[Vyatta-users] VLANs, NAT and DHCP scenario with multiple ISP
This scenario is very uncommon. I have a Fedora box with 3 NICs, and for security reasons I'll name all the Public Addresses with 172.16.x.x IPs, and Private IPs will be 192.168.0.x: eth0: ISP1-172.16.10.2/30 eth0.1: ISP2-172.16.20.2/30 eth1: Users-192.168.0.62/26 eth2: Servers-172.16.30.1/28 Eth0 goes to a hub that has both ISPs connected to it. Eth1 (Users Network) uses DHCP and it is currently doing NAT and the default gateway for this NIC is 172.16.10.1 (wich is one of the ISP1s end), the other NIC, Eth2, has a pool of servers with Public IP Addresses that use the other ISP connection to go out by having this NIC with the gateway pointing to 172.16.20.1 (the ISP2 has a static routing for this to work on their side). Also I just got an Extra ISP uplink (not currently used) wich i just want as a backup for the servers in case the other one fails. What I'd like, is to have this same box running Vyatta Community 3. And also to use VLANS Instead of whole NICs/Ports. I managed to configure the VLANS on the two VLAN capable NICs (wich also are GIGABIT NICs) like this: eth1 ID16- ISP1 ID17- ISP2 ID18- ISP3 eth2 ID 10-Servers ID 20-Users All the Vif had the corresponding IPs. The vyatta server sees all the machines (users, servers, and all the ISPs end) and the VLAN configuration was working fine with my cisco 2950 switch. However, NAT did not work fine and the routing i think wasnt working either. Could you help me to figure out a configuration for this type of scenario? The problem is For NAT it asks for an Interface and this is Eth1 for the ISPs, but i need it to use a specific ISP, so how do i define it to use a vif instead of a physical address like eth1? Also i'm not sure if I have to tell the system something so it can route all the traffic on the different networks. I'm very new with vyatta, i managed to use it a couple of months ago and it worked fine using several NICs. But now i need it to work with VLANS. Also, i'll need help with the DHCP server because i think it will also ask me for an interface and i need it to use a vif instead, i dont know if this would work but if it does, this will save me a cisco1811 buy. I can only try this on Saturdays because it's the only day the network doesn't have high usage. regards, rodrigo ___ Vyatta-users mailing list Vyatta-users@mailman.vyatta.com http://mailman.vyatta.com/mailman/listinfo/vyatta-users
Re: [Vyatta-users] VLANs, NAT and DHCP scenario with multiple ISP
to specify a vif ethernet interface, its physical interface.vlan id ie: for vlan 201 on interfce eth2, you'd say eth2.201 You're going to have a problem with dhcp on a vif, as I found out. see bug 2447 for two possible workarounds.. https://bugzilla.vyatta.com/show_bug.cgi?id=2447 do one of those workarounds, and it will work fine. it wont ask for an interface, you just define the subnet to hand out. -- Aubrey Wells Senior Engineer Shelton | Johns Technology Group 404.478.2790 www.sheltonjohns.com On Nov 20, 2007, at 4:04 PM, Rodrigo Romero III wrote: This scenario is very uncommon. I have a Fedora box with 3 NICs, and for security reasons I'll name all the Public Addresses with 172.16.x.x IPs, and Private IPs will be 192.168.0.x: eth0: ISP1-172.16.10.2/30 eth0.1: ISP2-172.16.20.2/30 eth1: Users-192.168.0.62/26 eth2: Servers-172.16.30.1/28 Eth0 goes to a hub that has both ISPs connected to it. Eth1 (Users Network) uses DHCP and it is currently doing NAT and the default gateway for this NIC is 172.16.10.1 (wich is one of the ISP1s end), the other NIC, Eth2, has a pool of servers with Public IP Addresses that use the other ISP connection to go out by having this NIC with the gateway pointing to 172.16.20.1 (the ISP2 has a static routing for this to work on their side). Also I just got an Extra ISP uplink (not currently used) wich i just want as a backup for the servers in case the other one fails. What I'd like, is to have this same box running Vyatta Community 3. And also to use VLANS Instead of whole NICs/Ports. I managed to configure the VLANS on the two VLAN capable NICs (wich also are GIGABIT NICs) like this: eth1 ID16- ISP1 ID17- ISP2 ID18- ISP3 eth2 ID 10-Servers ID 20-Users All the Vif had the corresponding IPs. The vyatta server sees all the machines (users, servers, and all the ISPs end) and the VLAN configuration was working fine with my cisco 2950 switch. However, NAT did not work fine and the routing i think wasnt working either. Could you help me to figure out a configuration for this type of scenario? The problem is For NAT it asks for an Interface and this is Eth1 for the ISPs, but i need it to use a specific ISP, so how do i define it to use a vif instead of a physical address like eth1? Also i'm not sure if I have to tell the system something so it can route all the traffic on the different networks. I'm very new with vyatta, i managed to use it a couple of months ago and it worked fine using several NICs. But now i need it to work with VLANS. Also, i'll need help with the DHCP server because i think it will also ask me for an interface and i need it to use a vif instead, i dont know if this would work but if it does, this will save me a cisco1811 buy. I can only try this on Saturdays because it's the only day the network doesn't have high usage. regards, rodrigo ___ Vyatta-users mailing list Vyatta-users@mailman.vyatta.com http://mailman.vyatta.com/mailman/listinfo/vyatta-users ___ Vyatta-users mailing list Vyatta-users@mailman.vyatta.com http://mailman.vyatta.com/mailman/listinfo/vyatta-users
Re: [Vyatta-users] VLANs, NAT and DHCP scenario with multiple ISP
how about the static routes and the gateway? should I declare a default
Gateway or leave it in blank? I want one network, the one with the
private network and NAT to go out using one vif (ISP1) and the Servers
to go out using another vif (ISP2).
