Re: [Vyatta-users] VLANs, NAT and DHCP scenario with multiple ISP
how about the static routes and the gateway? should I declare a default
Gateway or leave it in blank? I want one network, the one with the
private network and NAT to go out using one vif (ISP1) and the Servers
to go out using another vif (ISP2).
Aubrey Wells wrote:
> forwarding is already on for routing. your nat needs to look something
> like:
>
> service {
> nat {
> rule 10 {
> type: "masquerade"
> outbound-interface: "eth1.201"
> source {
> network: "192.168.1.0/24"
> }
> destination {
> network: "0.0.0.0/0"
> }
> }
> rule 20 {
> type: "masquerade"
> outbound-interface: "eth1.201"
> source {
> network: "192.168.5.0/24"
> }
> destination {
> network: "0.0.0.0/0"
> }
> }
>
>
>
> --
> Aubrey Wells
> Senior Engineer
> Shelton | Johns Technology Group
> 404.478.2790
> www.sheltonjohns.com
>
>
>
> On Nov 20, 2007, at 4:35 PM, Rodrigo Romero III wrote:
>
>> i'll try that,
>> now for NAT on Private Network: what is the configuration for the
>> private network to go out using a specific vif and masquerade the IP to
>> use the one there on the vif?
>>
>> and for Routing: do i need to enable forwarding or something?
>>
>>
>> Aubrey Wells wrote:
>>> to specify a vif ethernet interface, its .>> id> ie: for vlan 201 on interfce eth2, you'd say eth2.201
>>>
>>> You're going to have a problem with dhcp on a vif, as I found out. see
>>> bug 2447 for two possible workarounds..
>>> https://bugzilla.vyatta.com/show_bug.cgi?id=2447
>>>
>>> do one of those workarounds, and it will work fine. it wont ask for an
>>> interface, you just define the subnet to hand out.
>>>
>>>
>>> --
>>> Aubrey Wells
>>> Senior Engineer
>>> Shelton | Johns Technology Group
>>> 404.478.2790
>>> www.sheltonjohns.com
>>>
>>>
>>>
>>> On Nov 20, 2007, at 4:04 PM, Rodrigo Romero III wrote:
>>>
This scenario is very uncommon. I have a Fedora box with 3 NICs, and
for security reasons I'll name all the Public Addresses with
172.16.x.x
IPs, and Private IPs will be 192.168.0.x:
eth0: ISP1-172.16.10.2/30
eth0.1: ISP2-172.16.20.2/30
eth1: Users-192.168.0.62/26
eth2: Servers-172.16.30.1/28
Eth0 goes to a hub that has both ISPs connected to it. Eth1 (Users
Network) uses DHCP and it is currently doing NAT and the default
gateway for this NIC is 172.16.10.1 (wich is one of the ISP1s end),
the
other NIC, Eth2, has a pool of servers with Public IP Addresses
that use
the other ISP connection to go out by having this NIC with the gateway
pointing to 172.16.20.1 (the ISP2 has a static routing for this to
work
on their side). Also I just got an Extra ISP uplink (not currently
used) wich i just want as a backup for the servers in case the
other one
fails.
What I'd like, is to have this same box running Vyatta Community 3.
And
also to use VLANS Instead of whole NICs/Ports. I managed to configure
the VLANS on the two VLAN capable NICs (wich also are GIGABIT NICs)
like
this:
eth1
ID16- ISP1
ID17- ISP2
ID18- ISP3
eth2
ID 10-Servers
ID 20-Users
All the Vif had the corresponding IPs. The vyatta server sees all the
machines (users, servers, and all the ISPs end) and the VLAN
configuration was working fine with my cisco 2950 switch. However,
NAT
did not work fine and the routing i think wasnt working either. Could
you help me to figure out a configuration for this type of scenario?
The problem is For NAT it asks for an Interface and this is Eth1
for the
ISPs, but i need it to use a specific ISP, so how do i define it to
use
a vif instead of a physical address like eth1? Also i'm not sure if I
have to tell the system something so it can route all the traffic
on the
different networks. I'm very new with vyatta, i managed to use it a
couple of months ago and it worked fine using several NICs. But now i
need it to work with VLANS. Also, i'll need help with the DHCP server
because i think it will also ask me for an interface and i need it to
use a vif instead, i dont know if this would work but if it does, this
will save me a cisco1811 buy.
I can only try this on Saturdays because it's the only day the network
doesn't have high usage.
regards,
rodrigo
___
Vyatta-users mailing list
Vyatta-users@mailman.vyatta.com
http://mailman.vyatta.com/mailman/listinfo/vyatta-users
>>>
>>>
>>
>> --
>> Rodrigo Romero III
>> General Manager
>> Avetti Global Services Corp.
