Created
August 23, 2022 22:10
-
-
Save usrbinkat/7fc3788b2326c25df0e5578b922c785d to your computer and use it in GitHub Desktop.
VyOS nip.io troubleshooting
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#cloud-config | |
ssh_authorized_keys: | |
- ssh-rsa AAAAB3Nz..truncated..x8yI8KlVt2U= admin@mprcs | |
vyos_config_commands: | |
- configure | |
- set firewall all-ping 'enable' | |
- set firewall syn-cookies 'enable' | |
- set firewall config-trap 'disable' | |
- set firewall log-martians 'enable' | |
- set firewall ip-src-route 'disable' | |
- set firewall send-redirects 'enable' | |
- set firewall broadcast-ping 'disable' | |
- set firewall ipv6-src-route 'disable' | |
- set firewall source-validation 'disable' | |
- set firewall receive-redirects 'disable' | |
- set firewall ipv6-receive-redirects 'disable' | |
- set firewall twa-hazards-protection 'disable' | |
- set firewall name OUTSIDE-IN default-action 'drop' | |
- set firewall name OUTSIDE-IN rule 10 action 'accept' | |
- set firewall name OUTSIDE-IN rule 10 state established 'enable' | |
- set firewall name OUTSIDE-IN rule 10 state related 'enable' | |
- set firewall name OUTSIDE-LOCAL default-action 'drop' | |
- set firewall name OUTSIDE-LOCAL rule 10 action 'accept' | |
- set firewall name OUTSIDE-LOCAL rule 10 state established 'enable' | |
- set firewall name OUTSIDE-LOCAL rule 10 state related 'enable' | |
- set firewall name OUTSIDE-LOCAL rule 20 action 'accept' | |
- set firewall name OUTSIDE-LOCAL rule 20 icmp type-name 'echo-request' | |
- set firewall name OUTSIDE-LOCAL rule 20 protocol 'icmp' | |
- set firewall name WAN-IN default-action 'drop' | |
- set firewall name WAN-IN rule 10 action 'accept' | |
- set firewall name WAN-IN rule 10 state established 'enable' | |
- set firewall name WAN-IN rule 10 state related 'enable' | |
- set firewall name WAN-LOCAL default-action 'drop' | |
- set firewall name WAN-LOCAL rule 10 action 'accept' | |
- set firewall name WAN-LOCAL rule 10 state established 'enable' | |
- set firewall name WAN-LOCAL rule 10 state related 'enable' | |
- set firewall name WAN-LOCAL rule 20 action 'accept' | |
- set firewall name WAN-LOCAL rule 20 icmp type-name 'echo-request' | |
- set firewall name WAN-LOCAL rule 20 protocol 'icmp' | |
- set firewall name WAN-LOCAL rule 20 state new 'enable' | |
- set firewall name WAN-LOCAL rule 30 action 'drop' | |
- set firewall name WAN-LOCAL rule 30 destination port '2222' | |
- set firewall name WAN-LOCAL rule 30 protocol 'tcp' | |
- set firewall name WAN-LOCAL rule 30 recent count '4' | |
- set firewall name WAN-LOCAL rule 30 recent time '60' | |
- set firewall name WAN-LOCAL rule 30 state new 'enable' | |
- set firewall name WAN-LOCAL rule 31 action 'accept' | |
- set firewall name WAN-LOCAL rule 31 destination port '2222' | |
- set firewall name WAN-LOCAL rule 31 protocol 'tcp' | |
- set firewall name WAN-LOCAL rule 31 state new 'enable' | |
- set interfaces ethernet eth0 address 'dhcp' | |
- set interfaces ethernet eth0 address 'dhcpv6' | |
- set interfaces ethernet eth0 description 'WAN' | |
- set interfaces ethernet eth0 firewall in name 'WAN-IN' | |
- set interfaces ethernet eth0 firewall local name 'WAN-LOCAL' | |
- set interfaces ethernet eth1 address '192.168.1.1/16' | |
- set interfaces ethernet eth1 description 'LAN' | |
- set interfaces loopback lo | |
- set nat source rule 100 outbound-interface 'eth0' | |
- set nat source rule 100 translation address 'masquerade' | |
- set protocols static route 0.0.0.0/0 next-hop 10.0.0.1 | |
- set service dhcp-server shared-network-name LAN subnet 192.168.1.0/24 default-router '192.168.1.1' | |
- set service dhcp-server shared-network-name LAN subnet 192.168.1.0/24 dns-server '192.168.1.1' | |
- set service dhcp-server shared-network-name LAN subnet 192.168.1.0/24 domain-name 'home.arpa' | |
- set service dhcp-server shared-network-name LAN subnet 192.168.1.0/24 lease '86400' | |
- set service dhcp-server shared-network-name LAN subnet 192.168.1.0/24 range 0 start '192.168.1.100' | |
- set service dhcp-server shared-network-name LAN subnet 192.168.1.0/24 range 0 stop '192.168.1.249' | |
- set service dhcp-server hostfile-update | |
- set service dns forwarding cache-size '1000' | |
- set service dns forwarding allow-from '0.0.0.0/0' | |
- set service dns forwarding listen-address '0.0.0.0' | |
- set service dns forwarding name-server '1.1.1.1' | |
- set service dns forwarding name-server '1.0.0.1' | |
- set service dns forwarding name-server '8.8.8.8' | |
- set service dns forwarding name-server '8.8.4.4' | |
- set system name-server '127.0.0.1' | |
- set service ssh client-keepalive-interval '180' | |
- set service ssh listen-address '0.0.0.0' | |
- set service ssh port '2222' | |
- delete service ssh port '22' | |
- set system config-management commit-revisions '100' | |
- set system console device ttyS0 speed '9600' | |
- set system host-name 'vyos' | |
- set system domain-name 'home.arpa' | |
- set system login user vyos authentication plaintext-password asdfqwer1234 | |
- set system login user vyos authentication public-keys vyos key 'AAAAB3NzaC..truncated..ox8yI8KlVt2U=' | |
- set system login user vyos authentication public-keys vyos type 'ssh-rsa' | |
- set service ssh disable-password-authentication | |
- set system ntp server 0.pool.ntp.org | |
- set system ntp server 1.pool.ntp.org | |
- set system ntp server 2.pool.ntp.org | |
- set system syslog global facility all level 'notice' | |
- set system syslog global facility protocols level 'debug' | |
- commit | |
- save |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment