I switched my internet service provider a while ago. The router that I have received from my new provider came with no option to change the LAN subnet addressing or prefix. Being stuck with a /24 prefix for both personal devices and homelab needs was a hard pill to swallow. Although I have never actually gotten to a point where I utilized an entire /24 subnet before. The reason was that labs were already set up with a larger and different subnet on my older connection. Plus, having a large prefix gives more flexibility in how things can be segmented. Unfortunately, changing the firmware to something like DD-WRT was not an option, either. Therefore, I had to rely on a virtual router in order to expand my local network.
I chose VyOS, an open source router, to do this. It is really lightweight and simple to configure, and it fits my use case exactly how I wanted it to. I deployed it on my oVirt cluster, with the following setup in mind:
As displayed above, I would like that my VMs in prefix (172.20.20.0/20) are able to reach internet or any other service available in the main LAN (10.0.1.0/24). Therefore, I’m going to let VyOS act as the NAT Gateway for those VMs.
After downloading VyOS image and uploading it to oVirt, I created a minimal VM for this purpose. 1 vCPU, 1GB RAM, 2 vNICs was all that I needed. You can follow the installation steps from the official website.
Linux vyos 3.13.11-1-amd64-vyos #1 SMP Sat Nov 11 12:10:30 CET 2017 x86_64 Welcome to VyOS. This system is open-source software. The exact distribution terms for each module comprising the full system are described in the individual files in /usr/share/doc/*/copyright. Last login: Mon Jan 25 19:25:01 2021 vyos@vyos:~$ configure [edit]
After first login, I committed the following configuration to it:
set interfaces ethernet eth0 address '172.20.20.1/20' set interfaces ethernet eth0 description 'Lab' set interfaces ethernet eth1 address '10.0.1.254/24' set interfaces ethernet eth1 description 'Internet' set interfaces loopback 'lo' set nat source rule 300 outbound-interface 'eth1' set nat source rule 300 source address '172.20.20.1/20' set nat source rule 300 translation address 'masquerade' set protocols static route 0.0.0.0/0 next-hop '10.0.1.1' set service ssh 'allow-root' set service ssh port '22' set system config-management commit-revisions '20' set system console device ttyS0 speed '9600' set system login user vyos authentication encrypted-password '$1$c/FMMdJu$dXntw2ftW2POghzbhpwCP1' set system login user vyos authentication plaintext-password '' set system login user vyos level 'admin' set system ntp server '[0.pool.ntp.org](<http://0.pool.ntp.org/>)' set system ntp server '[1.pool.ntp.org](<http://1.pool.ntp.org/>)' set system ntp server '[2.pool.ntp.org](<http://2.pool.ntp.org/>)' set system package repository community components 'main' set system package repository community distribution 'helium' set system package repository community url '[<http://packages.vyos.net/vyos>](<http://packages.vyos.net/vyos>)' set system syslog global facility all level 'notice' set system syslog global facility protocols level 'debug'
The key parts relevant to this post are the nat configs:
set nat source rule 300 outbound-interface 'eth1' set nat source rule 300 source address '172.20.20.1/20' set nat source rule 300 translation address 'masquerade' set protocols static route 0.0.0.0/0 next-hop '10.0.1.1'
That it. Now all of my previous VMs are using VyOS as their gateway, and their internet access is restored. Last step was adding a static route on my machine to reach the Lab VMs via 10.0.1.254.
Lab On 🤘