VyOS 1.0.5 – A new appliance for OpenNebula’s marketplace

I’ve just published a new appliance. This is my second appliance for the marketplace and this time I’ve created an image for VyOS, the community fork of Vyatta. Vyatta was acquired by Brocade two years ago and no new Vyatta Core images were released. That’s why I’m delivering this image for KVM in case you need a Vyatta based virtual router for your cloud.

The image is available in the marketplace and it’s already loaded with a contextualization script that will, hopefully, configure the network interfaces with an IP address and add ssh public key for the vyos user.

The user is vyos and the password is also vyos. More instructions are include in the marketplace.

If you want to host this image so the download time is quicker please let me know. Also if you need my help or find a problem with the image don’t hesitate to contact me.

See ya!


Vyatta quick commands

Here are some commands that you may find useful when using Vyatta:

  • Set a Default Gateway: set system gateway-address x.x.x.x where x.x.x.x is an IPv4 address.
  • Set a hostname: set system host-name a_host_name
  • Set the domain name: set system domain-name a_domain_name
  • Change password for vyatta user: set system login user vyatta authentication plaintext-password a_new_password

Have a nice day!

Preparing the lab – Vyatta NAT Masquerade

Vyatta documentation (available after registration) provides many configuration examples and full command syntax reference. Today I’m going to explain how to set Masquerade NAT in Vyatta Core. Please forgive me if my explanation is not quite clear, let me know if you need more information (leave comments!)

My lab has started with a basic configuration where I’m not using VLAN (but I will…) so I’ve configured several interfaces in my Vyatta Core router. I want my virtual machines to be able to get packets from Internet but unfortunately the router which connects me to Internet has no way to add routes so it doesn’t know how to deal with packages from the networks behind my router.


I need to translate the source address of packages from,, and networks so one address of network is used when those networks try to connect to Internet. I will configure “Masquerade” NAT so the eth0 IP address of my Vyatta Core router (watson) will be used as the source address for package source translation. For example, if I want to translate source address packets with the one set in eth0 I’ll use this commands:

//I've used 10 as the route number identifier, but you can use any other unused number in your configuration
vyatta@one-router:~$ configure
vyatta@one-router# set nat source rule 10 outbound-interface eth0
vyatta@one-router# set nat source rule 10 source address
vyatta@one-router# set nat source rule 10 translation address masquerade
vyatta@one-router# commit
vyatta@one-router# save

OK, thanks to this masquerade NAT, my virtual machine can download packages from Internet. Important: this translation won’t allow these virtual machines to be reachable from Internet.

My first OpenNebula appliance in the Marketplace

I’m very happy to announce that today I’ve uploaded my first appliance to OpenNebula’s Marketplace. For my first appliance I’ve choosen Vyatta Core’s virtual router/firewall.

It was difficult to make the contextualization work but it helped me to learn more about OpenNebula and Vyatta. Please leave your comments or contact me if you find any problem with this image.

Thanks to Vyatta’s forum and other blogs I could understand how I could configure automatically the interface addresses. I want to share with you many links that were helpful:

I’d also like to thank C12G for Marketplace and my friend Jose David for hosting the image.

I hope this image works for you and that you find it useful.


CentOS 6.3: Installing a TFTPD server for uploading configuration files

These days I’m reading Vyatta Core’s documentations as I’m planning to deploy virtual routers and firewalls on my OpenNebula cloud laboratory. I remember the days I worked with Cisco routers and how many times I had to use a tftp server to store configurations. You don’t need a tftp to store remotely your virtual router configurations (you can use ssh or ftp) but I feel nostalgic and I want to use that server in my CentOS machine.

yum install tftp-server
adduser tftpd
chown tftpd:tftpd /var/lib/tftpboot
# if you are running iptables and want to save your firewall rules
iptables -I INPUT -p udp --dport 69 -j ACCEPT
service iptables save
# if you want xinetd/tftpd start on boot
chkconfig xinetd on

I’ve created a tftpd user and added some parameters suggested in the /usr/share/doc/tftp-server-0.49/README.security. As I want to be able to upload files I need -c and -p arguments and I’ve set the umask for the new files 117 (read write permissions for tftpd user and group). These are the lines I’ve modified in the /etc/xinitd.d/tftpd :

  • disable = no
  • server_args = -c -p -u tftpd -U 117 -s /var/lib/tftpboot

Finally start the xinetd service:

  • service xinetd start

Your TFTPD server will be running in the UDP 69 port.