Zenn
🌐

Proxmox+VyOS1.2.8 LTSでPPPoEでフレッツプロバイダに接続する

2021/08/31に公開
VyOS
tech

Proxmoxの仮想マシンにてeth0とeth1をvirtIOで追加しています
NICによっては、「Large Receive Offload」を無効化する必要があります。
eth0 WAN
eth1 LAN
としています。

set interfaces pppoe pppoe0 description 'WAN'
set interfaces pppoe pppoe0 authentication user プロバイダユーザ名
set interfaces pppoe pppoe0 authentication password プロバイダパスワード
set interfaces pppoe pppoe0 connect-on-demand
set interfaces pppoe pppoe0 default-route 'auto'
set interfaces pppoe pppoe0 mtu 1454
set interfaces pppoe pppoe0 source-interface 'eth0'

set interfaces ethernet eth1 address 172.16.103.1/24
set nat source rule 100 translation address masquerade
set nat source rule 100 source address 172.16.103.0/24
set nat source rule 100 outbound-interface pppoe0

set policy route PPPOE-IN rule 100 protocol 'tcp'
set policy route PPPOE-IN rule 100 set tcp-mss '1414'
set policy route PPPOE-IN rule 100 tcp flags 'SYN'
set interfaces ethernet eth0 policy route 'PPPOE-IN'
set interfaces ethernet eth1 policy route 'PPPOE-IN'
commit
save

とりあえずこれでping叩いてあげると繋がります。

ping 1.1.1.1
curl httpbin.org/ip
show interfaces

後のfirewallなどの細かい設定はお好みに応じてどうぞ。

set service ssh port 22
set system time-zone Asia/Tokyo

ポート開放例
グローバルIP:8080 --> 172.16.103.10:80 に変換

set nat destination rule 200 destination port 8080
set nat destination rule 200 protocol tcp
set nat destination rule 200 translation address 172.16.103.10
set nat destination rule 200 translation port 80
set nat destination rule 200 inbound-interface pppoe0

commit
save

Firewall

set firewall name OUTSIDE-LOCAL default-action 'drop'
set firewall name OUTSIDE-LOCAL rule 10 action 'accept'
set firewall name OUTSIDE-LOCAL rule 10 state established 'enable'
set firewall name OUTSIDE-LOCAL rule 10 state related 'enable'

set interfaces pppoe pppoe0 firewall in name 'OUTSIDE-IN'
set interfaces pppoe pppoe0 firewall local name 'OUTSIDE-LOCAL'

commit
save

ポート開放例+Firewall

set firewall name OUTSIDE-IN rule 31 action 'accept'
set firewall name OUTSIDE-IN rule 31 protocol 'tcp'
set firewall name OUTSIDE-IN rule 31 destination port '8080'
set firewall name OUTSIDE-IN rule 31 state new 'enable'

set firewall name OUTSIDE-IN rule 32 action 'accept'
set firewall name OUTSIDE-IN rule 32 protocol 'tcp'
set firewall name OUTSIDE-IN rule 32 destination port '80'
set firewall name OUTSIDE-IN rule 32 state new 'enable'

commit
save

Q.VyOS1.2.8 LTSが欲しいです
下記手順を参考にしてビルドしてあげる必要があります(無料)
https://qiita.com/s64s_y/items/f2b32f4ba257fbab9358
ビルドしたくない場合かコミュニティ以外のサポート必要なら下記(有料)
https://vyos.io/subscriptions/support/

参考文献:
https://docs.vyos.io/en/equuleus/quick-start.html
https://naga-sawa.hatenadiary.org/entry/20171203/1512301821
https://kt-hiro.hatenablog.com/entry/20180813/1534125175
https://qiita.com/kousokujin/items/a61d8bb679d28e23ff69
https://support.vyos.io/en/kb/articles/sub-interfaces-pppoe
https://harablo2012.blogspot.com/2018/09/vyos.html

Discussion