Re: [vpp-dev] Outdated home gateway script for NAT?
The “service restart isc-dhcp-server” command is a hack which only knows how to restart the isc-dhcp-server, not dnsmasq. You’ll need to tinker with it to restart dnsmasq, which almost certainly needs to deal with the lstack interface. HTH... Dave From: vpp-dev@lists.fd.io On Behalf Of pepijn de vos Sent: Sunday, December 25, 2022 12:49 PM To: vpp-dev@lists.fd.io Subject: Re: [vpp-dev] Outdated home gateway script for NAT? Hi Dave, Works! I modified the .gate file to define TRUNKHW (the actual hardware interface) and VLAN and updated TRUNK to be the subinterface. Then I added a few lines to create the subinterface, and the rest of the script now automatically referred to the subinterface. So at least the tap interface, wan dhcp client, and the nat44 setup work with the subinterface. I'm not using any of the other goodies for now, since I want to keep it simple and understandable. I'm using dnsmasq for the DHCP and DNS server, I could add my config to the docs if that would be useful. Oh reminds me, I also got an input error from the service restart command that supposedly restarts the DHCP server. Not sure why that's there, and if you should be able to execute arbitrary shell commands, or there is some service plugin I did not load. I did find that dnsmasq doesn't like it if you tell it to only bind to lstack before vpp has started for obvious reasons, but the default behavior of binding to all interfaces and rejecting the ones that are not selected works like a treat. (this seems fine since the kernel doesn't know about the WAN interface anyway) Regards, Pepijn -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#22387): https://lists.fd.io/g/vpp-dev/message/22387 Mute This Topic: https://lists.fd.io/mt/95859254/21656 Group Owner: vpp-dev+ow...@lists.fd.io Unsubscribe: https://lists.fd.io/g/vpp-dev/leave/1480452/21656/631435203/xyzzy [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
Re: [vpp-dev] Outdated home gateway script for NAT?
Hi Dave, Works! I modified the .gate file to define TRUNKHW (the actual hardware interface) and VLAN and updated TRUNK to be the subinterface. Then I added a few lines to create the subinterface, and the rest of the script now automatically referred to the subinterface. So at least the tap interface, wan dhcp client, and the nat44 setup work with the subinterface. I'm not using any of the other goodies for now, since I want to keep it simple and understandable. I'm using dnsmasq for the DHCP and DNS server, I could add my config to the docs if that would be useful. Oh reminds me, I also got an input error from the service restart command that supposedly restarts the DHCP server. Not sure why that's there, and if you should be able to execute arbitrary shell commands, or there is some service plugin I did not load. I did find that dnsmasq doesn't like it if you tell it to only bind to lstack before vpp has started for obvious reasons, but the default behavior of binding to all interfaces and rejecting the ones that are not selected works like a treat. (this seems fine since the kernel doesn't know about the WAN interface anyway) Regards, Pepijn -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#22386): https://lists.fd.io/g/vpp-dev/message/22386 Mute This Topic: https://lists.fd.io/mt/95859254/21656 Group Owner: vpp-dev+ow...@lists.fd.io Unsubscribe: https://lists.fd.io/g/vpp-dev/leave/1480452/21656/631435203/xyzzy [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
Re: [vpp-dev] Outdated home gateway script for NAT?
I think that you just need to create an L3 vlan subinterface: vpp# create sub-interface 300 At that point, .300 should be an L3 subinterface which will strip vlan tag 300 for RX packets, and add vlan tag 300 for TX packets. Strikes me that that’s exactly what you need. if =GigabitEthernet3/0/0, setting TRUNK_PORT to GigabitEthernet3/0/0.300 and inhaling the rest of the configuration MAY just work. I’ve never tested the various NAT flavors, the DNS resolver, etc. to see if the code truly works with vlan subinterfaces. Let me know what happens. I’ve never constructed a suitable test topology for this use case, so it may take some doing to fix issues. HTH... Dave From: vpp-dev@lists.fd.io On Behalf Of pepijn de vos Sent: Sunday, December 25, 2022 11:30 AM To: vpp-dev@lists.fd.io Subject: Re: [vpp-dev] Outdated home gateway script for NAT? Hi Dave, Thanks a lot of the update, I have managed to get it to work now, at least as a secondary router behind my ISP router. My ISP wants the WAN port to use VLAN 300, and I can't figure out how to do that. I've tried to push the vlan tag on the outward port set int l2 tag-rewrite $(TRUNK) push dot1q 300 and I tried creating a subinterface and binding nat44 to that create sub-interfaces $(TRUNK) 300 default set int state $(TRUNK).300 up set interface nat44 in bvi0 out $(TRUNK).300 and tried the reverse on the bvi0 interface. I might be missing the correct commands by a millimeter or a kilometer, but I'm not getting an IP on the WAN. TBH I did not copy most of the new additions because I had to google what some of them even stand for. Maybe once I got this all set up I should make a PR to add some comments and instructions for beginners like me on what some of these commands do and what they are for. Cheers, Pepijn -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#22385): https://lists.fd.io/g/vpp-dev/message/22385 Mute This Topic: https://lists.fd.io/mt/95859254/21656 Group Owner: vpp-dev+ow...@lists.fd.io Unsubscribe: https://lists.fd.io/g/vpp-dev/leave/1480452/21656/631435203/xyzzy [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
Re: [vpp-dev] Outdated home gateway script for NAT?
