Actually, if you use .18 you'll lose access to your vyatta box since
you're doing an any/any match on the inbound nat. I'm not sure if
vyatta will allow you to use a non-defined ip (such as .19 in your
case) for the nat, as I've never tried it. You can on other firewalls
though, so it might work.
--
Aubrey Wells
Senior Engineer
Shelton | Johns Technology Group
A Vyatta Ready Partner
www.sheltonjohns.com
On Dec 1, 2007, at 1:12 PM, Aubrey Wells wrote:
You can't use an ip that is attached to a different device as the
outside-address, otherwise all the inbound connections will
terminate on the other device and it won't know what to do with
them. You need to use .18 for the outside-address of the NAT.
--
Aubrey Wells
Senior Engineer
Shelton | Johns Technology Group
A Vyatta Ready Partner
www.sheltonjohns.com
On Dec 1, 2007, at 12:47 PM, Régis wrote:
Hi all,
This is my config for acces to web server in A.B.C.64 (it’s a
public ip):
protocols {
static {
disable: false
route 0.0.0.0/0 {
next-hop: E.F.G.17
metric: 1
}
}
}
policy {
}
interfaces {
restore: false
loopback lo {
description:
address 10.0.0.65 {
prefix-length: 32
disable: false
}
}
ethernet eth0 {
disable: false
discard: false
description:
hw-id: 00:30:f1:42:04:c3
duplex: auto
speed: auto
address E.F.G.18 {
prefix-length: 24
disable: false
}
}
ethernet eth1 {
disable: false
discard: false
description:
hw-id: 00:30:f1:42:05:e8
duplex: auto
speed: auto
address A.B.C.95 {
prefix-length: 24
disable: false
}
}
}
service {
nat {
rule 10 {
type: source
outbound-interface: eth0
protocols: all
source {
address: A.B.C.64
}
destination {
network: 0.0.0.0/0
}
outside-address {
address: E.F.G.17
}
}
rule 20 {
type: destination
inbound-interface: eth0
protocols: all
source {
network: 0.0.0.0/0
}
destination {
address: E.F.G.17
}
inside-address {
address: A.B.C.64
}
}
}
ssh {
port: 22
protocol-version: v2
}
telnet {
port: 23
}
webgui {
http-port: 80
https-port: 443
}
}
firewall {
log-martians: enable
send-redirects: disable
receive-redirects: disable
ip-src-route: disable
broadcast-ping: disable
syn-cookies: enable
}
system {
host-name: rt01-estephe
domain-name: x.net
name-server 80.118.192.100
name-server 80.118.196.36
time-zone: GMT+1
ntp-server 0.fr.pool.ntp.org
ntp-server 1.fr.pool.ntp.org
gateway-address: E.F.G.17
login {
user root {
full-name:
authentication {
encrypted-password: ---
plaintext-password:
}
}
user --- {
full-name: Regis
authentication {
encrypted-password: ---
plaintext-password:
}
}
}
package {
auto-sync: 1
repository community {
component: main
url: http://archive.vyatta.com/vyatta;
}
}
options {
reboot-on-panic: true
}
}
Routes: 5/5, Paths: 5/5
0.0.0.0/0[static(1)] to E.F.G.17
via eth0
10.0.0.65/32[connected(0)] to
10.0.0.65via lo
A.B.C.0/24[connected(0)] to A.B.C.
95via eth1
127.0.0.0/8[connected(0)] to
127.0.0.1via lo
E.F.G.0/24[connected(0)] to E.F.G.
18via eth0
My web server don’t show http service but i can ping the A.B.C.64
Thanks!
Régis BOULINEAU
___
Vyatta-users mailing list
Vyatta-users@mailman.vyatta.com
http://mailman.vyatta.com/mailman/listinfo/vyatta-users