Browsable dating sites
Vyatta is configured with 3 NICs, one will reside on each subnet.
The following diagram illustrates the configuration and traffic.
For a post that is a little more advanced, try this one: Create a Router With Front Firewall Using Vyatta on VMware Workstation. It now connects traffic between my physical network, my production virtual network, and my virtual lab running on ESX 3.5.
🙂 A few weeks ago, I installed Vyatta Open Source as a router internal to my network to see how it handled traffic between multiple subnets. I put the router in place, assigned IP addresses to the NICs (network interface cards), and let the system do its thing.
I don’t know if Vyatta is on par with Cisco for performance, configuration, reporting, etc, but for the price, I’ll stick with Vyatta Community Edition for my network.
🙂 Vyatta can be run in a virtual machine, can be downloaded as a VMware Workstation virtual appliance and then imported into ESX, can run directly on a multitude of hardware, and can even run directly from CD, without installing on a hard drive (though this configuration obviously does not allow you to save changes that you make in the router software.) Make sure to check out Vyatta’s documentation. The file you’re looking for in particular for firewall stuff is: Vyatta_Security Ref_VC5_v03
We want the lab subnet (192.168.50.0/24) to be able to reach the client subnet (192.168.70.0/24) so it has Internet access, but not the production server subnet (192.168.60.0/24).
In the case of this system, for some tasks it’s a lot easier to use the command line interface (CLI).
We have 3 rule sets on each NIC, so our rule set for the lab subnet (NIC eth0) will be configured as: set firewall name eth0In Filter rule 10 action accept set firewall name eth0In Filter rule 10 source address 192.168.50.0/24 set firewall name eth0In Filter rule 10 destination address 192.168.70.0/24 set interfaces ethernet eth0 firewall in eth0In Filter set firewall name eth0Out Filter rule 10 action accept set firewall name eth0Out Filter rule 10 action source address 192.168.70.0/24 set firewall name eth0Out Filter rule 10 action destination address 192.168.50.0/24 set interfaces ethernet eth0 firewall out eth0Out Filter set firewall name eth0Local Filter rule 1000 action reject set firewall name eth0Local Filter rule 1000 source address 0.0.0.0/0 set interfaces ethernet eth0 firewall local eth0Local Filter Tip: I usually create rules in steps of 10 in case I need to go back and add a rule in the middle somewhere since firewall rules are first come / first served.
– The set firewall commands begin with assigning the ].
With this in mind, you could even set up a simple dummy rule that blocks port 80 traffic, ie. With this rule in place, all other traffic on that that hits that firewall would be blocked as well.
You would simply change rule 1000 for eth0Local Filter source to: [ad#Google Adsense-1] The rules for the production networks routing would be very similar to the rules above, as well as configuring rules from the client subnet to the other subnets.