Aubrey Wells wrote:
forwarding is already on for routing. your nat needs to look something
like:
service {
nat {
rule 10 {
type: masquerade
outbound-interface: eth1.201
source {
network: 192.168.1.0/24
}
destination {
network: 0.0.0.0/0
}
}
rule 20 {
type: masquerade
outbound-interface: eth1.201
source {
network: 192.168.5.0/24
}
destination {
network: 0.0.0.0/0
}
}
--
Aubrey Wells
Senior Engineer
Shelton | Johns Technology Group
404.478.2790
www.sheltonjohns.com
On Nov 20, 2007, at 4:35 PM, Rodrigo Romero III wrote:
i'll try that,
now for NAT on Private Network: what is the configuration for the
private network to go out using a specific vif and masquerade the IP to
use the one there on the vif?
and for Routing: do i need to enable forwarding or something?
Aubrey Wells wrote:
to specify a vif ethernet interface, its physical interface.vlan
id ie: for vlan 201 on interfce eth2, you'd say eth2.201
You're going to have a problem with dhcp on a vif, as I found out. see
bug 2447 for two possible workarounds..
https://bugzilla.vyatta.com/show_bug.cgi?id=2447
do one of those workarounds, and it will work fine. it wont ask for an
interface, you just define the subnet to hand out.
--
Aubrey Wells
Senior Engineer
Shelton | Johns Technology Group
404.478.2790
www.sheltonjohns.com
On Nov 20, 2007, at 4:04 PM, Rodrigo Romero III wrote:
This scenario is very uncommon. I have a Fedora box with 3 NICs, and
for security reasons I'll name all the Public Addresses with
172.16.x.x
IPs, and Private IPs will be 192.168.0.x:
eth0: ISP1-172.16.10.2/30
eth0.1: ISP2-172.16.20.2/30
eth1: Users-192.168.0.62/26
eth2: Servers-172.16.30.1/28
Eth0 goes to a hub that has both ISPs connected to it. Eth1 (Users
Network) uses DHCP and it is currently doing NAT and the default
gateway for this NIC is 172.16.10.1 (wich is one of the ISP1s end),
the
other NIC, Eth2, has a pool of servers with Public IP Addresses
that use
the other ISP connection to go out by having this NIC with the gateway
pointing to 172.16.20.1 (the ISP2 has a static routing for this to
work
on their side). Also I just got an Extra ISP uplink (not currently
used) wich i just want as a backup for the servers in case the
other one
fails.
What I'd like, is to have this same box running Vyatta Community 3.
And
also to use VLANS Instead of whole NICs/Ports. I managed to configure
the VLANS on the two VLAN capable NICs (wich also are GIGABIT NICs)
like
this:
eth1
ID16- ISP1
ID17- ISP2
ID18- ISP3
eth2
ID 10-Servers
ID 20-Users
All the Vif had the corresponding IPs. The vyatta server sees all the
machines (users, servers, and all the ISPs end) and the VLAN
configuration was working fine with my cisco 2950 switch. However,
NAT
did not work fine and the routing i think wasnt working either. Could
you help me to figure out a configuration for this type of scenario?
The problem is For NAT it asks for an Interface and this is Eth1
for the
ISPs, but i need it to use a specific ISP, so how do i define it to
use
a vif instead of a physical address like eth1? Also i'm not sure if I
have to tell the system something so it can route all the traffic
on the
different networks. I'm very new with vyatta, i managed to use it a
couple of months ago and it worked fine using several NICs. But now i
need it to work with VLANS. Also, i'll need help with the DHCP server
because i think it will also ask me for an interface and i need it to
use a vif instead, i dont know if this would work but if it does, this
will save me a cisco1811 buy.
I can only try this on Saturdays because it's the only day the network
doesn't have high usage.
regards,
rodrigo
___
Vyatta-users mailing list
Vyatta-users@mailman.vyatta.com
http://mailman.vyatta.com/mailman/listinfo/vyatta-users
--
Rodrigo Romero III
General Manager
Avetti Global Services Corp.
An Avetti.com Company
The Century Tower, Suite 1611
Phone: (507) 236-4593
Fax: (507) 236-3381
Cell phone: (507) 6618-4278
E-mail: [EMAIL PROTECTED]
Skype: avettisupport
http://www.carritodecompras99.com
__
NOTE: This e-mail is confidential and is intended only for the
recipient(s) listed. Unauthorized use, disclosure, total or partial
retention, dissemination,
