Hello,
I am a bit new to Vyos, this is the second time I have tried to configure it. The First time went smoothly, this time I wanted to automate my configuration with a script:
#!/bin/vbash
source /opt/vyatta/etc/functions/script-template
if [ "$(id -g -n)" != 'vyattacfg' ] ; then
exec sg vyattacfg -c "/bin/vbash $(readlink -f $0) $@"
fi
configure
#ssh
set service ssh port '22'
#setup the "trusted" trusted
set interfaces ethernet eth1 address '10.42.0.1/24'
set interfaces ethernet eth1 description 'trusted'
#configure its dhcp
set service dhcp-server shared-network-name trusted subnet '10.42.0.0/24' range 0 start '10.42.0.100'
set service dhcp-server shared-network-name trusted subnet '10.42.0.0/24' range 0 stop '10.42.0.200'
set service dhcp-server shared-network-name trusted subnet '10.42.0.0/24' dns-server '10.42.0.1'
set service dhcp-server shared-network-name trusted subnet '10.42.0.0/24' default-router '10.42.0.1'
#configure its NAT
set nat source rule 100 outbound-interface 'eth0'
set nat source rule 100 translation address 'masquerade'
set nat source rule 100 source address '10.42.0.0/24'
#now configure its DNS
set service dns forwarding listen-address '10.42.0.1'
set service dns forwarding allow-from '10.0.0.0/8'
set service dns forwarding name-server '9.9.9.9'
set service dns forwarding name-server '149.112.112.112'
set service dns forwarding name-server '1.1.1.1'
set service dns forwarding name-server '1.0.0.1'
set service dns forwarding dnssec 'process'
set system name-server '10.42.0.1'
#set firewall rules for traffic from LOCAL
set firewall name LOCAL-trusted default-action 'accept'
set firewall name LOCAL-WAN default-action 'accept'
#firewall rules for traffic from trusted
set firewall name trusted-LOCAL default-action 'accept'
set firewall name trusted-WAN default-action 'accept'
#set firewall rules for traffic from WAN
#WAN -> LOCAL
set firewall name WAN-LOCAL default-action 'drop'
set firewall name WAN-LOCAL rule 5 action 'accept'
set firewall name WAN-LOCAL rule 5 state established 'enable'
set firewall name WAN-LOCAL rule 5 state related 'enable'
set firewall name WAN-LOCAL rule 5 description "Allow EST/Related Traffic"
set firewall name WAN-LOCAL rule 20 protocol 'icmp'
set firewall name WAN-LOCAL rule 20 state new 'enable'
set firewall name WAN-LOCAL rule 20 action 'accept'
#WAN -> trusted
set firewall name WAN-trusted default-action 'drop'
set firewall name WAN-trusted rule 5 action 'accept'
set firewall name WAN-trusted rule 5 state established 'enable'
set firewall name WAN-trusted rule 5 state related 'enable'
set firewall name WAN-trusted rule 5 description "Allow EST/Related Traffic"
set firewall name WAN-trusted rule 20 protocol 'icmp'
set firewall name WAN-trusted rule 20 state new 'enable'
set firewall name WAN-trusted rule 20 action 'accept'
#setup the zone-policy
#LOCAL
set zone-policy zone LOCAL local-zone
set zone-policy zone LOCAL from trusted firewall name trusted-LOCAL
set zone-policy zone LOCAL from WAN firewall name WAN-LOCAL
set zone-policy zone LOCAL default-action drop
#trusted
set zone-policy zone trusted default-action drop
set zone-policy zone trusted from WAN firewall name WAN-trusted
set zone-policy zone trusted from LOCAL firewall name LOCAL-trusted
set zone-policy zone trusted interface eth1
#WAN
set zone-policy zone WAN default-action drop
set zone-policy zone WAN from trusted firewall name trusted-WAN
set zone-policy zone WAN from LOCAL firewall name LOCAL-WAN
set zone-policy zone WAN interface 'eth0'
#fire up the WAN
set interfaces ethernet eth0 address 'dhcp'
set interfaces ethernet eth0 description 'WAN'
#commit
#save
For some reason, when I run the script, I get: āConfiguration error: Chain āLOCAL-WANā being used in system. Cannot use it as a ruleset nameā and similar output for āLOCAL-trustedā and ātrusted-LOCALā
I am not sure what this means, but my firewall rules arenāt populating in the config, so I assume thereās something wrong.
What does this error mean? What did I mess up?