I have a problem with setting config for VYOS.
When I try to create 2 different interfaces with the same network address, create a rule what allows to ssh to hosts. And I allow to ssh to host on 2178 interface, but not on 2195. Its don
t work not only for .82.0/24
, but for all of them.
For example this in vyos config.
"success": True,
"data": {
"firewall": {
"all-ping": "enable",
"broadcast-ping": "disable",
"config-trap": "disable",
"group": {
"address-group": {
"outside-v2178-ad-10": {
"address": "192.168.82.20",
"description": "hosts allowed to be hit on port 22",
},
"outside-v2195-ad-10": {
"address": "192.168.82.30",
"description": "hosts allowed to be hit on port 22",
},
"v2178-outside-ad-10": {"address": "192.168.82.20"},
"v2195-outside-ad-10": {"address": "192.168.82.30"},
},
"port-group": {
"outside-v2178-pr-10": {
"description": "Description for port group",
"port": "22",
},
"outside-v2195-pr-10": {
"description": "Description for port group",
"port": "22",
},
},
},
"ipv6-receive-redirects": "disable",
"ipv6-src-route": "disable",
"ip-src-route": "disable",
"log-martians": "enable",
"name": {
"outside-local": {
"default-action": "drop",
"rule": {
"1": {
"action": "accept",
"state": {"established": "enable", "related": "enable"},
},
"2": {
"action": "drop",
"log": "enable",
"state": {"invalid": "enable"},
},
"10": {
"action": "accept",
"destination": {"port": "22"},
"protocol": "tcp",
"state": {"new": "enable"},
},
"20": {
"action": "accept",
"icmp": {"type-name": "echo-reply"},
"protocol": "icmp",
"state": {"new": "enable"},
},
},
},
"outside-v2178": {
"default-action": "drop",
"rule": {
"1": {
"action": "accept",
"state": {"established": "enable", "related": "enable"},
},
"2": {
"action": "drop",
"log": "enable",
"state": {"invalid": "enable"},
},
"10": {
"action": "accept",
"description": "SSH",
"destination": {
"group": {
"address-group": "outside-v2178-ad-10",
"port-group": "outside-v2178-pr-10",
}
},
"protocol": "tcp",
"source": {"address": "0.0.0.0/0"},
},
},
},
"outside-v2195": {
"default-action": "drop",
"rule": {
"1": {
"action": "accept",
"state": {"established": "enable", "related": "enable"},
},
"2": {
"action": "drop",
"log": "enable",
"state": {"invalid": "enable"},
},
"10": {
"action": "accept",
"description": "SSH",
"destination": {
"group": {
"address-group": "outside-v2195-ad-10",
"port-group": "outside-v2195-pr-10",
}
},
"protocol": "tcp",
"source": {"address": "0.0.0.0/0"},
},
},
},
"v2178-outside": {
"default-action": "drop",
"rule": {
"1": {
"action": "accept",
"state": {"established": "enable", "related": "enable"},
},
"2": {
"action": "drop",
"log": "enable",
"state": {"invalid": "enable"},
},
"10": {
"action": "accept",
"description": "ANY",
"destination": {"address": "0.0.0.0/0"},
"source": {
"group": {"address-group": "v2178-outside-ad-10"}
},
},
},
},
"v2195-outside": {
"default-action": "drop",
"rule": {
"1": {
"action": "accept",
"state": {"established": "enable", "related": "enable"},
},
"2": {
"action": "drop",
"log": "enable",
"state": {"invalid": "enable"},
},
"10": {
"action": "accept",
"description": "ANY",
"destination": {"address": "0.0.0.0/0"},
"source": {
"group": {"address-group": "v2195-outside-ad-10"}
},
},
},
},
},
"receive-redirects": "disable",
"send-redirects": "enable",
"source-validation": "disable",
"syn-cookies": "enable",
"twa-hazards-protection": "disable",
},
"interfaces": {
"ethernet": {
"eth0": {
"firewall": {"in": {"name": "outside-local"}},
"hw-id": "50:6b:8d:d8:bd:8c",
