forwarding is already on for routing. your nat needs to look something
like:
service {
nat {
rule 10 {
type: "masquerade"
outbound-interface: "eth1.201"
source {
network: "192.168.1.0/24"
}
destination {
network: "0.0.0.0/0"
}
}
rule 20 {
type: "masquerade"
outbound-interface: "eth1.201"
source {
network: "192.168.5.0/24"
}
destination {
network: "0.0.0.0/0"
}
}
------------------
Aubrey Wells
Senior Engineer
Shelton | Johns Technology Group
404.478.2790
www.sheltonjohns.com
On Nov 20, 2007, at 4:35 PM, Rodrigo Romero III wrote:
> i'll try that,
> now for NAT on Private Network: what is the configuration for the
> private network to go out using a specific vif and masquerade the IP
> to
> use the one there on the vif?
>
> and for Routing: do i need to enable forwarding or something?
>
>
> Aubrey Wells wrote:
>> to specify a vif ethernet interface, its <physical interface>.<vlan
>> id> ie: for vlan 201 on interfce eth2, you'd say eth2.201
>>
>> You're going to have a problem with dhcp on a vif, as I found out.
>> see
>> bug 2447 for two possible workarounds..
>> https://bugzilla.vyatta.com/show_bug.cgi?id=2447
>>
>> do one of those workarounds, and it will work fine. it wont ask for
>> an
>> interface, you just define the subnet to hand out.
>>
>>
>> ------------------
>> Aubrey Wells
>> Senior Engineer
>> Shelton | Johns Technology Group
>> 404.478.2790
>> www.sheltonjohns.com
>>
>>
>>
>> On Nov 20, 2007, at 4:04 PM, Rodrigo Romero III wrote:
>>
>>> This scenario is very uncommon. I have a Fedora box with 3 NICs,
>>> and
>>> for security reasons I'll name all the Public Addresses with
>>> 172.16.x.x
>>> IPs, and Private IPs will be 192.168.0.x:
>>> eth0: ISP1-172.16.10.2/30
>>> eth0.1: ISP2-172.16.20.2/30
>>> eth1: Users-192.168.0.62/26
>>> eth2: Servers-172.16.30.1/28
>>> Eth0 goes to a hub that has both ISPs connected to it. Eth1 (Users
>>> Network) uses DHCP and it is currently doing NAT and the default
>>> gateway for this NIC is 172.16.10.1 (wich is one of the ISP1s
>>> end), the
>>> other NIC, Eth2, has a pool of servers with Public IP Addresses
>>> that use
>>> the other ISP connection to go out by having this NIC with the
>>> gateway
>>> pointing to 172.16.20.1 (the ISP2 has a static routing for this to
>>> work
>>> on their side). Also I just got an Extra ISP uplink (not currently
>>> used) wich i just want as a backup for the servers in case the
>>> other one
>>> fails.
>>>
>>> What I'd like, is to have this same box running Vyatta Community
>>> 3. And
>>> also to use VLANS Instead of whole NICs/Ports. I managed to
>>> configure
>>> the VLANS on the two VLAN capable NICs (wich also are GIGABIT
>>> NICs) like
>>> this:
>>> eth1
>>> ID16- ISP1
>>> ID17- ISP2
>>> ID18- ISP3
>>> eth2
>>> ID 10-Servers
>>> ID 20-Users
>>>
>>> All the Vif had the corresponding IPs. The vyatta server sees all
>>> the
>>> machines (users, servers, and all the ISPs end) and the VLAN
>>> configuration was working fine with my cisco 2950 switch.
>>> However, NAT
>>> did not work fine and the routing i think wasnt working either.
>>> Could
>>> you help me to figure out a configuration for this type of scenario?
>>> The problem is For NAT it asks for an Interface and this is Eth1
>>> for the
>>> ISPs, but i need it to use a specific ISP, so how do i define it
>>> to use
>>> a vif instead of a physical address like eth1? Also i'm not sure
>>> if I
>>> have to tell the system something so it can route all the traffic
>>> on the
>>> different networks. I'm very new with vyatta, i managed to use it a
>>> couple of months ago and it worked fine using several NICs. But
>>> now i
>>> need it to work with VLANS. Also, i'll need help with the DHCP
>>> server
>>> because i think it will also ask me for an interface and i need it
>>> to
>>> use a vif instead, i dont know if this would work but if it does,
>>> this
>>> will save me a cisco1811 buy.
>>>
>>> I can only try this on Saturdays because it's the only day the
>>> network
>>> doesn't have high usage.
>>>
>>> regards,
>>>
>>> rodrigo
>>> _______________________________________________
>>> Vyatta-users mailing list
>>> Vyatta-users@mailman.vyatta.com
>>> http://mailman.vyatta.com/mailman/listinfo/vyatta-users
>>
>>
>
> --
> Rodrigo Romero III
> General Manager
> Avetti Global Services Corp.
> An Avetti.com Company
> The Century Tower, Suite 1611
> Phone: (507) 236-4593
> Fax: (507) 236-3381
> Cell phone: (507) 6618-4278
> E-mail: [EMAIL PROTECTED]
> Skype: avettisupport
> http://www.carritodecompras99.com
> ______________________________________________________________________
>
> NOTE: This e-mail is confidential and is intended only for the
> recipient(s) listed. Unauthorized use, disclosure, total or partial
> retention, dissemination, distribution or copying of this message or
> the information contained in it is strictly prohibited and
> sanctioned by law. If you receive this message in error, or you are
> not a listed recipient or someone authorized to receive e-mail on
> behalf of a listed recipient, please reply to the sender that the e-
> mail was misdirected and delete the e-mail. Thank you.
>
> NOTA: Este correo electronico es confidencial y esta dirigido
> unicamente a los destinatarios listados. El uso no autorizado,
> divulgación, la total o parcial retención, diseminacion,
> distribucion o copia de este mensaje o la informacion contenida en
> el es estrictamente prohibida y es sancionada por la ley. Si usted
> recibe este mensaje por error, o usted no es uno de los
> destinatarios listados o una persona autorizada a recibir correo
> electronico en beneficio de uno de los destinatarios listados, favor
> responder al autor e informar que el correo electronico fue
> erroneamente dirigido a usted y elimine (borre) el correo . Gracias.
>
> _______________________________________________
> Vyatta-users mailing list
> Vyatta-users@mailman.vyatta.com
> http://mailman.vyatta.com/mailman/listinfo/vyatta-users
_______________________________________________
Vyatta-users mailing list
Vyatta-users@mailman.vyatta.com
http://mailman.vyatta.com/mailman/listinfo/vyatta-users
