Re: [Vyatta-users] I'm stuck... can ping lan but to wan
Your masquerade rules should look something like this: service { nat { rule 10 { type: "masquerade" outbound-interface: "eth1" source { network: "192.168.xxx.0/24" } destination { network: "0.0.0.0/0" } } you can use the outside-address keyword to make it use a specific address, otherwise it will use the address of the interface traffic goes out (75.145.xxx.189 in this case). Hope this helps. -- Aubrey Wells Senior Engineer Shelton | Johns Technology Group A Vyatta Ready Partner www.sheltonjohns.com On Dec 2, 2007, at 3:50 PM, Todd Worden wrote: > Ya... that is right... ip-passthru and the 10.1.10.1 is for managing > the SMC > IP Gateway. So that is a good idea, I'll add the extra subnet to eth0 > (which is the lan). > > So I have gotten a bit further, and am now able to ping > www.google.com and > also Server 1. I can't yet access the internet from Server 1 > though. This > may be the vyatta router config or perhaps my server configuration, > but I > would think it not the server since I can see vyatta from there. Is > this > where I need to configure a NAT rule? > > I was looking at this person's post on configuring > http://hostseries.com/wp-content/uploads/2007/10/ > installing_vyatta.txt but > there doesn't seem to be a translation type property anymore. If I > select > type = source then I am prompted by the webgui to define an outside > address, > which I am not sure what is. Otherwise, I have tried masquerade, > which I > think is the right choice, but still no luck. > > Here is my latest configuration: > > protocols { >static { >disable: false >route 0.0.0.0/0 { >next-hop: 75.145.xxx.190 >metric: 1 >} >} >} >policy { >} >interfaces { >restore: false >loopback lo { >description: "" >} >ethernet eth0 { >disable: false >discard: false >description: "lan" >hw-id: 00:40:63:ee:30:b0 >duplex: "auto" >speed: "auto" >address 192.168.xxx.1 { >prefix-length: 24 >disable: false >} >} >ethernet eth1 { >disable: false >discard: false >description: "wan" >hw-id: 00:40:63:ee:30:af >duplex: "auto" >speed: "auto" >address 75.145.xxx.189 { >prefix-length: 24 >disable: false >} >} >} >service { >nat { >rule 10 { >type: "source" >outbound-interface: "eth0" >protocols: "all" >source { >network: "192.168.xxx.0/24" >} >destination { >network: "0.0.0.0/0" >} >outside-address { >address: 0.0.0.0 >} >} >} >webgui { >http-port: 80 >https-port: 443 >} >} >firewall { >log-martians: "enable" >send-redirects: "disable" >receive-redirects: "disable" >ip-src-route: "disable" >broadcast-ping: "disable" >syn-cookies: "enable" >} >system { >host-name: "vyatta" >domain-name: "web-wired.com" >name-server 68.87.73.242 >time-zone: "GMT+4" >ntp-server "69.59.150.135" >gateway-address: 75.145.xxx.190 >login { >user root { >full-name: "" >authentication { >encrypted-password: "$1$$Ht7gBYnxI1xCdO/JOnodh." >} >} >user vyatta { > full-name: "" >authentication { >encrypted-password: "$1$$Ht7gBYnxI1xCdO/JOnodh." >} >} >} >package { >auto-sync: 1 >repository community { >component: &
Re: [Vyatta-users] I'm stuck... can ping lan but to wan
