Morroni Blog

I just can’t say enough about how great of a routing platform Vyatta is.  There has not been anything that I have tried to do that Vyatta was not capable of doing.  Not only is it capable but it is easy to understand and the documentation/community is awesome.  I recently decided to put a firewall up between us and the other business using our internet connection.  Here are the firewall rules I used:
firewall {
name Lan2Lan {
description "Block Internal LAN Interaction"
rule 10 {
action reject
description "Block 10.1.2.x to 192.168.2.x"
destination {
address 192.168.2.0/24
}
log disable
protocol all
source {
address 10.1.2.0/24
}
}
rule 20 {
action reject
description "Block 192.168.2.x to 10.1.2.x"
destination {
address 10.1.2.0/24
}
log disable
protocol all
source {
address 192.168.2.0/24
}
}
rule 30 {
action accept
description "Allow All Traffic Not Previously Blocked"
destination {
address 0.0.0.0/0
}
log disable
protocol all
source {
address 0.0.0.0/0
}
}
}
}


The next step is to add the rule to the interface
ethernet eth1 {
address 192.168.2.1/24
firewall {
in {
name Lan2Lan
}
}
hw-id 00:1b:21:07:f3:27
}


The other cool trick that I did was I setup the Vyatta DHCP server to serve out the TFTP server address for our VOIP phone system. Now our office phones are plug and play based on MAC address. Here is the relevant configuration section.:
shared-network-name XXXXXX {
authoritative disable
subnet 10.1.2.0/24 {
default-router 10.1.2.1
dns-server 10.1.2.1
start 10.1.2.100 {
stop 10.1.2.200
}
tftp-server-name 10.1.2.88
}
}
}