Hello Robyn,
Thank you for your quick reply.
You assume correctly, all xxx addresses are in public IP address space. My
ISP has confirmed both via e-mail and over the phone that the 6.96/29
addresses are routed to 6.90.
I don't want to use NAT, as the 6.88/29 net is only meant to be a
communication net between my router and their (the ISPs) routers. The point
is to use the Ips assigned (6.96/29).
I have not had this working with another router as this is a new connection,
and I though i'd give vyatta a try instead of donating some more money to
cisco ;)
I'm interested to know if the problem is a bad configuration on my part, or
there might be a problem elsewhere.
Cheers,
Richard.
On 9/13/07 3:35 PM, "Robyn Orosz" <[EMAIL PROTECTED]> wrote:
> Hi Richard,
>
> It sounds like the xxx.xxx.6.96/29 (I am assuming this is public IP
> address space) may not be externally routed to xxx.xxx.6.90 by your
> ISP. The ISP must have a route on their router that looks something
> like this:
>
> protocols {
> static {
> route xxx.xxx.6.96/29 {
> next-hop: xxx.xxx.6.90
> }
> }
> }
>
> Or probably the Cisco equivalent.
>
> So if the ISP for example, has your IPs set as xxx.xxx.6.88/28 then
> their router will ARP for devices on the xxx.xxx.6.88/28 as they are
> considered directly connected. Since your host is not directly
> connected to the ISP router, it will not be able to respond to the ARP
> request. The packet from xxx.xxx.6.100 (host) will reach the ISP router
> but the ISP will not know where to send the return packet because there
> is another router (your Vyatta) in between that it does not know about.
>
> So, my questions are:
>
> 1. Are you certain that your ISP has allocated 2 /29s to you and has
> routed xxx.xxx.6.96/29 to the next hop of your Vyatta router xxx.xxx.6/90?
> 2. Have you had the same setup working on another router?
>
> Try giving eth1 a set of private IPs and configure NAT:
>
> rule 1 {
> type: "masquerade"
> outbound-interface: "eth1" <your external facing interface>
> source {
> network: 192.168.1.0/24 <or any private network>
> }
> destination {
> network: 0.0.0.0/0
> }
> }
>
> Your host should be able to get past the router this way if you are able
> to ping outside from the router itself.
>
> Thanks!
>
> Robyn
> Richard Nordlund wrote:
>> Hello,
>>
>> I have set up a vyatta router to sit between my ISP and my external network.
>> After following the quick start quide, and browsing the manual, I have been
>> able to set IP addresses for my external net, my access net (to my ISP) and
>> (a temporary interface) to my internal net (for configuration and testing).
>>
>> My problem is that, although I can ping a host on the internet from the
>> router, I cannot do so from a host behind the router. I can however ping the
>> router, and the router can ping my host.
>>
>> As you can see, from my configuration below, I have been assigned the
>> network xxx.xxx.6.96/29, routed to xxx.xxx.6.90 through access net
>> xxx.xxx.6.88/29 with a gateway at 6.89.
>>
>> A host, given a static ip, 6.100 can ping 6.97 (the routers eth2) and 6.90
>> (the routers eth1), but NOT anything beyond that.
>>
>> My configuration is as follows.
>>
>> protocols {
>> static {
>> route 0.0.0.0/0 {
>> next-hop: xxx.xxx.6.89
>> }
>> }
>> }
>> policy {
>> }
>> interfaces {
>> loopback lo {
>> address 10.99.99.65 {
>> prefix-length: 32
>> }
>> }
>> ethernet eth0 {
>> hw-id: 00:0C:29:7E:83:0E
>> address 10.1.4.11 {
>> prefix-length: 24
>> }
>> }
>> ethernet eth1 {
>> description: "access link"
>> hw-id: 00:0C:29:7E:83:18
>> address xxx.xxx.6.90 {
>> prefix-length: 29
>> broadcast: xxx.xxx.6.95
>> }
>> }
>> ethernet eth2 {
>> description: "external net"
>> hw-id: 00:0C:29:7E:83:22
>> address xxx.xxx.6.97 {
>> prefix-length: 29
>> broadcast: xxx.xxx.6.103
>> }
>> }
>> }
>> service {
>> http {
>> }
>> ssh {
>> }
>> }
>> firewall {
>> }
>> system {
>> host-name: "r0"
>> domain-name: "aaaaa.se"
>> name-server 195.54.122.204
>> name-server 195.54.122.198
>> name-server 195.54.122.200
>> ntp-server "69.59.150.135"
>> static-host-mapping {
>> host-name r0 {
>> inet: 127.0.0.1
>> }
>> }
>> login {
>> user yyyyy {
>> authentication {
>> encrypted-password: "zzzzzzzzzzzzzzzzzzzzzzzzzzzz."
>> plaintext-password: ""
>> }
>> }
>> user yyyyy {
>> authentication {
>> encrypted-password: "zzzzzzzzzzzzzzzzzzzzzzzzzzzzz."
>> plaintext-password: ""
>> }
>> }
>> }
>> package {
>> repository community {
>> component: "main"
>> url: "http://archive.vyatta.com/vyatta";
>> }
>> }
>> }
>> rtrmgr {
>> config-directory: "/opt/vyatta/etc/config"
>> }
>>
>>
>> Oh, eth0 is just so I can configure the router from the comfort of my couch,
>> as opposed to a small stool in a very cold room :).
>>
>> I'd appreciate any suggestions to remedy my situation.
>>
>> Thanks,
>>
>>
>> Richard Nordlund.
>>
>> _______________________________________________
>> Vyatta-users mailing list
>> Vyatta-users@mailman.vyatta.com
>> http://mailman.vyatta.com/mailman/listinfo/vyatta-users
>>
_______________________________________________
Vyatta-users mailing list
Vyatta-users@mailman.vyatta.com
http://mailman.vyatta.com/mailman/listinfo/vyatta-users
