Re: [Vyatta-users] Munin and Vyatta
Yes, it supports expansion daughterboards (depending on the mainboard you choose). For instance, the Jetway J7F2WE-1G2 1.2GHz fanless mainboard supports the 3 x 10/100/1000 LAN Module which gives you a four port little beauty. ken Felix wrote: > Can you > up date us on this mini-itx system, does it support multiple NICs? > > > ___ Vyatta-users mailing list Vyatta-users@mailman.vyatta.com http://mailman.vyatta.com/mailman/listinfo/vyatta-users
Re: [Vyatta-users] Managing different subnet with different gateway
Hi all, I've been toying with this mini project and have some quite interesting findings... problem persist somehow... help would be appreciated. btw.. these are for a web infrastructure setup purpose. Setup 01 x main router ---> this is the router that is to manage 2 different subnet, and ensure that their outgoing traffic go by a fixed gateway, and not just the default gateway. 02 x laptop --> they simulate the 2 internal subnet 02 x small routers (one linksys, one vyatta) ---> they simulate the different subnet of the outgoing connection, the "gateways" For the main router: --- eth0: 192.168.2.1 /24 --> to small router (vyatta) eth1: 192.168.3.1 /24 --> to small router (linksys) eth2: 192.168.20.1 /24 --> laptop1 (192.168.20.2) eth3: 192.168.30.1 /24 --> laptop2 (192.168.30.2) For the small routers :: vyatta :: LAN --> 192.168.2.2 WAN --> 192.168.1.232 Gateway --> 192.168.1.1 :: linksys :: LAN --> 192.168.3.2 WAN --> 192.168.1.233 Gateway --> 192.168.1.2 *Note: both gateways are separate ADSL modems So I go ahead and set them up normally, with default routing pointed to either one. Everything works fine. Both laptops can ping each other and can ping the gateway and beyond (internet). No problem. So I attempt to test the ip tool. IP Tool = Base on what was advice, I look through, tried and read... i create 2 ip route table (other than the default). I added the following ip route: ip route add default via 192.168.2.2 dev eth0 tab 1 ip route add default via 192.168.3.2 dev eth1 tab 2 As you can see, table 1 is for routing out through the vyatta small router, table 2 through the link sys small router. I then add the following: ip rule add from 192.168.20.0/24 tab 1 priority 500 ip rule add from 192.168.30.0/24 tab 2 priority 600 At this point, nothing works anymore. My 2 subnet cannot ping out anymore. I then copied the entries from "ip route show" and put them into table1 and table2. This way, the routes for "ip route show", "ip route show table 1", "ip route show table 2" are the same, except the default path. Btw, there is no default path in "ip route show". Problem - After doing the above... the default path via the linksys router works fine... but the vyatta (small router) totally cannot work. I can still ping both its port (LAN and WAN), but nothing beyond. not even the 1.0 network with the modems... I'm not sure why.. and I am hoping some kind folks may shed some light on this. would appreciate this. The main vyatta router can ping through all of them though. so far, Am I doing it correctly? Another question though: without going through this testing... incoming traffic to the 2 different subnet will naturally go through their respective gateways. the question is whether the outgoing traffic will go through the correct gateway, or just the default gateway.. hence after getting advice from the good folks.. i began testing.. but something just struck me... say i don't do any of these tests. i just leave it be. so when people serve either websites (from the different subnets), the DNS resolution will naturally bring them through the different gateway and on to the appropriate subnet right? If that's the case, when the request returns to the user, will it go back by the way it came from, or via the default gateway...? My worry is that it will go through the default gateway, hence I asked about this whole test. But thinking about it.. it can go back the way it come from isn't it? Sorry about the lengthy question, networking amateur here :) Many thanks for the patience and interest! Daren -Original Message- From: Justin Fletcher [mailto:[EMAIL PROTECTED] Sent: Thursday, January 31, 2008 2:27 AM To: Daren Tay Cc: vyatta-users@mailman.vyatta.com Subject: Re: [Vyatta-users] Managing different subnet with different gateway Yes, eth0 and eth1 should be on different subnets; if not, the router doesn't know which interface should be used to send traffic to another device on that subnet. Best, Justin On Jan 30, 2008 7:47 AM, Daren Tay <[EMAIL PROTECTED]> wrote: > Hi guys, > > I revisited the issue after getting a box to test > > I have set up a vyatta router with 