>> An Avetti.com Company
>> The Century Tower, Suite 1611
>>
Re: [Vyatta-users] VLANs, NAT and DHCP scenario with multiple ISP
forwarding is already on for routing. your nat needs to look something
like:
service {
nat {
rule 10 {
type: "masquerade"
outbound-interface: "eth1.201"
source {
network: "192.168.1.0/24"
}
destination {
network: "0.0.0.0/0"
}
}
rule 20 {
type: "masquerade"
outbound-interface: "eth1.201"
source {
network: "192.168.5.0/24"
}
destination {
network: "0.0.0.0/0"
}
}
--
Aubrey Wells
Senior Engineer
Shelton | Johns Technology Group
404.478.2790
www.sheltonjohns.com
On Nov 20, 2007, at 4:35 PM, Rodrigo Romero III wrote:
> i'll try that,
> now for NAT on Private Network: what is the configuration for the
> private network to go out using a specific vif and masquerade the IP
> to
> use the one there on the vif?
>
> and for Routing: do i need to enable forwarding or something?
>
>
> Aubrey Wells wrote:
>> to specify a vif ethernet interface, its .> id> ie: for vlan 201 on interfce eth2, you'd say eth2.201
>>
>> You're going to have a problem with dhcp on a vif, as I found out.
>> see
>> bug 2447 for two possible workarounds..
>> https://bugzilla.vyatta.com/show_bug.cgi?id=2447
>>
>> do one of those workarounds, and it will work fine. it wont ask for
>> an
>> interface, you just define the subnet to hand out.
>>
>>
>> --
>> Aubrey Wells
>> Senior Engineer
>> Shelton | Johns Technology Group
>> 404.478.2790
>> www.sheltonjohns.com
>>
>>
>>
>> On Nov 20, 2007, at 4:04 PM, Rodrigo Romero III wrote:
>>
>>> This scenario is very uncommon. I have a Fedora box with 3 NICs,
>>> and
>>> for security reasons I'll name all the Public Addresses with
>>> 172.16.x.x
>>> IPs, and Private IPs will be 192.168.0.x:
>>> eth0: ISP1-172.16.10.2/30
>>> eth0.1: ISP2-172.16.20.2/30
>>> eth1: Users-192.168.0.62/26
>>> eth2: Servers-172.16.30.1/28
>>> Eth0 goes to a hub that has both ISPs connected to it. Eth1 (Users
>>> Network) uses DHCP and it is currently doing NAT and the default
>>> gateway for this NIC is 172.16.10.1 (wich is one of the ISP1s
>>> end), the
>>> other NIC, Eth2, has a pool of servers with Public IP Addresses
>>> that use
>>> the other ISP connection to go out by having this NIC with the
>>> gateway
>>> pointing to 172.16.20.1 (the ISP2 has a static routing for this to
>>> work
>>> on their side). Also I just got an Extra ISP uplink (not currently
>>> used) wich i just want as a backup for the servers in case the
>>> other one
>>> fails.
>>>
>>> What I'd like, is to have this same box running Vyatta Community
>>> 3. And
>>> also to use VLANS Instead of whole NICs/Ports. I managed to
>>> configure
>>> the VLANS on the two VLAN capable NICs (wich also are GIGABIT
>>> NICs) like
>>> this:
>>> eth1
>>> ID16- ISP1
>>> ID17- ISP2
>>> ID18- ISP3
>>> eth2
>>> ID 10-Servers
>>> ID 20-Users
>>>
>>> All the Vif had the corresponding IPs. The vyatta server sees all
>>> the
>>> machines (users, servers, and all the ISPs end) and the VLAN
>>> configuration was working fine with my cisco 2950 switch.
>>> However, NAT
>>> did not work fine and the routing i think wasnt working either.
>>> Could
>>> you help me to figure out a configuration for this type of scenario?
>>> The problem is For NAT it asks for an Interface and this is Eth1
>>> for the
>>> ISPs, but i need it to use a specific ISP, so how do i define it
>>> to use
>>> a vif instead of a physical address like eth1? Also i'm not sure
>>> if I
>>> have to tell the system something so it can route all the traffic
>>> on the
>>> different networks. I'm very new with vyatta, i managed to use it a
>>> couple of months ago and it worked fine using several NICs. But
>>> now i
>>> need it to work with VLANS. Also, i'll need help with the DHCP
>>> server
>>> because i think it will also ask me for an interface and i need it
>>> to
>>> use a vif instead, i dont know if this would work but if it does,
>>> this
>>> will save me a cisco1811 buy.