"vif": {
"801": {
"address": "xxx.xxx.xxx.xxx/24",
"description": "vLAN801 - outside",
},
"2178": {
"address": "192.168.82.1/24",
"description": "Customer uuid: c001 name: company1",
},
"2195": {
"address": "192.168.82.1/24",
"description": "Customer uuid: c001 name: company1",
},
},
}
},
"loopback": {"lo": {}},
},
"nat": {
"destination": {
"rule": {
"21782": {
"description": "1-to-1 NAT - 2178 - fae0ca6f-8e95-430f-8434-3ca69fb73275 - ingress",
"destination": {"address": "xxx.xxx.xxx.xxx"},
"inbound-interface": "eth0.801",
"translation": {"address": "192.168.82.20"},
},
"21783": {
"description": "NAT Reflection: INSIDE - 2178 - fae0ca6f-8e95-430f-8434-3ca69fb73275",
"destination": {"address": "xxx.xxx.xxx.xxx"},
"inbound-interface": "eth0.2178",
"translation": {"address": "192.168.82.20"},
},
"21952": {
"description": "1-to-1 NAT - 2195 - 804c1e99-746b-4fcd-b5a2-556dcaf25e58 - ingress",
"destination": {"address": "xxx.xxx.xxx.xxx"},
"inbound-interface": "eth0.801",
"translation": {"address": "192.168.82.30"},
},
"21964": {
"description": "1-to-1 NAT - 2196 - a68af80a-508e-40ca-9b3a-75b613186724 - ingress",
"destination": {"address": "xxx.xxx.xxx.xxx"},
"inbound-interface": "eth0.801",
"translation": {"address": "192.168.3.6"},
},
}
},
"source": {
"rule": {
"21782": {
"description": "1-to-1 NAT - 2178 - fae0ca6f-8e95-430f-8434-3ca69fb73275 - ergess",
"outbound-interface": "eth0.801",
"source": {"address": "192.168.82.20"},
"translation": {"address": "xxx.xxx.xxx.xxx"},
},
"21783": {
"description": "NAT Reflection: INSIDE - 2178 - fae0ca6f-8e95-430f-8434-3ca69fb73275",
"destination": {"address": "192.168.82.0/24"},
"outbound-interface": "eth0.2178",
"source": {"address": "192.168.82.0/24"},
"translation": {"address": "masquerade"},
},
"21952": {
"description": "1-to-1 NAT - 2195 - 804c1e99-746b-4fcd-b5a2-556dcaf25e58 - ergess",
"outbound-interface": "eth0.801",
"source": {"address": "192.168.82.30"},
"translation": {"address": "xxx.xxx.xxx.xxx"},
},
"21953":{
"description":"NAT Reflection: INSIDE - 2195 - 804c1e99-746b-4fcd-b5a2-556dcaf25e58",
"destination":{"address":"192.168.82.0/24"},
"outbound-interface":"eth0.2195",
"source":{"address":"192.168.82.0/24"},
"translation":{"address":"masquerade"}
},
}
},
},
"protocols": {
"static": {"route": {"0.0.0.0/0": {"next-hop": {"xxx.xxx.xxx.xxx": {}}}}}
},
"service": {
"https": {
"api": {
"debug": {},
"keys": {
"id": {
}
},
"port": "yyyy",
},
"certificates": {"system-generated-certificate": {"lifetime": "3650"}},
"virtual-host": {
"vyosstage": {
"listen-address": "xxx.xxx.xxx.xxx",
"listen-port": "yyyy",
}
},
},
"lldp": {},
"ssh": {"disable-password-authentication": {}, "port": "22"},
},
"system": {
"config-management": {"commit-revisions": "100"},
"console": {"device": {"ttyS0": {"speed": "115200"}}},
"host-name": "vyos",
"login": {
"user": {
"vyos": {
"authentication": {
}
}
}
},
"ntp": {
"server": {
"0.pool.ntp.org": {},
"1.pool.ntp.org": {},
"2.pool.ntp.org": {},
}
},
"syslog": {
"global": {
"facility": {
"all": {"level": "info"},
"protocols": {"level": "debug"},
}
}
},
},
"zone-policy": {
"zone": {
"outside": {
"default-action": "drop",
"from": {
"v2178": {"firewall": {"name": "v2178-outside"}},
"v2195": {"firewall": {"name": "v2195-outside"}},
},
"interface": "eth0.801",
},
"v2178": {
"from": {"outside": {"firewall": {"name": "outside-v2178"}}},
"interface": "eth0.2178",
},
"v2195": {
"from": {"outside": {"firewall": {"name": "outside-v2195"}}},
"interface": "eth0.2195",
},
}
},
},
"error": null,
}