Re: [Vyatta-users] I'm stuck... can ping lan but to wan
Your masquerade rules should look something like this:
service {
nat {
rule 10 {
type: "masquerade"
outbound-interface: "eth1"
source {
network: "192.168.xxx.0/24"
}
destination {
network: "0.0.0.0/0"
}
}
you can use the outside-address keyword to make it use a specific
address, otherwise it will use the address of the interface traffic
goes out (75.145.xxx.189 in this case).
Hope this helps.
--
Aubrey Wells
Senior Engineer
Shelton | Johns Technology Group
A Vyatta Ready Partner
www.sheltonjohns.com
On Dec 2, 2007, at 3:50 PM, Todd Worden wrote:
> Ya... that is right... ip-passthru and the 10.1.10.1 is for managing
> the SMC
> IP Gateway. So that is a good idea, I'll add the extra subnet to eth0
> (which is the lan).
>
> So I have gotten a bit further, and am now able to ping
> www.google.com and
> also Server 1. I can't yet access the internet from Server 1
> though. This
> may be the vyatta router config or perhaps my server configuration,
> but I
> would think it not the server since I can see vyatta from there. Is
> this
> where I need to configure a NAT rule?
>
> I was looking at this person's post on configuring
> http://hostseries.com/wp-content/uploads/2007/10/
> installing_vyatta.txt but
> there doesn't seem to be a translation type property anymore. If I
> select
> type = source then I am prompted by the webgui to define an outside
> address,
> which I am not sure what is. Otherwise, I have tried masquerade,
> which I
> think is the right choice, but still no luck.
>
> Here is my latest configuration:
>
> protocols {
>static {
>disable: false
>route 0.0.0.0/0 {
>next-hop: 75.145.xxx.190
>metric: 1
>}
>}
>}
>policy {
>}
>interfaces {
>restore: false
>loopback lo {
>description: ""
>}
>ethernet eth0 {
>disable: false
>discard: false
>description: "lan"
>hw-id: 00:40:63:ee:30:b0
>duplex: "auto"
>speed: "auto"
>address 192.168.xxx.1 {
>prefix-length: 24
>disable: false
>}
>}
>ethernet eth1 {
>disable: false
>discard: false
>description: "wan"
>hw-id: 00:40:63:ee:30:af
>duplex: "auto"
>speed: "auto"
>address 75.145.xxx.189 {
>prefix-length: 24
>disable: false
>}
>}
>}
>service {
>nat {
>rule 10 {
>type: "source"
>outbound-interface: "eth0"
>protocols: "all"
>source {
>network: "192.168.xxx.0/24"
>}
>destination {
>network: "0.0.0.0/0"
>}
>outside-address {
>address: 0.0.0.0
>}
>}
>}
>webgui {
>http-port: 80
>https-port: 443
>}
>}
>firewall {
>log-martians: "enable"
>send-redirects: "disable"
>receive-redirects: "disable"
>ip-src-route: "disable"
>broadcast-ping: "disable"
>syn-cookies: "enable"
>}
>system {
>host-name: "vyatta"
>domain-name: "web-wired.com"
>name-server 68.87.73.242
>time-zone: "GMT+4"
>ntp-server "69.59.150.135"
>gateway-address: 75.145.xxx.190
>login {
>user root {
>full-name: ""
>authentication {
>encrypted-password: "$1$$Ht7gBYnxI1xCdO/JOnodh."
>}
>}
>user vyatta {
> full-name: ""
>authentication {
>encrypted-password: "$1$$Ht7gBYnxI1xCdO/JOnodh."
>}
>}
>}
>package {
>auto-sync: 1
>repository community {
>component: &
Re: [Vyatta-users] I'm stuck... can ping lan but to wan
Ya... that is right... ip-passthru and the 10.1.10.1 is for managing the SMC
IP Gateway. So that is a good idea, I'll add the extra subnet to eth0
(which is the lan).
So I have gotten a bit further, and am now able to ping www.google.com and
also Server 1. I can't yet access the internet from Server 1 though. This
may be the vyatta router config or perhaps my server configuration, but I
would think it not the server since I can see vyatta from there. Is this
where I need to configure a NAT rule?
