Hi Richard,
It sounds like the xxx.xxx.6.96/29 (I am assuming this is public IP
address space) may not be externally routed to xxx.xxx.6.90 by your
ISP. The ISP must have a route on their router that looks something
like this:
protocols {
static {
route xxx.xxx.6.96/29 {
next-hop: xxx.xxx.6.90
}
}
}
Or probably the Cisco equivalent.
So if the ISP for example, has your IPs set as xxx.xxx.6.88/28 then
their router will ARP for devices on the xxx.xxx.6.88/28 as they are
considered directly connected. Since your host is not directly
connected to the ISP router, it will not be able to respond to the ARP
request. The packet from xxx.xxx.6.100 (host) will reach the ISP router
but the ISP will not know where to send the return packet because there
is another router (your Vyatta) in between that it does not know about.
So, my questions are:
1. Are you certain that your ISP has allocated 2 /29s to you and has
routed xxx.xxx.6.96/29 to the next hop of your Vyatta router xxx.xxx.6/90?
2. Have you had the same setup working on another router?
Try giving eth1 a set of private IPs and configure NAT:
rule 1 {
type: "masquerade"
outbound-interface: "eth1" <your external facing interface>
source {
network: 192.168.1.0/24 <or any private network>
}
destination {
network: 0.0.0.0/0
}
}
Your host should be able to get past the router this way if you are able
to ping outside from the router itself.
Thanks!
Robyn
Richard Nordlund wrote:
> Hello,
>
> I have set up a vyatta router to sit between my ISP and my external network.
> After following the quick start quide, and browsing the manual, I have been
> able to set IP addresses for my external net, my access net (to my ISP) and
> (a temporary interface) to my internal net (for configuration and testing).
>
> My problem is that, although I can ping a host on the internet from the
> router, I cannot do so from a host behind the router. I can however ping the
> router, and the router can ping my host.
>
> As you can see, from my configuration below, I have been assigned the
> network xxx.xxx.6.96/29, routed to xxx.xxx.6.90 through access net
> xxx.xxx.6.88/29 with a gateway at 6.89.
>
> A host, given a static ip, 6.100 can ping 6.97 (the routers eth2) and 6.90
> (the routers eth1), but NOT anything beyond that.
>
> My configuration is as follows.
>
> protocols {
> static {
> route 0.0.0.0/0 {
> next-hop: xxx.xxx.6.89
> }
> }
> }
> policy {
> }
> interfaces {
> loopback lo {
> address 10.99.99.65 {
> prefix-length: 32
> }
> }
> ethernet eth0 {
> hw-id: 00:0C:29:7E:83:0E
> address 10.1.4.11 {
> prefix-length: 24
> }
> }
> ethernet eth1 {
> description: "access link"
> hw-id: 00:0C:29:7E:83:18
> address xxx.xxx.6.90 {
> prefix-length: 29
> broadcast: xxx.xxx.6.95
> }
> }
> ethernet eth2 {
> description: "external net"
> hw-id: 00:0C:29:7E:83:22
> address xxx.xxx.6.97 {
> prefix-length: 29
> broadcast: xxx.xxx.6.103
> }
> }
> }
> service {
> http {
> }
> ssh {
> }
> }
> firewall {
> }
> system {
> host-name: "r0"
> domain-name: "aaaaa.se"
> name-server 195.54.122.204
> name-server 195.54.122.198
> name-server 195.54.122.200
> ntp-server "69.59.150.135"
> static-host-mapping {
> host-name r0 {
> inet: 127.0.0.1
> }
> }
> login {
> user yyyyy {
> authentication {
> encrypted-password: "zzzzzzzzzzzzzzzzzzzzzzzzzzzz."
> plaintext-password: ""
> }
> }
> user yyyyy {
> authentication {
> encrypted-password: "zzzzzzzzzzzzzzzzzzzzzzzzzzzzz."
> plaintext-password: ""
> }
> }
> }
> package {
> repository community {
> component: "main"
> url: "http://archive.vyatta.com/vyatta";
> }
> }
> }
> rtrmgr {
> config-directory: "/opt/vyatta/etc/config"
> }
>
>
> Oh, eth0 is just so I can configure the router from the comfort of my couch,
> as opposed to a small stool in a very cold room :).
>
> I'd appreciate any suggestions to remedy my situation.
>
> Thanks,
>
>
> Richard Nordlund.
>
> _______________________________________________
> Vyatta-users mailing list
> Vyatta-users@mailman.vyatta.com
> http://mailman.vyatta.com/mailman/listinfo/vyatta-users
>
_______________________________________________
Vyatta-users mailing list
Vyatta-users@mailman.vyatta.com
http://mailman.vyatta.com/mailman/listinfo/vyatta-users
