Vyatta, an Open Source network router OS.

I've found one of the gems of the Open Source world, if you're looking for a competitive and feature rich router, you should consider Vyatta. Recently I installed it and configured to be my home router. Its also worth mentioning that even though you don't need much for your home network, Vyatta can also compete in the enterprise and apparently --gasp!-- outperforms Cisco consistently in many areas.

Installing Vyatta was extremely easy, I got their LiveCD, booted into it and ran their install script. The options and settings were very easy to understand and for the most part I chose all the defaults.

The hardware I chose for this seems ideal for the purpose although I am afraid it could overheat eventually, only time will tell. Its a small compact PC without any fans, the case itself acts as a heat sink, but it still gets warm easily. The benefits of this hardware is its size, it has a fast processor (1.2Ghz), 512mb of ram and 2x Gig nics. It's similar to the one pictured here.

Configuring it was a little bit trickier than installing it but with tons of help online, I figured out how to get started quickly. Although the Vyatta system has a WebGUI (you must enable it first), I chose to do all the configuration via the command line. When you're looking for help, there is a lot more information on how to do things with the command line. The system sits on top of Debian so I felt right at home on the command line, tab completion works and, much like other Open Source appliance-style sytems, tabbing completes your commands and shows the next available options.

In order to configure the Vyatta system, you need to feel comfortable with the command line; the system must be configured from scratch. There are no templates, or configured options, nothing works out of the box, you have to configure each ethernet card, then you have to configure the networking configuration between the two (or more) ehternet cards. I'm pretty comfortable in these type of environments but I'm not a networking expert and some of the firewall concepts were confusing, to say the least. At one point I gave up on trying to revert some changes and instead I reinstalled the whole thing. It only takes about 6 minutes to install, and after this I made a copy of the initial configuration so I could restore it quickly instead of having to reinstall again if I messed it up again. Luckily I didn't have to.

I should also mention that the documentation available from Vyatta is great and its available officially in PDF directly from them, there are also forums which seem pretty active with a sizeable community growing.

In addition to the official docs, I found this great guide to help me with the firewall configurations, and towards the end I found a simple configuration to simulate what a standard home router would do (look at section 6). I had found parts of the configuration described there previously at The Complete Geek's site. For starters setting up the NAT translation was enough to get my system working.

Just to confirm that my system was somewhat secure, I tried running an nmap scan against my IP. The scan revealed no open ports. I also used this site to run another scan, and the results were good as well.

Next I need to figure out:
How to configure the router to accept SSH connections from the outside world. I already changed the SSH port but I can only access it from within my internal network.
How to map ports to specific hosts behind the firewall.
Configure a VPN.
Fine tune firewall.
Set it to use NTP to update its time, and make it an NTP for my internal network.
Set webcaching on.
Configure dynamic DNS so I can host services behind it.

So much to do, so little time. Oh yeah, and check out some of the too hot for print ads in the community section of the Vyatta page.

Similar Posts