I was looking at this person's post on configuring
http://hostseries.com/wp-content/uploads/2007/10/installing_vyatta.txt but
there doesn't seem to be a translation type property anymore. If I select
type = source then I am prompted by the webgui to define an outside address,
which I am not sure what is. Otherwise, I have tried masquerade, which I
think is the right choice, but still no luck.
Here is my latest configuration:
protocols {
static {
disable: false
route 0.0.0.0/0 {
next-hop: 75.145.xxx.190
metric: 1
}
}
}
policy {
}
interfaces {
restore: false
loopback lo {
description: ""
}
ethernet eth0 {
disable: false
discard: false
description: "lan"
hw-id: 00:40:63:ee:30:b0
duplex: "auto"
speed: "auto"
address 192.168.xxx.1 {
prefix-length: 24
disable: false
}
}
ethernet eth1 {
disable: false
discard: false
description: "wan"
hw-id: 00:40:63:ee:30:af
duplex: "auto"
speed: "auto"
address 75.145.xxx.189 {
prefix-length: 24
disable: false
}
}
}
service {
nat {
rule 10 {
type: "source"
outbound-interface: "eth0"
protocols: "all"
source {
network: "192.168.xxx.0/24"
}
destination {
network: "0.0.0.0/0"
}
outside-address {
address: 0.0.0.0
}
}
}
webgui {
http-port: 80
https-port: 443
}
}
firewall {
log-martians: "enable"
send-redirects: "disable"
receive-redirects: "disable"
ip-src-route: "disable"
broadcast-ping: "disable"
syn-cookies: "enable"
}
system {
host-name: "vyatta"
domain-name: "web-wired.com"
name-server 68.87.73.242
time-zone: "GMT+4"
ntp-server "69.59.150.135"
gateway-address: 75.145.xxx.190
login {
user root {
full-name: ""
authentication {
encrypted-password: "$1$$Ht7gBYnxI1xCdO/JOnodh."
}
}
user vyatta {
full-name: ""
authentication {
encrypted-password: "$1$$Ht7gBYnxI1xCdO/JOnodh."
}
}
}
package {
auto-sync: 1
repository community {
component: "main"
url: "http://archive.vyatta.com/vyatta";
}
}
}
Thanks for the responses!
Todd
-Original Message-
From: Aubrey Wells [mailto:[EMAIL PROTECTED]
Sent: Sunday, December 02, 2007 2:35 PM
To: [EMAIL PROTECTED]@web-wired.biz
Cc: vyatta-users@mailman.vyatta.com
Subject: Re: [Vyatta-users] I'm stuck... can ping lan but to wan
set system gateway-address and set protocols static route 0.0.0.0/0
does the same thing. The problem with your default gateway is its not
on any connected subnets. Are you doing ip-passthru on the cable
modem, so you can acutally use the public IPs behind it? If that is
the case, your default gateway needs to be 75.145.xxx.190. I suspect
this is the case, and the 10.1.10.1 is a management ip on the cable
modem. If that is the case you'll want to add a secondary ip on the
eth1 interface that is in that same subnet (say 10.1.10.2) so you can
get to it from inside.
--
Aubrey Wells
Senior Engineer
Shelton | Johns Technology Group
A Vyatta Ready Partner
www.sheltonjohns.com
On Dec 2, 2007, at 11:33 AM, <[EMAIL PROTECTED]> <[EMAIL PROTECTED]>
wrote:
> Hi!
>
> I am working with Vyatta for the first time and I am currently stuck
> on what
> to do. I've
Re: [Vyatta-users] I'm stuck... can ping lan but to wan
set system gateway-address and set protocols static route 0.0.0.0/0
does the same thing. The problem with your default gateway is its not
on any connected subnets. Are you doing ip-passthru on the cable
modem, so you can acutally use the public IPs behind it? If that is
the case, your default gateway needs to be 75.145.xxx.190. I suspect
this is the case, and the 10.1.10.1 is a management ip on the cable
modem. If that is the case you'll want to add a secondary ip on the
eth1 interface that is in that same subnet (say 10.1.10.2) so you can
get to it from inside.
--
Aubrey Wells
Senior Engineer
Shelton | Johns Technology Group
A Vyatta Ready Partner
www.sheltonjohns.com
On Dec 2, 2007, at 11:33 AM, <[EMAIL PROTECTED]> <[EMAIL PROTECTED]>
wrote:
> Hi!
