2011/04/01

Howto Vyatta DNAT : one outside ip directly to inside ip

Just a small tutorial on howto create a natted network. In my setup the outside ip is 10.5.4.2 (in effect my users would surf to this address). This ip is added to eth0. Very important because otherwise vyatta won't pick packets for this ip, I learned that the hard way. Internally in a private network the ip of the server is 10.114.114.2 . Notice that on the inside interface I only have to set my own IP as the 10.114.114.2 ip address is consumed by the server.

This was configured in the following way

interfaces {
ethernet eth0 {
address 10.5.4.13/20
address 10.5.4.2/20
hw-id 00:0c:29:20:a5:f0
}
ethernet eth1 {
address 10.114.114.13/24
hw-id 00:0c:29:20:a5:fa
}

service {
nat {
rule 2 {
destination {
address 10.5.4.2
}
inbound-interface eth0
inside-address {
address 10.114.114.2
}
protocol all
source {
address 0.0.0.0/0
}
type destination
}

Notice that the vyatta router is address .13 but i added .2 so that vyatta can Nat this ip to the internal 10.114.114.2 ip address. The destination rule is the ip my users use to connect to the inside-address 10.114.114.2 . The source address statement tells the router that every pc in the whole wide world can connect to this 10.5.4.2 and will be nated. You can have multiple servers natted, just add extra ip addresses on eth0 and create extra rules.

No comments:

Post a Comment