Thanks, An-Cheng, you rock! Will setup two rules for now..
On Thu, 29 Nov 2007 11:07:37 -0800, An-Cheng Huang <[EMAIL PROTECTED]> wrote: > Hi Alain, > > Currently, you'll have to enter 2 rules, one for TCP and the other for > UDP. Also, there is already an enhancement request for exactly what you are > asking for. See the following for details. > > https://bugzilla.vyatta.com/show_bug.cgi?id=1445 > > An-Cheng > > Alain Kelder wrote: >> Hi An-Cheng, >> >> That explains it, thanks! Any suggestions how I could accomplish this? > I'd like to allow both TCP and UDP requests on port 53... In other words an > equivalent to the below: >> >> rule 35 { >> type: "destination" >> translation-type: "static" >> inbound-interface: "eth0" >> protocols: "all" >> source { >> network: 0.0.0.0/0 >> } >> destination { >> address: 65.xx.xx.xx >> port-number 53 >> } >> inside-address { >> address: 10.10.3.20 >> } >> } >> >> thanks a million! >> >> On Thu, 29 Nov 2007 10:54:39 -0800, An-Cheng Huang <[EMAIL PROTECTED]> > wrote: >>> Hi Alain, >>> >>> The reason that TCP/UDP is required for your rule 35 is that you > specified >>> "port" in that rule, which is only meaningful for TCP/UDP in this > context. >>> The SNAT rule 39 accepts protocols "all" because it doesn't have > "port". >>> Hope this helps. >>> >>> An-Cheng >>> >>> Alain Kelder wrote: >>>> Hello, >>>> >>>> I'm trying to set protocols to "all" for a "destination" NAT rule. But >>> Vyatta complains that it wants either TCP or UDP. However, in this > awesome >>> how-to, they did just that: >>> http://www.openmaniak.com/vyatta_case6.php#ancre-configurations >>>> Here's what I tried: >>>> >>>> [EMAIL PROTECTED] edit service nat rule 35 >>>> [edit service/nat/rule/35] >>>> [EMAIL PROTECTED] set protocols all >>>> [edit service/nat/rule/35] >>>> [EMAIL PROTECTED] commit >>>> [edit service/nat/rule/35] >>>> Commit Failed >>>> 102 Command failed TCP/UDP Protocol must be specified >>>> >>>> What's weird is that 'tab' (auto complete) shows "all" as an option: >>>> >>>> [EMAIL PROTECTED] set protocols >>>> `protocols' is ambiguous. >>>> Possible completions: >>>> <[Enter]> Execute this command >>>> all Perform NAT on all protocol traffic >>>> icmp Perform NAT on ICMP traffic only >>>> tcp Perform NAT on TCP traffic only >>>> udp Perform NAT on UDP traffic only >>>> >>>> >>>> I'm able to set protocols to "udp" or "tcp", but not "all". What I'd >>> like is this: >>>> rule 35 { >>>> type: "destination" >>>> translation-type: "static" >>>> inbound-interface: "eth0" >>>>> protocols: "all" >>>> source { >>>> network: 0.0.0.0/0 >>>> } >>>> destination { >>>> address: 65.xx.xx.xx >>>> port-number 53 >>>> } >>>> inside-address { >>>> address: 10.10.3.20 >>>> } >>>> } >>>> >>>> Interestingly, Vyatta accepts "all" for a "source" NAT rule: >>>> >>>> rule 39 { >>>> type: "source" >>>> translation-type: "static" >>>> outbound-interface: "eth0" >>>>> protocols: "all" >>>> source { >>>> address: 10.10.3.20 >>>> } >>>> destination { >>>> network: 0.0.0.0/0 >>>> } >>>> outside-address { >>>> address: 65.xx.xx.xx >>>> } >>>> } >>>> >>>> Any ideas? Thanks a bunch in advance.. I'm at a loss! >>>> >>>> [EMAIL PROTECTED]> show version >>>> Version: VC2 >>>> Built by: [EMAIL PROTECTED] >>>> Built on: 200702080056 -- Thu Feb 8 00:56:19 UTC 2007 >>>> >>>> >>>> _______________________________________________ >>>> Vyatta-users mailing list >>>> Vyatta-users@mailman.vyatta.com >>>> http://mailman.vyatta.com/mailman/listinfo/vyatta-users >> _______________________________________________ Vyatta-users mailing list Vyatta-users@mailman.vyatta.com http://mailman.vyatta.com/mailman/listinfo/vyatta-users