Ya... that is right... ip-passthru and the 10.1.10.1 is for managing the SMC IP Gateway. So that is a good idea, I'll add the extra subnet to eth0 (which is the lan). So I have gotten a bit further, and am now able to ping www.google.com and also Server 1. I can't yet access the internet from Server 1 though. This may be the vyatta router config or perhaps my server configuration, but I would think it not the server since I can see vyatta from there. Is this where I need to configure a NAT rule? I was looking at this person's post on configuring http://hostseries.com/wp-content/uploads/2007/10/installing_vyatta.txt but there doesn't seem to be a translation type property anymore. If I select type = source then I am prompted by the webgui to define an outside address, which I am not sure what is. Otherwise, I have tried masquerade, which I think is the right choice, but still no luck. Here is my latest configuration: protocols { static { disable: false route 0.0.0.0/0 { next-hop: 75.145.xxx.190 metric: 1 } } } policy { } interfaces { restore: false loopback lo { description: "" } ethernet eth0 { disable: false discard: false description: "lan" hw-id: 00:40:63:ee:30:b0 duplex: "auto" speed: "auto" address 192.168.xxx.1 { prefix-length: 24 disable: false } } ethernet eth1 { disable: false discard: false description: "wan" hw-id: 00:40:63:ee:30:af duplex: "auto" speed: "auto" address 75.145.xxx.189 { prefix-length: 24 disable: false } } } service { nat { rule 10 { type: "source" outbound-interface: "eth0" protocols: "all" source { network: "192.168.xxx.0/24" } destination { network: "0.0.0.0/0" } outside-address { address: 0.0.0.0 } } } webgui { http-port: 80 https-port: 443 } } firewall { log-martians: "enable" send-redirects: "disable" receive-redirects: "disable" ip-src-route: "disable" broadcast-ping: "disable" syn-cookies: "enable" } system { host-name: "vyatta" domain-name: "web-wired.com" name-server 68.87.73.242 time-zone: "GMT+4" ntp-server "69.59.150.135" gateway-address: 75.145.xxx.190 login { user root { full-name: "" authentication { encrypted-password: "$1$$Ht7gBYnxI1xCdO/JOnodh." } } user vyatta { full-name: "" authentication { encrypted-password: "$1$$Ht7gBYnxI1xCdO/JOnodh." } } } package { auto-sync: 1 repository community { component: "main" url: "http://archive.vyatta.com/vyatta"; } } } Thanks for the responses! Todd -Original Message- From: Aubrey Wells [mailto:[EMAIL PROTECTED] Sent: Sunday, December 02, 2007 2:35 PM To: [EMAIL PROTECTED]@web-wired.biz Cc: vyatta-users@mailman.vyatta.com Subject: Re: [Vyatta-users] I'm stuck... can ping lan but to wan set system gateway-address and set protocols static route 0.0.0.0/0 does the same thing. The problem with your default gateway is its not on any connected subnets. Are you doing ip-passthru on the cable modem, so you can acutally use the public IPs behind it? If that is the case, your default gateway needs to be 75.145.xxx.190. I suspect this is the case, and the 10.1.10.1 is a management ip on the cable modem. If that is the case you'll want to add a secondary ip on the eth1 interface that is in that same subnet (say 10.1.10.2) so you can get to it from inside. -- Aubrey Wells Senior Engineer Shelton | Johns Technology Group A Vyatta Ready Partner www.sheltonjohns.com On Dec 2, 2007, at 11:33 AM, <[EMAIL PROTECTED]> <[EMAIL PROTECTED]> wrote: > Hi! > > I am working with Vyatta for the first time and I am currently stuck > on what > to do. I've
Re: [Vyatta-users] I'm stuck... can ping lan but to wan
