VyOS 1.0.5 – A new appliance for OpenNebula’s marketplace

I’ve just published a new appliance. This is my second appliance for the marketplace and this time I’ve created an image for VyOS, the community fork of Vyatta. Vyatta was acquired by Brocade two years ago and no new Vyatta Core images were released. That’s why I’m delivering this image for KVM in case you need a Vyatta based virtual router for your cloud.

The image is available in the marketplace and it’s already loaded with a contextualization script that will, hopefully, configure the network interfaces with an IP address and add ssh public key for the vyos user.

The user is vyos and the password is also vyos. More instructions are include in the marketplace.

If you want to host this image so the download time is quicker please let me know. Also if you need my help or find a problem with the image don’t hesitate to contact me.

See ya!



Preparing the lab – Vyatta NAT Masquerade

Vyatta documentation (available after registration) provides many configuration examples and full command syntax reference. Today I’m going to explain how to set Masquerade NAT in Vyatta Core. Please forgive me if my explanation is not quite clear, let me know if you need more information (leave comments!)

My lab has started with a basic configuration where I’m not using VLAN (but I will…) so I’ve configured several interfaces in my Vyatta Core router. I want my virtual machines to be able to get packets from Internet but unfortunately the router which connects me to Internet has no way to add routes so it doesn’t know how to deal with packages from the networks behind my router.


I need to translate the source address of packages from,, and networks so one address of network is used when those networks try to connect to Internet. I will configure “Masquerade” NAT so the eth0 IP address of my Vyatta Core router (watson) will be used as the source address for package source translation. For example, if I want to translate source address packets with the one set in eth0 I’ll use this commands:

//I've used 10 as the route number identifier, but you can use any other unused number in your configuration
vyatta@one-router:~$ configure
vyatta@one-router# set nat source rule 10 outbound-interface eth0
vyatta@one-router# set nat source rule 10 source address
vyatta@one-router# set nat source rule 10 translation address masquerade
vyatta@one-router# commit
vyatta@one-router# save

OK, thanks to this masquerade NAT, my virtual machine can download packages from Internet. Important: this translation won’t allow these virtual machines to be reachable from Internet.