Your masquerade rules should look something like this:
service {
nat {
rule 10 {
type: "masquerade"
outbound-interface: "eth1"
source {
network: "192.168.xxx.0/24"
}
destination {
network: "0.0.0.0/0"
}
}
you can use the outside-address keyword to make it use a specific
address, otherwise it will use the address of the interface traffic
goes out (75.145.xxx.189 in this case).
Hope this helps.
------------------
Aubrey Wells
Senior Engineer
Shelton | Johns Technology Group
A Vyatta Ready Partner
www.sheltonjohns.com
On Dec 2, 2007, at 3:50 PM, Todd Worden wrote:
> Ya... that is right... ip-passthru and the 10.1.10.1 is for managing
> the SMC
> IP Gateway. So that is a good idea, I'll add the extra subnet to eth0
> (which is the lan).
>
> So I have gotten a bit further, and am now able to ping
> www.google.com and
> also Server 1. I can't yet access the internet from Server 1
> though. This
> may be the vyatta router config or perhaps my server configuration,
> but I
> would think it not the server since I can see vyatta from there. Is
> this
> where I need to configure a NAT rule?
>
> I was looking at this person's post on configuring
> http://hostseries.com/wp-content/uploads/2007/10/
> installing_vyatta.txt but
> there doesn't seem to be a translation type property anymore. If I
> select
> type = source then I am prompted by the webgui to define an outside
> address,
> which I am not sure what is. Otherwise, I have tried masquerade,
> which I
> think is the right choice, but still no luck.
>
> Here is my latest configuration:
>
> protocols {
> static {
> disable: false
> route 0.0.0.0/0 {
> next-hop: 75.145.xxx.190
> metric: 1
> }
> }
> }
> policy {
> }
> interfaces {
> restore: false
> loopback lo {
> description: ""
> }
> ethernet eth0 {
> disable: false
> discard: false
> description: "lan"
> hw-id: 00:40:63:ee:30:b0
> duplex: "auto"
> speed: "auto"
> address 192.168.xxx.1 {
> prefix-length: 24
> disable: false
> }
> }
> ethernet eth1 {
> disable: false
> discard: false
> description: "wan"
> hw-id: 00:40:63:ee:30:af
> duplex: "auto"
> speed: "auto"
> address 75.145.xxx.189 {
> prefix-length: 24
> disable: false
> }
> }
> }
> service {
> nat {
> rule 10 {
> type: "source"
> outbound-interface: "eth0"
> protocols: "all"
> source {
> network: "192.168.xxx.0/24"
> }
> destination {
> network: "0.0.0.0/0"
> }
> outside-address {
> address: 0.0.0.0
> }
> }
> }
> webgui {
> http-port: 80
> https-port: 443
> }
> }
> firewall {
> log-martians: "enable"
> send-redirects: "disable"
> receive-redirects: "disable"
> ip-src-route: "disable"
> broadcast-ping: "disable"
> syn-cookies: "enable"
> }
> system {
> host-name: "vyatta"
> domain-name: "web-wired.com"
> name-server 68.87.73.242
> time-zone: "GMT+4"
> ntp-server "69.59.150.135"
> gateway-address: 75.145.xxx.190
> login {
> user root {
> full-name: ""
> authentication {
> encrypted-password: "$1$$Ht7gBYnxI1xCdO/JOnodh."
> }
> }
> user vyatta {
> full-name: ""
> authentication {
> encrypted-password: "$1$$Ht7gBYnxI1xCdO/JOnodh."
> }
> }
> }
> package {
> auto-sync: 1
> repository community {
> component: "main"
> url: "http://archive.vyatta.com/vyatta";
> }
> }
> }
>
> Thanks for the responses!
>
> Todd
>
>
> -----Original Message-----
> From: Aubrey Wells [mailto:[EMAIL PROTECTED]
> Sent: Sunday, December 02, 2007 2:35 PM
> To: [EMAIL PROTECTED]@web-wired.biz
> Cc: [email protected]
> Subject: Re: [Vyatta-users] I'm stuck... can ping lan but to wan
>
> set system gateway-address and set protocols static route 0.0.0.0/0
> does the same thing. The problem with your default gateway is its not
> on any connected subnets. Are you doing ip-passthru on the cable
> modem, so you can acutally use the public IPs behind it? If that is
> the case, your default gateway needs to be 75.145.xxx.190. I suspect
> this is the case, and the 10.1.10.1 is a management ip on the cable
> modem. If that is the case you'll want to add a secondary ip on the
> eth1 interface that is in that same subnet (say 10.1.10.2) so you can
> get to it from inside.