>>>
>>> I can only try this on Saturdays because it's the only day the
>>> network
>>> doesn't have high usage.
>>>
>>> regards,
>>>
>>> rodrigo
>>> ___
>>> Vyatta-users mailing list
>>> Vyatta-users@mailman.vyatta.com
>>> http://mailman.vyatta.com/mailman/listinfo/vyatta-users
>>
>>
>
> --
> Rodrigo Romero III
> General Manager
> Avetti Global Services Corp.
> An Avetti.com Company
> The Century Tower, Suite 1611
> Phone: (507) 236-4593
> Fax: (507) 236-3381
> Cell phone: (507) 6618-4278
> E-mail: [EMAIL PROTECTED]
> Skype: avettisupport
> http://www.carritodecompras99.com
> __
>
> NOTE: This e-mail is confidential and is intended only for the
> recipient(s) listed. Unauthor
Re: [Vyatta-users] VLANs, NAT and DHCP scenario with multiple ISP
i'll try that, now for NAT on Private Network: what is the configuration for the private network to go out using a specific vif and masquerade the IP to use the one there on the vif? and for Routing: do i need to enable forwarding or something? Aubrey Wells wrote: > to specify a vif ethernet interface, its . id> ie: for vlan 201 on interfce eth2, you'd say eth2.201 > > You're going to have a problem with dhcp on a vif, as I found out. see > bug 2447 for two possible workarounds.. > https://bugzilla.vyatta.com/show_bug.cgi?id=2447 > > do one of those workarounds, and it will work fine. it wont ask for an > interface, you just define the subnet to hand out. > > > -- > Aubrey Wells > Senior Engineer > Shelton | Johns Technology Group > 404.478.2790 > www.sheltonjohns.com > > > > On Nov 20, 2007, at 4:04 PM, Rodrigo Romero III wrote: > >> This scenario is very uncommon. I have a Fedora box with 3 NICs, and >> for security reasons I'll name all the Public Addresses with 172.16.x.x >> IPs, and Private IPs will be 192.168.0.x: >> eth0: ISP1-172.16.10.2/30 >> eth0.1: ISP2-172.16.20.2/30 >> eth1: Users-192.168.0.62/26 >> eth2: Servers-172.16.30.1/28 >> Eth0 goes to a hub that has both ISPs connected to it. Eth1 (Users >> Network) uses DHCP and it is currently doing NAT and the default >> gateway for this NIC is 172.16.10.1 (wich is one of the ISP1s end), the >> other NIC, Eth2, has a pool of servers with Public IP Addresses that use >> the other ISP connection to go out by having this NIC with the gateway >> pointing to 172.16.20.1 (the ISP2 has a static routing for this to work >> on their side). Also I just got an Extra ISP uplink (not currently >> used) wich i just want as a backup for the servers in case the other one >> fails. >> >> What I'd like, is to have this same box running Vyatta Community 3. And >> also to use VLANS Instead of whole NICs/Ports. I managed to configure >> the VLANS on the two VLAN capable NICs (wich also are GIGABIT NICs) like >> this: >> eth1 >> ID16- ISP1 >> ID17- ISP2 >> ID18- ISP3 >> eth2 >> ID 10-Servers >> ID 20-Users >> >> All the Vif had the corresponding IPs. The vyatta server sees all the >> machines (users, servers, and all the ISPs end) and the VLAN >> configuration was working fine with my cisco 2950 switch. However, NAT >> did not work fine and the routing i think wasnt working either. Could >> you help me to figure out a configuration for this type of scenario? >> The problem is For NAT it asks for an Interface and this is Eth1 for the >> ISPs, but i need it to use a specific ISP, so how do i define it to use >> a vif instead of a physical address like eth1? Also i'm not sure if I >> have to tell the system something so it can route all the traffic on the >> different networks. I'm very new with vyatta, i managed to use it a >> couple of months ago and it worked fine using several NICs. But now i >> need it to work with VLANS. Also, i'll need help with the DHCP server >> because i think it will also ask me for an interface and i need it to >> use a vif instead, i dont know if this would work but if it does, this >> will save me a cisco1811 buy. >> >> I can only try this on Saturdays because it's the only day the network >> doesn't have high usage. >> >> regards, >> >> rodrigo >> ___ >> Vyatta-users mailing list >> Vyatta-users@mailman.vyatta.com >> http://mailman.vyatta.com/mailman/listinfo/vyatta-users > > -- Rodrigo Romero III General Manager Avetti Global Services Corp. An Avetti.com Company The Century Tower, Suite 1611 Phone: (507) 236-4593 Fax: (507) 236-3381 Cell phone: (507) 6618-4278 E-mail: [EMAIL PROTECTED] Skype: avettisupport http://www.carritodecompras99.com __ NOTE: This e-mail is confidential and is intended only for the recipient(s) listed. Unauthorized use, disclosure, total or partial retention, dissemination, distribution or copying of this message or the information contained in it is strictly prohibited and sanctioned by law. If you receive this message in error, or you are not a listed recipient or someone authorized to receive e-mail on behalf of a listed recipient, please reply to the sender that the e-mail was misdirected and delete the e-mail. Thank you. NOTA: Este correo electronico es confidencial y esta dirigido unicamente a los destinatarios listados. El uso no autorizado, divulgación, la total o parcial retención, diseminacion, distribucion o copia de este mensaje o la informacion contenida en el es estrictamente prohibida y es sancionada por la ley. Si usted recibe este mensaje por error, o usted no es uno de los destinatarios listados o una persona autorizada a recibir correo electronico en beneficio de uno de los destinatarios listados, favor responder al autor e informar que el correo electronico fue erroneamente dirigido a usted y elimine (borre) el correo . Gracias.
