I run many different hypervisors in my lab and I always isolate them on private networks so I don’t screw up the internet connection for my wife and kids.
In the past I’ve been using Windows 2012 R2 and the Routing & Remote Access Role, but as time moves on I’ve tried to do the same with Windows 2016 without any luck.
Way before that in 2009 I used Vyatta which no longer exists. Luckily there’s a community fork of Vyatta called VyOS. It’s extreme lightweight and only requires 512MB RAM and 2GB of storage.
So lets just get started and see how you can provide internet access to your Internal Network and enable RDP connection from External to Internal Network.
First you’ll need to download the ISO image called vyos-1.1.7-amd64 from here. Since I’m using Nutanix I’m going to select Image Configuration to Upload the ISO image.
Fill in the information to Create the Image.
Next up is to create a new VM with 0.5GB of memory and a disk with 2GB. Click Add New Disk and make sure to set Bus Type to IDE.
Click Add New Disk again, but this time set Type to CDROM and use Clone from Image Service to select the ISO you uploaded earlier.
For the configuration below you’ll set eth0 as External and eth1 as Internal.
Simply start the VM and log in with vyos/vyos and type Install Image, the rest is straight forward.
Finally let’s do the IP configuration and enable SSH.
set interfaces ethernet eth0 address 192.168.2.254/24
set interfaces ethernet eth0 description External
set interfaces ethernet eth1 address 192.168.1.1/24
set interfaces ethernet eth1 description Internal
set service ssh listen-address 192.168.2.254
Now with SSH access enabled you can use Putty to copy/paste the rest of the commands.
set protocols static route 0.0.0.0/0 next-hop 192.168.2.1
set nat source rule 5010 outbound-interface eth0
set nat source rule 5010 source address 192.168.1.0/24
set nat source rule 5010 translation address masquerade
set service dns forwarding name-server 188.8.131.52
set service dns forwarding cache-size 150
set service dns forwarding listen-on eth1
set nat destination rule 10 inbound-interface eth0
set nat destination rule 10 destination port 3389
set nat destination rule 10 description 'RDP to 192.168.1.10'
set nat destination rule 10 protocol tcp
set nat destination rule 10 translation address 192.168.1.10
set nat destination rule 11 inbound-interface eth0
set nat destination rule 11 destination port 27000
set nat destination rule 11 description 'Citrix License Server to 192.168.1.10'
set nat destination rule 11 protocol tcp
set nat destination rule 11 translation address 192.168.1.10
set nat destination rule 12 inbound-interface eth0
set nat destination rule 12 destination port 7279
set nat destination rule 12 description 'Check-in/check-out of Citrix licenses to 192.168.1.10'
set nat destination rule 12 protocol tcp
set nat destination rule 12 translation address 192.168.1.10
So there’s my RDP Jump Host on DC-01 (192.168.1.10) which I’m using with Devolutions Remote Desktop Manager.
VyOS is extremly powerful and I’ve just scratched the surface with my configuration above. To learn more about Firewall and other settings check out this blog post from MVP Thomas Vochten.
I also found the following post showing how to install Citrix XenServer Tools and create a VyOS Template. If you go that route, don’t include the network adapters as part of the template, but add during the import.