>
> ------------------
> Aubrey Wells
> Senior Engineer
> Shelton | Johns Technology Group
> A Vyatta Ready Partner
> www.sheltonjohns.com
>
>
>
>
>
> On Dec 2, 2007, at 11:33 AM, <[EMAIL PROTECTED]> <[EMAIL PROTECTED]>
> wrote:
>
>> Hi!
>>
>> I am working with Vyatta for the first time and I am currently stuck
>> on what
>> to do. I've googled a few howtos and also watched the videos and
>> read the
>> quick start. Here is my hardware/routing info:
>>
>> Comcast SMC IP Gateway
>> 1U dual m-itx VIA EK 10000 with 2 Compact Flash, 2 80G SATA, 2 512MB
>> ram, 2
>> RJ45 10/100 per mobo (planning for VRRP down the road).
>> eth0 = lan
>> eth1 = wan
>> Server 1 - Fedora 7
>> Server 2 - Fedora 7
>>
>> IP info:
>> Static IP block: 75.145.xxx.185 - 75.145.xxx.189
>> Gateway: 75.145.xxx.190
>> Subnet: 255.255.255.248
>> DNS 1: 68.87.73.242
>> DNS 2: 68.87.71.226
>> SMC IP: 10.1.10.1
>> Server 1: 192.168.xxx.189
>> Server 2: 192.168.xxx.188
>>
>> Current Vyatta Config:
>>
>> protocols {
>> static {
>> disable: false
>> route 0.0.0.0/0 {
>> next-hop: 10.1.10.1
>> metric: 1
>> }
>> }
>> }
>> policy {
>> }
>> interfaces {
>> restore: false
>> loopback lo {
>> description: ""
>> }
>> ethernet eth0 {
>> disable: false
>> discard: false
>> description: "lan"
>> hw-id: 00:40:63:ef:c3:1c
>> duplex: "auto"
>> speed: "auto"
>> address 192.168.xxx.1 {
>> prefix-length: 24
>> disable: false
>> }
>> }
>> ethernet eth1 {
>> disable: false
>> discard: false
>> description: "wan"
>> hw-id: 00:40:63:ef:c3:19
>> duplex: "auto"
>> speed: "auto"
>> address 75.145.xxx.189 {
>> prefix-length: 29
>> disable: false
>> }
>> }
>> }
>> service {
>> webgui {
>> http-port: 80
>> https-port: 443
>> }
>> }
>> firewall {
>> log-martians: "enable"
>> send-redirects: "disable"
>> receive-redirects: "disable"
>> ip-src-route: "disable"
>> broadcast-ping: "disable"
>> syn-cookies: "enable"
>> }
>> system {
>> host-name: "rt1"
>> domain-name: ""
>> name-server 68.87.73.242
>> name-server 68.87.71.226
>> time-zone: "GMT"
>> ntp-server "69.59.150.135"
>> gateway-address: 10.1.10.1
>> login {
>> user root {
>> full-name: ""
>> authentication {
>> encrypted-password: "$1$$Ht7gBYnxI1xCdO/JOnodh."
>> }
>> }
>> user vyatta {
>> full-name: ""
>> authentication {
>> encrypted-password: "$1$$Ht7gBYnxI1xCdO/JOnodh."
>> }
>> }
>> }
>> package {
>> auto-sync: 1
>> repository community {
>> component: "main"
>> url: "http://archive.vyatta.com/vyatta";
>> }
>> }
>> }
>>
>> I can currently ping my lan, which is further confirmed by being
>> able to
>> access Vyatta through Server1 via the WebGUI, but I cannot seem to
>> configure
>> the router correctly to ping the internet from the router. My
>> thought is
>> that my static route might not be correctly set, or possibly my
>> default
>> gateway. Seems one of them should point to 10.1.10.1 and the other
>> to
>> 75.145.xxx.190.
>>
>> Also, once I have set a static route under protocols I am noticing
>> that I
>> get an error whenever I attempt to edit it...
>>
>> Error - 102 Command failed cannot replace route for 0.0.0.0/0: no
>> such
>> route.
>>
>> Thanks!
>>
>> Todd Worden
>> Software Developer
>>
>> Growing Technologies
>> P: 434-296-1500
>> E: [EMAIL PROTECTED]
>>
>>
>>
>> _______________________________________________
>> Vyatta-users mailing list
>> [email protected]
>> http://mailman.vyatta.com/mailman/listinfo/vyatta-users
>
>
>
> __________ NOD32 2697 (20071202) Information __________
>
> This message was checked by NOD32 antivirus system.
> http://www.eset.com
>
>
>
> _______________________________________________
> Vyatta-users mailing list
> [email protected]
> http://mailman.vyatta.com/mailman/listinfo/vyatta-users
_______________________________________________
Vyatta-users mailing list
[email protected]
http://mailman.vyatta.com/mailman/listinfo/vyatta-users
