Hello Robyn, Thank you for your quick reply.
You assume correctly, all xxx addresses are in public IP address space. My ISP has confirmed both via e-mail and over the phone that the 6.96/29 addresses are routed to 6.90. I don't want to use NAT, as the 6.88/29 net is only meant to be a communication net between my router and their (the ISPs) routers. The point is to use the Ips assigned (6.96/29). I have not had this working with another router as this is a new connection, and I though i'd give vyatta a try instead of donating some more money to cisco ;) I'm interested to know if the problem is a bad configuration on my part, or there might be a problem elsewhere. Cheers, Richard. On 9/13/07 3:35 PM, "Robyn Orosz" <[EMAIL PROTECTED]> wrote: > Hi Richard, > > It sounds like the xxx.xxx.6.96/29 (I am assuming this is public IP > address space) may not be externally routed to xxx.xxx.6.90 by your > ISP. The ISP must have a route on their router that looks something > like this: > > protocols { > static { > route xxx.xxx.6.96/29 { > next-hop: xxx.xxx.6.90 > } > } > } > > Or probably the Cisco equivalent. > > So if the ISP for example, has your IPs set as xxx.xxx.6.88/28 then > their router will ARP for devices on the xxx.xxx.6.88/28 as they are > considered directly connected. Since your host is not directly > connected to the ISP router, it will not be able to respond to the ARP > request. The packet from xxx.xxx.6.100 (host) will reach the ISP router > but the ISP will not know where to send the return packet because there > is another router (your Vyatta) in between that it does not know about. > > So, my questions are: > > 1. Are you certain that your ISP has allocated 2 /29s to you and has > routed xxx.xxx.6.96/29 to the next hop of your Vyatta router xxx.xxx.6/90? > 2. Have you had the same setup working on another router? > > Try giving eth1 a set of private IPs and configure NAT: > > rule 1 { > type: "masquerade" > outbound-interface: "eth1" <your external facing interface> > source { > network: 192.168.1.0/24 <or any private network> > } > destination { > network: 0.0.0.0/0 > } > } > > Your host should be able to get past the router this way if you are able > to ping outside from the router itself. > > Thanks! > > Robyn > Richard Nordlund wrote: >> Hello, >> >> I have set up a vyatta router to sit between my ISP and my external network. >> After following the quick start quide, and browsing the manual, I have been >> able to set IP addresses for my external net, my access net (to my ISP) and >> (a temporary interface) to my internal net (for configuration and testing). >> >> My problem is that, although I can ping a host on the internet from the >> router, I cannot do so from a host behind the router. I can however ping the >> router, and the router can ping my host. >> >> As you can see, from my configuration below, I have been assigned the >> network xxx.xxx.6.96/29, routed to xxx.xxx.6.90 through access net >> xxx.xxx.6.88/29 with a gateway at 6.89. >> >> A host, given a static ip, 6.100 can ping 6.97 (the routers eth2) and 6.90 >> (the routers eth1), but NOT anything beyond that. >> >> My configuration is as follows. >> >> protocols { >> static { >> route 0.0.0.0/0 { >> next-hop: xxx.xxx.6.89 >> } >> } >> } >> policy { >> } >> interfaces { >> loopback lo { >> address 10.99.99.65 { >> prefix-length: 32 >> } >> } >> ethernet eth0 { >> hw-id: 00:0C:29:7E:83:0E >> address 10.1.4.11 { >> prefix-length: 24 >> } >> } >> ethernet eth1 { >> description: "access link" >> hw-id: 00:0C:29:7E:83:18 >> address xxx.xxx.6.90 { >> prefix-length: 29 >> broadcast: xxx.xxx.6.95 >> } >> } >> ethernet eth2 { >> description: "external net" >> hw-id: 00:0C:29:7E:83:22 >> address xxx.xxx.6.97 { >> prefix-length: 29 >> broadcast: xxx.xxx.6.103 >> } >> } >> } >> service { >> http { >> } >> ssh { >> } >> } >> firewall { >> } >> system { >> host-name: "r0" >> domain-name: "aaaaa.se" >> name-server 195.54.122.204 >> name-server 195.54.122.198 >> name-server 195.54.122.200 >> ntp-server "69.59.150.135" >> static-host-mapping { >> host-name r0 { >> inet: 127.0.0.1 >> } >> } >> login { >> user yyyyy { >> authentication { >> encrypted-password: "zzzzzzzzzzzzzzzzzzzzzzzzzzzz." >> plaintext-password: "" >> } >> } >> user yyyyy { >> authentication { >> encrypted-password: "zzzzzzzzzzzzzzzzzzzzzzzzzzzzz." >> plaintext-password: "" >> } >> } >> } >> package { >> repository community { >> component: "main" >> url: "http://archive.vyatta.com/vyatta" >> } >> } >> } >> rtrmgr { >> config-directory: "/opt/vyatta/etc/config" >> } >> >> >> Oh, eth0 is just so I can configure the router from the comfort of my couch, >> as opposed to a small stool in a very cold room :). >> >> I'd appreciate any suggestions to remedy my situation. >> >> Thanks, >> >> >> Richard Nordlund. >> >> _______________________________________________ >> Vyatta-users mailing list >> Vyatta-users@mailman.vyatta.com >> http://mailman.vyatta.com/mailman/listinfo/vyatta-users >> _______________________________________________ Vyatta-users mailing list Vyatta-users@mailman.vyatta.com http://mailman.vyatta.com/mailman/listinfo/vyatta-users