[Vyatta-users] Static NAT problem, please help.
Hi all, I have test this config but i can acces to the A.B.C.64 protocols { static { disable: false route 0.0.0.0/0 { next-hop: D.E.F.17 metric: 1 } } } interfaces { restore: false loopback lo { description: address 10.0.0.65 { prefix-length: 32 disable: false } } ethernet eth0 { disable: false discard: false description: hw-id: 00:30:f1:42:04:c3 duplex: auto speed: auto address D.E.F.18 { prefix-length: 24 disable: false } } ethernet eth1 { disable: false discard: false description: hw-id: 00:30:f1:42:05:e8 duplex: auto speed: auto address A.B.C.95 { prefix-length: 24 disable: false } } } service { nat { rule 10 { type: source outbound-interface: eth0 protocols: all source { address: A.B.C.64 } destination { network: 0.0.0.0/0 } outside-address { address: D.E.F.18 } } rule 20 { type: destination inbound-interface: eth0 protocols: all source { network: 0.0.0.0/0 } destination { address: D.E.F.17 } inside-address { address: A.B.C.64 } } } ssh { port: 22 protocol-version: v2 } webgui { http-port: 80 https-port: 443 } } system { host-name: rt01-estephe domain-name: lateck.net name-server 80.118.192.100 name-server 80.118.196.36 time-zone: GMT+1 ntp-server 0.fr.pool.ntp.org ntp-server 1.fr.pool.ntp.org gateway-address: D.E.F.17 login { user root { full-name: authentication { encrypted-password: $1$clFX9FX5$kkPuLArr14RbI7amdbqgY/ plaintext-password: } } user rt1regis { full-name: Lateck authentication { encrypted-password: $1$7tHmdabZ$Kj46HbzxiakpxQMutPNAW1 plaintext-password: } } } package { auto-sync: 1 repository community { component: main url: http://archive.vyatta.com/vyatta; } } options { reboot-on-panic: true } } Routes: 5/5, Paths: 5/5 0.0.0.0/0[static(1)] to 212.94.181.17via eth0 10.0.0.65/32[connected(0)] to 10.0.0.65 via lo A.B.C.0/24[connected(0)] to A.B.C.95via eth1 127.0.0.0/8[connected(0)] to 127.0.0.1 via lo D.E.F.0/24[connected(0)] to D.E.F.18via eth0 Type Codes: SRC - source, DST - destination, MASQ - masquerade rule type IN OUT source destination translation - - -- --- --- 10SRC - eth0 A.B.C.640.0.0.0/0 D.E.F.18 20DST eth0 - 0.0.0.0/0 D.E.F.17 A.B.C.64 I have acess to the vyatta box with D.E.F.18 and A.B.C.95. but i can ping the A.B.C.64 Thanks! Régis BOULINEAU ___ Vyatta-users mailing list Vyatta-users@mailman.vyatta.com http://mailman.vyatta.com/mailman/listinfo/vyatta-users
[Vyatta-users] Static NAT problem, please help.
Hi all, This is my config for acces to web server in A.B.C.64 (its a public ip): protocols { static { disable: false route 0.0.0.0/0 { next-hop: E.F.G.17 metric: 1 } } } policy { } interfaces { restore: false loopback lo { description: address 10.0.0.65 { prefix-length: 32 disable: false } } ethernet eth0 { disable: false discard: false description: hw-id: 00:30:f1:42:04:c3 duplex: auto speed: auto address E.F.G.18 { prefix-length: 24 disable: false } } ethernet eth1 { disable: false discard: false description: hw-id: 00:30:f1:42:05:e8 duplex: auto speed: auto address A.B.C.95 { prefix-length: 24 disable: false } } } service { nat { rule 10 { type: source outbound-interface: eth0 protocols: all source { address: A.B.C.64 } destination { network: 0.0.0.0/0 } outside-address { address: E.F.G.17 } } rule 20 { type: destination inbound-interface: eth0 protocols: all source { network: 0.0.0.0/0 } destination { address: E.F.G.17 } inside-address { address: A.B.C.64 } } } ssh { port: 22 protocol-version: v2 } telnet { port: 23 } webgui { http-port: 80 https-port: 443 } } firewall { log-martians: enable send-redirects: disable receive-redirects: disable ip-src-route: disable broadcast-ping: disable syn-cookies: enable } system { host-name: rt01-estephe domain-name: x.net name-server 80.118.192.100 name-server 80.118.196.36 time-zone: GMT+1 ntp-server 0.fr.pool.ntp.org ntp-server 1.fr.pool.ntp.org gateway-address: E.F.G.17 login { user root { full-name: authentication { encrypted-password: --- plaintext-password: } } user --- { full-name: Regis authentication { encrypted-password: --- plaintext-password: } } } package { auto-sync: 1 repository community { component: main url: http://archive.vyatta.com/vyatta; } } options { reboot-on-panic: true } } Routes: 5/5, Paths: 5/5 0.0.0.0/0[static(1)] to E.F.G.17via eth0 10.0.0.65/32[connected(0)] to 10.0.0.65 via lo A.B.C.0/24[connected(0)] to A.B.C.95via eth1 127.0.0.0/8[connected(0)] to 127.0.0.1 via lo E.F.G.0/24[connected(0)] to E.F.G.18via eth0 My web server dont show http service but i can ping the A.B.C.64 Thanks! Régis BOULINEAU ___ Vyatta-users mailing list Vyatta-users@mailman.vyatta.com http://mailman.vyatta.com/mailman/listinfo/vyatta-users
Re: [Vyatta-users] Static NAT problem, please help.
