Re: [vpp-dev] Question regarding captive portal

Fri, 04 Jan 2019 13:34:36 -0800 

Hi Matus,

Thanks for the info. But I am not able to get it working. tcp 80
packets are not reaching the http server on tap-interface.
Only way it's working is if I rewrite DNS to point all domains
requests to 192.168.2.2.
I am running nat-plugin in endpoint-dependent mode.

All tcp 80 packets from clients connected to GigabitEthernet4/0/0.4
should be sent to tap4.

Here are my configs:

startup.conf:

unix {
  nodaemon
  log /var/log/vpp/vpp.log
  full-coredump
  cli-listen /run/vpp/cli.sock
  gid vpp
  startup-config /home/test/vpp.conf
}

api-trace {
  on
}

api-segment {
  gid vpp
}

cpu {
  main-core 2
  corelist-workers 3
}

nat {
  endpoint-dependent
}

dpdk {
  num-mbufs 32768
  uio-driver auto
}

vpp.conf:

set int state GigabitEthernet2/0/0 up
...
...
set int state GigabitEthernet4/0/0 up
...
...

create loopback interface instance 4
set int l2 bridge loop4 4 bvi
set int ip address loop4 192.168.2.1/24
set int state loop4 up
create sub GigabitEthernet4/0/0 4
set int l2 bridge GigabitEthernet4/0/0.4 4
set int l2 tag-rewrite GigabitEthernet4/0/0.4 pop 1
set int state GigabitEthernet4/0/0.4 up
create tap id 4 host-ip4-addr 192.168.2.2/24 host-if-name guest
set int l2 bridge tap4 4
set int state tap4 up

set interface nat44 in tap4 out GigabitEthernet4/0/0.4
nat44 add static mapping tcp local 192.168.2.2 80 external
GigabitEthernet4/0/0.4 80 out2in-only

nat44 add interface address GigabitEthernet2/0/0
set interface nat44 in loop1 in loop2 in loop3 in loop4 out GigabitEthernet2/0/0

Thank you and Happy New Year!

On Tue, Jan 1, 2019 at 10:23 PM Matus Fabian -X (matfabia - PANTHEON
TECHNOLOGIES at Cisco) <matfa...@cisco.com> wrote:
>
> Hi,
>
>
>
> Run NAT plugin in endpoint-dependent mode (add following to startup config 
> “nat { endpoint-dependent }”), enable NAT feature “set interface nat44 in 
> tap3 out GigabitEthernet4/0/0” and create static mapping “nat44 add static 
> mapping tcp local 192.168.1.2 80 external GigabitEthernet4/0/0 80 
> out2in-only”.
>
>
>
> Matus
>
>
>
>
>
> From: vpp-dev@lists.fd.io <vpp-dev@lists.fd.io> On Behalf Of carlito nueno
> Sent: Friday, December 28, 2018 10:52 PM
> To: vpp-dev@lists.fd.io
> Subject: Re: [vpp-dev] Question regarding captive portal
>
>
>
> NAT might be the right way to achieve this.
>
> This is the command I used with iptables:
> iptables -t nat -A eth0 -p tcp --dport 80 -j DNAT --to-destination 192.168.1.2
>
> What is a similar command on VPP-NAT when I am trying to send port 80 traffic 
> from main interface to tap-device:
> main interface: GigabitEthernet4/0/0
> tap id: 3 (tap3) with address 192.168.1.2 and host-if-name tapcap
>
> Thanks

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.

View/Reply Online (#11842): https://lists.fd.io/g/vpp-dev/message/11842
Mute This Topic: https://lists.fd.io/mt/28506160/21656
Group Owner: vpp-dev+ow...@lists.fd.io
Unsubscribe: https://lists.fd.io/g/vpp-dev/unsub  [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
  • [... carlito nueno
    • ... carlito nueno
      • ... Yu, Ping
        • ... carlito nueno
          • ... carlito nueno
            • ... Yu, Ping
              • ... carlito nueno
                • ... carlito nueno
                • ... Matus Fabian -X (matfabia - PANTHEON TECHNOLOGIES@Cisco) via Lists.Fd.Io
                • ... carlito nueno
                • ... Matus Fabian -X (matfabia - PANTHEON TECHNOLOGIES@Cisco) via Lists.Fd.Io

Reply via email to