>
> I am working with Vyatta for the first time and I am currently stuck
> on what
> to do. I've googled a few howtos and also watched the videos and
> read the
> quick start. Here is my hardware/routing info:
>
> Comcast SMC IP Gateway
> 1U dual m-itx VIA EK 1 with 2 Compact Flash, 2 80G SATA, 2 512MB
> ram, 2
> RJ45 10/100 per mobo (planning for VRRP down the road).
> eth0 = lan
> eth1 = wan
> Server 1 - Fedora 7
> Server 2 - Fedora 7
>
> IP info:
> Static IP block: 75.145.xxx.185 - 75.145.xxx.189
> Gateway: 75.145.xxx.190
> Subnet: 255.255.255.248
> DNS 1: 68.87.73.242
> DNS 2: 68.87.71.226
> SMC IP: 10.1.10.1
> Server 1: 192.168.xxx.189
> Server 2: 192.168.xxx.188
>
> Current Vyatta Config:
>
> protocols {
>static {
>disable: false
>route 0.0.0.0/0 {
>next-hop: 10.1.10.1
>metric: 1
>}
>}
>}
>policy {
>}
>interfaces {
>restore: false
>loopback lo {
>description: ""
>}
>ethernet eth0 {
>disable: false
>discard: false
>description: "lan"
>hw-id: 00:40:63:ef:c3:1c
>duplex: "auto"
>speed: "auto"
>address 192.168.xxx.1 {
>prefix-length: 24
>disable: false
>}
>}
>ethernet eth1 {
>disable: false
>discard: false
>description: "wan"
>hw-id: 00:40:63:ef:c3:19
>duplex: "auto"
>speed: "auto"
>address 75.145.xxx.189 {
>prefix-length: 29
>disable: false
>}
>}
>}
>service {
>webgui {
>http-port: 80
>https-port: 443
>}
>}
>firewall {
>log-martians: "enable"
>send-redirects: "disable"
>receive-redirects: "disable"
>ip-src-route: "disable"
>broadcast-ping: "disable"
>syn-cookies: "enable"
>}
>system {
>host-name: "rt1"
>domain-name: ""
>name-server 68.87.73.242
>name-server 68.87.71.226
>time-zone: "GMT"
>ntp-server "69.59.150.135"
>gateway-address: 10.1.10.1
>login {
>user root {
>full-name: ""
>authentication {
>encrypted-password: "$1$$Ht7gBYnxI1xCdO/JOnodh."
>}
>}
>user vyatta {
>full-name: ""
>authentication {
>encrypted-password: "$1$$Ht7gBYnxI1xCdO/JOnodh."
>}
>}
>}
>package {
>auto-sync: 1
>repository community {
>component: "main"
>url: "http://archive.vyatta.com/vyatta";
>}
>}
>}
>
> I can currently ping my lan, which is further confirmed by being
> able to
> access Vyatta through Server1 via the WebGUI, but I cannot seem to
> configure
> the router correctly to ping the internet from the router. My
> thought is
> that my static route might not be correctly set, or possibly my
> default
> gateway. Seems one of them should point to 10.1.10.1 and the other to
> 75.145.xxx.190.
>
> Also, once I have set a static route under protocols I am noticing
> that I
> get an error whenever I attempt to edit it...
>
> Error - 102 Command failed cannot replace route for 0.0.0.0/0: no such
> route.
>
> Thanks!
>
> Todd Worden
> Software Developer
>
> Growing Technologies
> P: 434-296-1500
> E: [EMAIL PROTECTED]
>
>
>
> ___
> Vyatta-users mailing list
> Vyatta-users@mailman.vyatta.com
> http://mailman.vyatta.com/mailman/listinfo/vyatta-users
___
Vyatta-users mailing list
Vyatta-users@mailman.vyatta.com
http://mailman.vyatta.com/mailman/listinfo/vyatta-users
Re: [Vyatta-users] I'm stuck... can ping lan but to wan
Todd,
At this point I know more about the theory of setting a system up than I do
physically doing it. Nice to see another Comcast customer ... I practically
have their CIDR blocks/range memorized. :P
Now to get back on topic...
I don't believe I saw any configuration for external routing between the two
sites (WAN).
You will have more specifics from Comcast on which protocol their routers
are running and which you can use due to hop count, etc. But check for
routing protocols: RIP, BGP, etc.
