN10MB (Ethernet), snapshot length 262144 bytes
04:36:57.489279 IP 192.168.1.13.52709 > 10.191.2.11.ssh: Flags [S], seq 3055839423, win 65535, options [mss 1460,nop,wscale 6,nop,nop,TS val 1244087456 ecr 0,sackOK,eol], length 0
04:36:57.489533 IP 10.191.2.11.ssh > 192.168.1.13.52709: Flags [S.], seq 3164649580, ack 3055839424, win 29200, options [mss 1460,nop,nop,sackOK,nop,wscale 7], length 0
04:36:58.690963 IP 10.191.2.11.ssh > 192.168.1.13.52709: Flags [S.], seq 3164649580, ack 3055839424, win 29200, options [mss 1460,nop,nop,sackOK,nop,wscale 7], length 0
04:37:00.690943 IP 10.191.2.11.ssh > 192.168.1.13.52709: Flags [S.], seq 3164649580, ack 3055839424, win 29200, options [mss 1460,nop,nop,sackOK,nop,wscale 7], length 0
Any suggestions?