Actually, if you use .18 you'll lose access to your vyatta box since you're doing an any/any match on the inbound nat. I'm not sure if vyatta will allow you to use a non-defined ip (such as .19 in your case) for the nat, as I've never tried it. You can on other firewalls though, so it might work. -- Aubrey Wells Senior Engineer Shelton | Johns Technology Group A Vyatta Ready Partner www.sheltonjohns.com On Dec 1, 2007, at 1:12 PM, Aubrey Wells wrote: You can't use an ip that is attached to a different device as the outside-address, otherwise all the inbound connections will terminate on the other device and it won't know what to do with them. You need to use .18 for the outside-address of the NAT. -- Aubrey Wells Senior Engineer Shelton | Johns Technology Group A Vyatta Ready Partner www.sheltonjohns.com On Dec 1, 2007, at 12:47 PM, Régis wrote: Hi all, This is my config for acces to web server in A.B.C.64 (it’s a public ip): protocols { static { disable: false route 0.0.0.0/0 { next-hop: E.F.G.17 metric: 1 } } } policy { } interfaces { restore: false loopback lo { description: address 10.0.0.65 { prefix-length: 32 disable: false } } ethernet eth0 { disable: false discard: false description: hw-id: 00:30:f1:42:04:c3 duplex: auto speed: auto address E.F.G.18 { prefix-length: 24 disable: false } } ethernet eth1 { disable: false discard: false description: hw-id: 00:30:f1:42:05:e8 duplex: auto speed: auto address A.B.C.95 { prefix-length: 24 disable: false } } } service { nat { rule 10 { type: source outbound-interface: eth0 protocols: all source { address: A.B.C.64 } destination { network: 0.0.0.0/0 } outside-address { address: E.F.G.17 } } rule 20 { type: destination inbound-interface: eth0 protocols: all source { network: 0.0.0.0/0 } destination { address: E.F.G.17 } inside-address { address: A.B.C.64 } } } ssh { port: 22 protocol-version: v2 } telnet { port: 23 } webgui { http-port: 80 https-port: 443 } } firewall { log-martians: enable send-redirects: disable receive-redirects: disable ip-src-route: disable broadcast-ping: disable syn-cookies: enable } system { host-name: rt01-estephe domain-name: x.net name-server 80.118.192.100 name-server 80.118.196.36 time-zone: GMT+1 ntp-server 0.fr.pool.ntp.org ntp-server 1.fr.pool.ntp.org gateway-address: E.F.G.17 login { user root { full-name: authentication { encrypted-password: --- plaintext-password: } } user --- { full-name: Regis authentication { encrypted-password: --- plaintext-password: } } } package { auto-sync: 1 repository community { component: main url: http://archive.vyatta.com/vyatta; } } options { reboot-on-panic: true } } Routes: 5/5, Paths: 5/5 0.0.0.0/0[static(1)] to E.F.G.17 via eth0 10.0.0.65/32[connected(0)] to 10.0.0.65via lo A.B.C.0/24[connected(0)] to A.B.C. 95via eth1 127.0.0.0/8[connected(0)] to 127.0.0.1via lo E.F.G.0/24[connected(0)] to E.F.G. 18via eth0 My web server don’t show http service but i can ping the A.B.C.64 Thanks! Régis BOULINEAU ___ Vyatta-users mailing list Vyatta-users@mailman.vyatta.com http://mailman.vyatta.com/mailman/listinfo/vyatta-users