Hope this helps ...
Mike
On Dec 2, 2007 11:33 AM, <[EMAIL PROTECTED]> wrote:
> Hi!
>
> I am working with Vyatta for the first time and I am currently stuck on
> what
> to do. I've googled a few howtos and also watched the videos and read the
> quick start. Here is my hardware/routing info:
>
> Comcast SMC IP Gateway
> 1U dual m-itx VIA EK 1 with 2 Compact Flash, 2 80G SATA, 2 512MB ram,
> 2
> RJ45 10/100 per mobo (planning for VRRP down the road).
> eth0 = lan
> eth1 = wan
> Server 1 - Fedora 7
> Server 2 - Fedora 7
>
> IP info:
> Static IP block: 75.145.xxx.185 - 75.145.xxx.189
> Gateway: 75.145.xxx.190
> Subnet: 255.255.255.248
> DNS 1: 68.87.73.242
> DNS 2: 68.87.71.226
> SMC IP: 10.1.10.1
> Server 1: 192.168.xxx.189
> Server 2: 192.168.xxx.188
>
> Current Vyatta Config:
>
> protocols {
>static {
>disable: false
>route 0.0.0.0/0 {
>next-hop: 10.1.10.1
>metric: 1
>}
>}
>}
>policy {
>}
>interfaces {
>restore: false
>loopback lo {
>description: ""
>}
>ethernet eth0 {
>disable: false
>discard: false
>description: "lan"
>hw-id: 00:40:63:ef:c3:1c
>duplex: "auto"
>speed: "auto"
>address 192.168.xxx.1 {
>prefix-length: 24
>disable: false
>}
>}
>ethernet eth1 {
>disable: false
>discard: false
>description: "wan"
>hw-id: 00:40:63:ef:c3:19
>duplex: "auto"
>speed: "auto"
>address 75.145.xxx.189 {
>prefix-length: 29
>disable: false
>}
>}
>}
>service {
>webgui {
>http-port: 80
>https-port: 443
>}
>}
>firewall {
>log-martians: "enable"
>send-redirects: "disable"
>receive-redirects: "disable"
>ip-src-route: "disable"
>broadcast-ping: "disable"
>syn-cookies: "enable"
>}
>system {
>host-name: "rt1"
>domain-name: ""
>name-server 68.87.73.242
>name-server 68.87.71.226
>time-zone: "GMT"
>ntp-server "69.59.150.135"
>gateway-address: 10.1.10.1
>login {
>user root {
>full-name: ""
>authentication {
>encrypted-password: "$1$$Ht7gBYnxI1xCdO/JOnodh."
>}
>}
>user vyatta {
>full-name: ""
>authentication {
>encrypted-password: "$1$$Ht7gBYnxI1xCdO/JOnodh."
>}
>}
>}
>package {
>auto-sync: 1
>repository community {
>component: "main"
>url: "http://archive.vyatta.com/vyatta";
>}
>}
>}
>
> I can currently ping my lan, which is further confirmed by being able to
> access Vyatta through Server1 via the WebGUI, but I cannot seem to
> configure
> the router correctly to ping the internet from the router. My thought is
> that my static route might not be correctly set, or possibly my default
> gateway. Seems one of them should point to 10.1.10.1 and the other to
> 75.145.xxx.190.
>
> Also, once I have set a static route under protocols I am noticing that I
> get an error whenever I attempt to edit it...
>
> Error - 102 Command failed cannot replace route for 0.0.0.0/0: no such
> route.
>
> Thanks!
>
> Todd Worden
> Software Developer
>
> Growing Technologies
> P: 434-296-1500
> E: [EMAIL PROTECTED]
>
>
>
> ___
> Vyatta-users mailing list
> Vyatta-users@mailman.vyatta.com
> http://mailman.vyatta.com/mailman/listinfo/vyatta-users
>
--
// SilverTip257 //
==
Ubuntu 7.04 (Feisty Fawn)
--- Linux for human beings.
(http://www.ubuntu.com/)
~~
Helix --- Don't leave /home without it.
(http://www.efense.com/helix/)
___
Vyatta-users mailing list
Vyatta-users@mailman.vyatta.com
http://mailman.vyatta.com/mailman/listinfo/vyatta-users
