Setting up Environment
Couple days ago I had to expand my Virtual environment to install more virtual machines and do some more experimentation, so instead of using VMware ESXi, I used Citrix XENServer.
It was a good experience installing xenserver, just a matter of putting in the installation CD and then following steps.
Once I was done installing the xenserver, the first step was to create new virtual servers inside and setup the internal networking.For networking part the obvious choice was Vyatta (VYATTA CORE 6.4).
Here is the setup diagram
Virtual Server Space - Network Topology |
Setting up ISO Library in XenCenter was really easy. I used the downloaded Vyatta-virtual-64bit ISO anda Ubuntu Server ISO to install both Vyatta - routing and firewall, and a Ubuntu Server- OpenSIPS server.
I assigned two NICs to Vyatta one being bridged to physical interface to interact with the outer world the second interface is connected to a virtual switch created inside the xenserver to communicate with the internal servers.
OpenSIPS server on the other hand is connected only to the virtual switch and uses the Vyatta router as its gateway. I had to configure NAT on the Vyatta router for this to work.
Here's how we do NAT on Vyatta to let the traffic coming from private network successfully reach out to the internet.
GW-Vyatta:~$configure
GW-Vyatta#set interfaces ethernet eth0 address 172.16.31.101/16 GW-Vyatta#set system gateway-address 172.16.2.50 GW-Vyatta#set system name-server 8.8.8.8 GW-Vyatta#commitVerify that Router can itself reach out to internet.
GW-Vyatta#ping www.google.com
Start SSH Service on Vyatta routerGW-Vyatta#set service ssh listen-address 172.16.31.101
GW-Vyatta#commit
Configure the LAN interface on eth1.GW-Vyatta#set interfaces ethernet eth1 address 192.168.30.1/24
GW-Vyatta#commit
Set Masquerade NAT for traffic from LAN to get translated to WAN address.GW-Vyatta#set nat source rule 5 outbound-interface eth0
GW-Vyatta#set nat source rule 5 source address 192.168.30.0/24
GW-Vyatta#set nat source rule 5 translation address masquerade
GW-Vyatta#commit
W-Vyatta#run show nat source statistics
GW-Vyatta#set nat destination rule 5 inbound-interface eth0
GW-Vyatta#set nat destination rule 5 destination port 22303
GW-Vyatta#set nat destination rule 5 translation address 192.168.30.3
GW-Vyatta#set nat destination rule 5 translation port 22
GW-Vyatta#set nat destination rule 5 protocol tcp
GW-Vyatta#commit
GW-Vyatta#run show nat destination statistics GW-Vyatta#save GW-Vyatta#exit
That was it and I can access internet from my OpenSIPS server and also SSH into my server from outside the virtual environment. The next thing would be to make this setup work with two-way audio. For that I may need to setup VPN or something IDK.
Thank you for sharing this!! I'm new to Vyatta and was handed old notes. Of course, they didn't work with 6.4. Using your commands as samples help me put it all together.
ReplyDeleteThanks again!!