Hi Dave, Thanks a lot of the update, I have managed to get it to work now, at least as a secondary router behind my ISP router. My ISP wants the WAN port to use VLAN 300, and I can't figure out how to do that. I've tried to push the vlan tag on the outward port set int l2 tag-rewrite $(TRUNK) push dot1q 300 and I tried creating a subinterface and binding nat44 to that create sub-interfaces $(TRUNK) 300 default set int state $(TRUNK).300 up set interface nat44 in bvi0 out $(TRUNK).300 and tried the reverse on the bvi0 interface. I might be missing the correct commands by a millimeter or a kilometer, but I'm not getting an IP on the WAN. TBH I did not copy most of the new additions because I had to google what some of them even stand for. Maybe once I got this all set up I should make a PR to add some comments and instructions for beginners like me on what some of these commands do and what they are for. Cheers, Pepijn -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#22384): https://lists.fd.io/g/vpp-dev/message/22384 Mute This Topic: https://lists.fd.io/mt/95859254/21656 Group Owner: vpp-dev+ow...@lists.fd.io Unsubscribe: https://lists.fd.io/g/vpp-dev/leave/1480452/21656/631435203/xyzzy [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
Re: [vpp-dev] Outdated home gateway script for NAT?
I've updated the doc, please see https://gerrit.fd.io/r/c/vpp/+/37859 HTH... Dave -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#22383): https://lists.fd.io/g/vpp-dev/message/22383 Mute This Topic: https://lists.fd.io/mt/95859254/21656 Group Owner: vpp-dev+ow...@lists.fd.io Unsubscribe: https://lists.fd.io/g/vpp-dev/leave/1480452/21656/631435203/xyzzy [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
Re: [vpp-dev] Outdated home gateway script for NAT?
Thanks for the report. I’ll update the doc… > On Dec 24, 2022, at 3:45 AM, pepijn de vos wrote: > > > Hello, > > I'm quite new to VPP and trying to follow the "VPP as a Home Gateway" setup. > After following the installation instructions and copying the configuration > files, NAT does not seem to be working. > When I enabled NAT44 it gave an outright error: nat44: unknown input `enable > users 50 user-sessions ...' > I then tried to change that to "nat44 plugin enable" as an educated guess, > and also tried to enable CNAT instead as the example does. > > In both cases the result is the same: > The WAN port gets an IP, the LAN port hands out IPs, and I can ping > 192.168.5.2 from the LAN port. > But I can not ping 192.168.5.1 or the rest of the internet from either the > router itself or the LAN port. > What I CAN do is enable the ping plugin and ping 8.8.8.8 from vppctl. > So it seems to me like the LAN and WAN sides are both working as intended, > but NAT isn't working. > > I'm not really sure how to go ahead debugging this issue. > Also apologies if this is too much of a "user" question for a "dev" mailing > list, but I did not find anything else, and it seems like the docs are at > least somewhat wrong/outdated. > > Regards, > Pepijn > > > -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#22382): https://lists.fd.io/g/vpp-dev/message/22382 Mute This Topic: https://lists.fd.io/mt/95859254/21656 Group Owner: vpp-dev+ow...@lists.fd.io Unsubscribe: https://lists.fd.io/g/vpp-dev/leave/1480452/21656/631435203/xyzzy [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[vpp-dev] Outdated home gateway script for NAT?
Hello, I'm quite new to VPP and trying to follow the "VPP as a Home Gateway" setup. After following the installation instructions and copying the configuration files, NAT does not seem to be working. When I enabled NAT44 it gave an outright error: nat44: unknown input `enable users 50 user-sessions ...' I then tried to change that to "nat44 plugin enable" as an educated guess, and also tried to enable CNAT instead as the example does. In both cases the result is the same: The WAN port gets an IP, the LAN port hands out IPs, and I can ping 192.168.5.2 from the LAN port. But I can not ping 192.168.5.1 or the rest of the internet from either the router itself or the LAN port. What I CAN do is enable the ping plugin and ping 8.8.8.8 from vppctl. So it seems to me like the LAN and WAN sides are both working as intended, but NAT isn't working. I'm not really sure how to go ahead debugging this issue. Also apologies if this is too much of a "user" question for a "dev" mailing list, but I did not find anything else, and it seems like the docs are at least somewhat wrong/outdated. Regards, Pepijn -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#22381): https://lists.fd.io/g/vpp-dev/message/22381 Mute This Topic: https://lists.fd.io/mt/95859254/21656 Group Owner: vpp-dev+ow...@lists.fd.io Unsubscribe: https://lists.fd.io/g/vpp-dev/leave/1480452/21656/631435203/xyzzy [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