set system gateway-address and set protocols static route 0.0.0.0/0 does the same thing. The problem with your default gateway is its not on any connected subnets. Are you doing ip-passthru on the cable modem, so you can acutally use the public IPs behind it? If that is the case, your default gateway needs to be 75.145.xxx.190. I suspect this is the case, and the 10.1.10.1 is a management ip on the cable modem. If that is the case you'll want to add a secondary ip on the eth1 interface that is in that same subnet (say 10.1.10.2) so you can get to it from inside. -- Aubrey Wells Senior Engineer Shelton | Johns Technology Group A Vyatta Ready Partner www.sheltonjohns.com On Dec 2, 2007, at 11:33 AM, <[EMAIL PROTECTED]> <[EMAIL PROTECTED]> wrote: > Hi! > > I am working with Vyatta for the first time and I am currently stuck > on what > to do. I've googled a few howtos and also watched the videos and > read the > quick start. Here is my hardware/routing info: > > Comcast SMC IP Gateway > 1U dual m-itx VIA EK 1 with 2 Compact Flash, 2 80G SATA, 2 512MB > ram, 2 > RJ45 10/100 per mobo (planning for VRRP down the road). > eth0 = lan > eth1 = wan > Server 1 - Fedora 7 > Server 2 - Fedora 7 > > IP info: > Static IP block: 75.145.xxx.185 - 75.145.xxx.189 > Gateway: 75.145.xxx.190 > Subnet: 255.255.255.248 > DNS 1: 68.87.73.242 > DNS 2: 68.87.71.226 > SMC IP: 10.1.10.1 > Server 1: 192.168.xxx.189 > Server 2: 192.168.xxx.188 > > Current Vyatta Config: > > protocols { >static { >disable: false >route 0.0.0.0/0 { >next-hop: 10.1.10.1 >metric: 1 >} >} >} >policy { >} >interfaces { >restore: false >loopback lo { >description: "" >} >ethernet eth0 { >disable: false >discard: false >description: "lan" >hw-id: 00:40:63:ef:c3:1c >duplex: "auto" >speed: "auto" >address 192.168.xxx.1 { >prefix-length: 24 >disable: false >} >} >ethernet eth1 { >disable: false >discard: false >description: "wan" >hw-id: 00:40:63:ef:c3:19 >duplex: "auto" >speed: "auto" >address 75.145.xxx.189 { >prefix-length: 29 >disable: false >} >} >} >service { >webgui { >http-port: 80 >https-port: 443 >} >} >firewall { >log-martians: "enable" >send-redirects: "disable" >receive-redirects: "disable" >ip-src-route: "disable" >broadcast-ping: "disable" >syn-cookies: "enable" >} >system { >host-name: "rt1" >domain-name: "" >name-server 68.87.73.242 >name-server 68.87.71.226 >time-zone: "GMT" >ntp-server "69.59.150.135" >gateway-address: 10.1.10.1 >login { >user root { >full-name: "" >authentication { >encrypted-password: "$1$$Ht7gBYnxI1xCdO/JOnodh." >} >} >user vyatta { >full-name: "" >authentication { >encrypted-password: "$1$$Ht7gBYnxI1xCdO/JOnodh." >} >} >} >package { >auto-sync: 1 >repository community { >component: "main" >url: "http://archive.vyatta.com/vyatta"; >} >} >} > > I can currently ping my lan, which is further confirmed by being > able to > access Vyatta through Server1 via the WebGUI, but I cannot seem to > configure > the router correctly to ping the internet from the router. My > thought is > that my static route might not be correctly set, or possibly my > default > gateway. Seems one of them should point to 10.1.10.1 and the other to > 75.145.xxx.190. > > Also, once I have set a static route under protocols I am noticing > that I > get an error whenever I attempt to edit it... > > Error - 102 Command failed cannot replace route for 0.0.0.0/0: no such > route. > > Thanks! > > Todd Worden > Software Developer > > Growing Technologies > P: 434-296-1500 > E: [EMAIL PROTECTED] > > > > ___ > Vyatta-users mailing list > Vyatta-users@mailman.vyatta.com > http://mailman.vyatta.com/mailman/listinfo/vyatta-users ___ Vyatta-users mailing list Vyatta-users@mailman.vyatta.com http://mailman.vyatta.com/mailman/listinfo/vyatta-users
Re: [Vyatta-users] I'm stuck... can ping lan but to wan
