Hi Jay, It looks like you're going to have to NAT packets from your LAN in order to reach the public networks beyond the Vyatta router. Normally, you'd use masquerade NAT to NAT packets from your internal LAN hosts out your external facing interface. I'm not sure if this would work properly with your configuration however, since you have both your internal and external networks attached to the same interface (eth0). So, you should probably configure a source NAT rule that NATs anything sourced from your LAN (192.168.0.0/24) to your external public address of ###.101.183.38. Depending on what version of Vyatta you're running, the NAT rule would look similar to:
type: "source" protocols: "all" source { network: 192.168.0.0/24 } destination { network: 0.0.0.0/0 } outside-address { address: ###.101.183.38 } Also, the following portion of your configuration: interface-route ###.100.39.56/30 { next-hop-interface: "eth0.5" next-hop-router: ###.100.39.57 } is superfluous as ###.100.39.56/30 is available as a connected route via interface eth0.5. So, not that it's harming anything but, you can delete the interface route and you should still be able to reach ###.100.39.57 by way of interface eth0.5 as long as it's up and active. Thank you, Robyn jay binks wrote: > I have a fairly simple ( I think ) vyatta setup... > > [EMAIL PROTECTED] show > protocols { > static { > route 0.0.0.0/0 { > next-hop: ###.101.183.33 > } > interface-route ###.100.39.56/30 { > next-hop-interface: "eth0.5" > next-hop-router: ###.100.39.57 > } > } > } > interfaces { > loopback lo { > } > ethernet eth0 { > description: "Internal Network" > hw-id: 00:15:C5:E1:AA:9A > address 192.168.0.2 { > prefix-length: 24 > } > address ###.101.183.38 { > prefix-length: 29 > } > vif 5 { > description: "Pipe PVX" > address ###.100.39.58 { > prefix-length: 30 > } > } > } > ethernet eth1 { > hw-id: 00:15:C5:E1:AA:9B > } > } > firewall { > } > service { > http { > } > ssh { > } > } > system { > ntp-server "69.59.150.135" > login { > user root { > authentication { > encrypted-password: "$1$$Ht7#################" > } > } > user vyatta { > authentication { > encrypted-password: "$1$$Ht7g#################" > } > } > } > package { > repository community { > component: "main" > url: "http://archive.vyatta.com/vyatta" > } > } > } > rtrmgr { > config-directory: "/opt/vyatta/etc/config" > } > > when I log onto my vyatta box, I can ping all far end networks... no problems > and the routing appears to work correctly... > > a Ping to ###.100.39.57 goes out Eth0.5 ... > and the default route takes the other network... which is great. > > if I put another PC on the 192.168.0.X network.. ( say 192.168.0.10 ) > and set the default route on that machine... to 192.168.0.2 .. > it sends all traffic to the vyatta box.. > > I Can ping 192.168.0.1 from it > I can also ping ###.101.183.38 & ###.100.39.58 from this box.. > ( all the IP's assigned to all interfaces in vyatta ) > > however... I can not ping ###.100.39.57 or ###.101.183.33 .. > vyatta does not seem to be routing these packets for me.. > > what have I missed... ?? > > > > _______________________________________________ Vyatta-users mailing list Vyatta-users@mailman.vyatta.com http://mailman.vyatta.com/mailman/listinfo/vyatta-users