forked from vmware/PowerCLI-Example-Scripts
/
vyos.template
66 lines (56 loc) · 2.96 KB
/
vyos.template
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
configure
set service ssh port 22
set interfaces ethernet eth0 address '[MANAGEMENT_ADDRESS]'
set interfaces ethernet eth0 description 'Outside'
set interfaces ethernet eth1 address '192.168.0.1/24'
set interfaces ethernet eth1 description 'Inside'
set nat source rule 100 outbound-interface 'eth0'
set nat source rule 100 translation address '[MANAGEMENT_IP]'
set nat source rule 100 translation address 'masquerade'
set protocols static route 0.0.0.0/0 next-hop [MANAGEMENT_GATEWAY]
set interfaces ethernet eth1 mtu '1700'
set interfaces ethernet eth1 vif 10 address '172.30.10.1/24'
set interfaces ethernet eth1 vif 10 description 'VLAN 10 for MGMT'
set interfaces ethernet eth1 vif 20 address '172.30.20.1/24'
set interfaces ethernet eth1 vif 20 description 'VLAN 20 for HOST VTEP'
set interfaces ethernet eth1 vif 20 mtu '1700'
set interfaces ethernet eth1 vif 30 address '172.30.30.1/24'
set interfaces ethernet eth1 vif 30 description 'VLAN 30 for EDGE VTEP'
set interfaces ethernet eth1 vif 30 mtu '1700'
set interfaces ethernet eth1 vif 40 address '172.30.40.1/24'
set interfaces ethernet eth1 vif 40 description 'VLAN 40 for EDGE UPLINK'
set interfaces ethernet eth1 vif 40 mtu '1700'
set nat destination rule 100 description 'RDP to [JUMPHOST_VM_IP]:3389'
set nat destination rule 100 destination port '3389'
set nat destination rule 100 inbound-interface 'eth0'
set nat destination rule 100 protocol 'tcp'
set nat destination rule 100 translation address '192.168.0.10'
set nat destination rule 100 translation port '3389'
set service dns forwarding domain [MANAGEMENT_DNS_DOMAIN] server [MANAGEMENT_DNS_SERVER]
set service dns forwarding domain 10.30.172.in-addr.arpa. server [MANAGEMENT_DNS_SERVER]
set service dns forwarding domain 20.30.172.in-addr.arpa. server [MANAGEMENT_DNS_SERVER]
set service dns forwarding domain 30.30.172.in-addr.arpa. server [MANAGEMENT_DNS_SERVER]
set service dns forwarding domain 40.30.172.in-addr.arpa. server [MANAGEMENT_DNS_SERVER]
set service dns forwarding allow-from 0.0.0.0/0
set service dns forwarding listen-address 192.168.0.1
set service dns forwarding listen-address 172.30.10.1
set service dns forwarding listen-address 172.30.20.1
set service dns forwarding listen-address 172.30.30.1
set service dns forwarding listen-address 172.30.40.1
set service dns forwarding name-server 8.8.8.8
set service dns forwarding name-server 8.8.8.4
set nat source rule 10 outbound-interface eth0
set nat source rule 10 source address 172.30.10.0/24
set nat source rule 10 translation address masquerade
set nat source rule 20 outbound-interface eth0
set nat source rule 20 source address 172.30.20.0/24
set nat source rule 20 translation address masquerade
set nat source rule 30 outbound-interface eth0
set nat source rule 30 source address 172.30.30.0/24
set nat source rule 30 translation address masquerade
set nat source rule 40 outbound-interface eth0
set nat source rule 40 source address 172.30.40.0/24
set nat source rule 40 translation address masquerade
commit
save
exit