Todd, At this point I know more about the theory of setting a system up than I do physically doing it. Nice to see another Comcast customer ... I practically have their CIDR blocks/range memorized. :P Now to get back on topic... I don't believe I saw any configuration for external routing between the two sites (WAN). You will have more specifics from Comcast on which protocol their routers are running and which you can use due to hop count, etc. But check for routing protocols: RIP, BGP, etc. Hope this helps ... Mike On Dec 2, 2007 11:33 AM, <[EMAIL PROTECTED]> wrote: > Hi! > > I am working with Vyatta for the first time and I am currently stuck on > what > to do. I've googled a few howtos and also watched the videos and read the > quick start. Here is my hardware/routing info: > > Comcast SMC IP Gateway > 1U dual m-itx VIA EK 1 with 2 Compact Flash, 2 80G SATA, 2 512MB ram, > 2 > RJ45 10/100 per mobo (planning for VRRP down the road). > eth0 = lan > eth1 = wan > Server 1 - Fedora 7 > Server 2 - Fedora 7 > > IP info: > Static IP block: 75.145.xxx.185 - 75.145.xxx.189 > Gateway: 75.145.xxx.190 > Subnet: 255.255.255.248 > DNS 1: 68.87.73.242 > DNS 2: 68.87.71.226 > SMC IP: 10.1.10.1 > Server 1: 192.168.xxx.189 > Server 2: 192.168.xxx.188 > > Current Vyatta Config: > > protocols { >static { >disable: false >route 0.0.0.0/0 { >next-hop: 10.1.10.1 >metric: 1 >} >} >} >policy { >} >interfaces { >restore: false >loopback lo { >description: "" >} >ethernet eth0 { >disable: false >discard: false >description: "lan" >hw-id: 00:40:63:ef:c3:1c >duplex: "auto" >speed: "auto" >address 192.168.xxx.1 { >prefix-length: 24 >disable: false >} >} >ethernet eth1 { >disable: false >discard: false >description: "wan" >hw-id: 00:40:63:ef:c3:19 >duplex: "auto" >speed: "auto" >address 75.145.xxx.189 { >prefix-length: 29 >disable: false >} >} >} >service { >webgui { >http-port: 80 >https-port: 443 >} >} >firewall { >log-martians: "enable" >send-redirects: "disable" >receive-redirects: "disable" >ip-src-route: "disable" >broadcast-ping: "disable" >syn-cookies: "enable" >} >system { >host-name: "rt1" >domain-name: "" >name-server 68.87.73.242 >name-server 68.87.71.226 >time-zone: "GMT" >ntp-server "69.59.150.135" >gateway-address: 10.1.10.1 >login { >user root { >full-name: "" >authentication { >encrypted-password: "$1$$Ht7gBYnxI1xCdO/JOnodh." >} >} >user vyatta { >full-name: "" >authentication { >encrypted-password: "$1$$Ht7gBYnxI1xCdO/JOnodh." >} >} >} >package { >auto-sync: 1 >repository community { >component: "main" >url: "http://archive.vyatta.com/vyatta"; >} >} >} > > I can currently ping my lan, which is further confirmed by being able to > access Vyatta through Server1 via the WebGUI, but I cannot seem to > configure > the router correctly to ping the internet from the router. My thought is > that my static route might not be correctly set, or possibly my default > gateway. Seems one of them should point to 10.1.10.1 and the other to > 75.145.xxx.190. > > Also, once I have set a static route under protocols I am noticing that I > get an error whenever I attempt to edit it... > > Error - 102 Command failed cannot replace route for 0.0.0.0/0: no such > route. > > Thanks! > > Todd Worden > Software Developer > > Growing Technologies > P: 434-296-1500 > E: [EMAIL PROTECTED] > > > > ___ > Vyatta-users mailing list > Vyatta-users@mailman.vyatta.com > http://mailman.vyatta.com/mailman/listinfo/vyatta-users > -- // SilverTip257 // == Ubuntu 7.04 (Feisty Fawn) --- Linux for human beings. (http://www.ubuntu.com/) ~~ Helix --- Don't leave /home without it. (http://www.efense.com/helix/) ___ Vyatta-users mailing list Vyatta-users@mailman.vyatta.com http://mailman.vyatta.com/mailman/listinfo/vyatta-users