Re: [Vyatta-users] VLANs, NAT and DHCP scenario with multiple ISP
to specify a vif ethernet interface, its . ie: for vlan 201 on interfce eth2, you'd say eth2.201 You're going to have a problem with dhcp on a vif, as I found out. see bug 2447 for two possible workarounds.. https://bugzilla.vyatta.com/show_bug.cgi?id=2447 do one of those workarounds, and it will work fine. it wont ask for an interface, you just define the subnet to hand out. -- Aubrey Wells Senior Engineer Shelton | Johns Technology Group 404.478.2790 www.sheltonjohns.com On Nov 20, 2007, at 4:04 PM, Rodrigo Romero III wrote: > This scenario is very uncommon. I have a Fedora box with 3 NICs, and > for security reasons I'll name all the Public Addresses with > 172.16.x.x > IPs, and Private IPs will be 192.168.0.x: > eth0: ISP1-172.16.10.2/30 > eth0.1: ISP2-172.16.20.2/30 > eth1: Users-192.168.0.62/26 > eth2: Servers-172.16.30.1/28 > Eth0 goes to a hub that has both ISPs connected to it. Eth1 (Users > Network) uses DHCP and it is currently doing NAT and the default > gateway for this NIC is 172.16.10.1 (wich is one of the ISP1s end), > the > other NIC, Eth2, has a pool of servers with Public IP Addresses that > use > the other ISP connection to go out by having this NIC with the gateway > pointing to 172.16.20.1 (the ISP2 has a static routing for this to > work > on their side). Also I just got an Extra ISP uplink (not currently > used) wich i just want as a backup for the servers in case the other > one > fails. > > What I'd like, is to have this same box running Vyatta Community 3. > And > also to use VLANS Instead of whole NICs/Ports. I managed to configure > the VLANS on the two VLAN capable NICs (wich also are GIGABIT NICs) > like > this: > eth1 > ID16- ISP1 > ID17- ISP2 > ID18- ISP3 > eth2 > ID 10-Servers > ID 20-Users > > All the Vif had the corresponding IPs. The vyatta server sees all the > machines (users, servers, and all the ISPs end) and the VLAN > configuration was working fine with my cisco 2950 switch. However, > NAT > did not work fine and the routing i think wasnt working either. Could > you help me to figure out a configuration for this type of scenario? > The problem is For NAT it asks for an Interface and this is Eth1 for > the > ISPs, but i need it to use a specific ISP, so how do i define it to > use > a vif instead of a physical address like eth1? Also i'm not sure if I > have to tell the system something so it can route all the traffic on > the > different networks. I'm very new with vyatta, i managed to use it a > couple of months ago and it worked fine using several NICs. But now i > need it to work with VLANS. Also, i'll need help with the DHCP server > because i think it will also ask me for an interface and i need it to > use a vif instead, i dont know if this would work but if it does, this > will save me a cisco1811 buy. > > I can only try this on Saturdays because it's the only day the network > doesn't have high usage. > > regards, > > rodrigo > ___ > Vyatta-users mailing list > Vyatta-users@mailman.vyatta.com > http://mailman.vyatta.com/mailman/listinfo/vyatta-users ___ Vyatta-users mailing list Vyatta-users@mailman.vyatta.com http://mailman.vyatta.com/mailman/listinfo/vyatta-users
