Hi Jay,
It looks like you're going to have to NAT packets from your LAN in order
to reach the public networks beyond the Vyatta router. Normally, you'd
use masquerade NAT to NAT packets from your internal LAN hosts out your
external facing interface. I'm not sure if this would work properly
with your configuration however, since you have both your internal and
external networks attached to the same interface (eth0). So, you should
probably configure a source NAT rule that NATs anything sourced from
your LAN (192.168.0.0/24) to your external public address of
###.101.183.38. Depending on what version of Vyatta you're running, the
NAT rule would look similar to:
type: "source"
protocols: "all"
source {
network: 192.168.0.0/24
}
destination {
network: 0.0.0.0/0
}
outside-address {
address: ###.101.183.38
}
Also, the following portion of your configuration:
interface-route ###.100.39.56/30 {
next-hop-interface: "eth0.5"
next-hop-router: ###.100.39.57
}
is superfluous as ###.100.39.56/30 is available as a connected route via
interface eth0.5. So, not that it's harming anything but, you can
delete the interface route and you should still be able to reach
###.100.39.57 by way of interface eth0.5 as long as it's up and active.
Thank you,
Robyn
jay binks wrote:
> I have a fairly simple ( I think ) vyatta setup...
>
> [EMAIL PROTECTED] show
> protocols {
> static {
> route 0.0.0.0/0 {
> next-hop: ###.101.183.33
> }
> interface-route ###.100.39.56/30 {
> next-hop-interface: "eth0.5"
> next-hop-router: ###.100.39.57
> }
> }
> }
> interfaces {
> loopback lo {
> }
> ethernet eth0 {
> description: "Internal Network"
> hw-id: 00:15:C5:E1:AA:9A
> address 192.168.0.2 {
> prefix-length: 24
> }
> address ###.101.183.38 {
> prefix-length: 29
> }
> vif 5 {
> description: "Pipe PVX"
> address ###.100.39.58 {
> prefix-length: 30
> }
> }
> }
> ethernet eth1 {
> hw-id: 00:15:C5:E1:AA:9B
> }
> }
> firewall {
> }
> service {
> http {
> }
> ssh {
> }
> }
> system {
> ntp-server "69.59.150.135"
> login {
> user root {
> authentication {
> encrypted-password: "$1$$Ht7#################"
> }
> }
> user vyatta {
> authentication {
> encrypted-password: "$1$$Ht7g#################"
> }
> }
> }
> package {
> repository community {
> component: "main"
> url: "http://archive.vyatta.com/vyatta";
> }
> }
> }
> rtrmgr {
> config-directory: "/opt/vyatta/etc/config"
> }
>
> when I log onto my vyatta box, I can ping all far end networks... no problems
> and the routing appears to work correctly...
>
> a Ping to ###.100.39.57 goes out Eth0.5 ...
> and the default route takes the other network... which is great.
>
> if I put another PC on the 192.168.0.X network.. ( say 192.168.0.10 )
> and set the default route on that machine... to 192.168.0.2 ..
> it sends all traffic to the vyatta box..
>
> I Can ping 192.168.0.1 from it
> I can also ping ###.101.183.38 & ###.100.39.58 from this box..
> ( all the IP's assigned to all interfaces in vyatta )
>
> however... I can not ping ###.100.39.57 or ###.101.183.33 ..
> vyatta does not seem to be routing these packets for me..
>
> what have I missed... ??
>
>
>
>
_______________________________________________
Vyatta-users mailing list
Vyatta-users@mailman.vyatta.com
http://mailman.vyatta.com/mailman/listinfo/vyatta-users