4 ports > > eth0: 192.168.1.232 (WAN) -> simulate gateway#1 > eth1: 192.168.1.233 (WAN) -> simulate gateway#2 > eth2: 192.168.20.1 (LAN) -> simulate LAN #1, represented by a laptop > 192.168.20.2 :: to route through eth0 for gateway 192.168.1.1 > eth3: 192.168.30.1 (LAN) -> simulate LAN #2, represented by a laptop > 192.168.30.2 :: to route through eth1 for gateway 192.168.1.2 > > I can't get eth3 to work somehow.. I think the laptop needs to be connected > using a cross cable (using different laptops) > but .20.x side is working fine. As attached is the config. > > I then run the ip tool on 192.168.30.0.. > > but i still can't route out. > > when i set the gateway, it routes out, but via that gateway... > > both 192.168.1.1 abd 1.2 and adsl modems... or sho
Re: [Vyatta-users] Restricting access to default route
Michel, If you want to route differentially based on where the traffic is coming from you need policy routing. Check out this message posted to the list last month. http://mailman.vyatta.com/pipermail/vyatta-users/2008-January/002785.html Cheers, Robert. Michel van Horssen wrote: > Hi, > > First, thanks for the Vyatta router. > > I have a question about the following. > > We have a soekris box with vyatta installed and 3 interfaces. In the > network behind one of those interfaces lives a firewall. > > Now I want some clients and servers to be able to use the firewall if > the IP adres they call is outside of the range the router knows as > static/dynamic routes. > > I created a default route 0.0.0.0/0 with next hop -> firewall but the > problem then is that any PC connected to the router can take that path. > So I had to remove that static route. > > Is it something I should do with firewall rules? > > Thnx in advance. > > Kind regards, > > Michel > > > Wij zijn verhuisd naar een pand aan het Surinameplein. Ons bezoekadres is > niet langer Jacques Veltmanstraat 463, maar SURINAMEPLEIN 122, 1058 GV > Amsterdam. Alle overige gegevens zoals telefoonnummers, faxnummer, postadres > zijn ongewijzigd. > > We moved to a new office. Our visiting address changed from Jacques > Veltmanstraat 463 to SURINAMEPLEIN 122, 1058 GV Amsterdam, the Netherlands. > All our other contact details such as phone and fax numbers and mail address > will remain the same. > ___ > Vyatta-users mailing list > Vyatta-users@mailman.vyatta.com > http://mailman.vyatta.com/mailman/listinfo/vyatta-users ___ Vyatta-users mailing list Vyatta-users@mailman.vyatta.com http://mailman.vyatta.com/mailman/listinfo/vyatta-users
Re: [Vyatta-users] (no subject)
Greg, From your description, the router appears to be performing its job properly. You shouldn't need to perform any additional configuration changes. I suggest focusing on the host's configuration. What does route -an appear like? Also, arp -a should yield a MAC address for 10.3.231.1 that matches the router's MAC address. Cheers, John Greg Richardson wrote: > > Hello, > > I’ve been using vyatta successfully for about a year on several > machines (all having basically the same configuration). Here’s a > simplified diagram: > > [vyatta router] > > | | > > | | > > (eth0) (eth1)---[switch]—[10.11.0.0/255.255.0.0 -- workstations] > > | > > | > > [switch]---[10.3.1.1 - router]—[INTERNET] > > | > > | > > [10.3.0.0/255.255.0.0 -- workstations] > > eth0: 10.3.231.1/255.255.0.0 > > eth1: 10.11.230.1/255.255.0.0 > > default gateway: 10.3.1.1 > > Traffic originating from workstations connected to the switch serving > eth1 can connect to the internet as well as other devices existing on > other subnets. For example workstation with IP 10.11.230.10 can ping, > telnet, etc. to a server with IP 10.3.1.5. > > However, using the same example, traffic originating from server with > IP 10.3.1.5 cannot even ping workstations and devices existing on > subnet 10.11.0.0/255.255.0.0. > > NAT is not turned on with only simple routing running (only static > routes, no routing protocols). > > Is there something obvious I’m missing? > > Thanks, > > GregR > > > > ___ > Vyatta-users mailing list > Vyatta-users@mailman.vyatta.com > http://mailman.vyatta.com/mailman/listinfo/vyatta-users > ___ Vyatta-users mailing list Vyatta-users@mailman.vyatta.com http://mailman.vyatta.com/mailman/listinfo/vyatta-users
[Vyatta-users] (no subject)
Hello, I've been using vyatta successfully for about a year on several machines (all having basically the same configuration). Here's a simplified diagram: [vyatta router] | | | | (eth0) (eth1)---[switch]-[10.11.0.0/255.255.0.0 -- workstations] | | [switch]---[10.3.1.1 - router]-[INTERNET] | | [10.3.0.0/255.255.0.0 -- workstations] eth0: 10.3.231.1/255.255.0.0 eth1: 10.11.230.1/255.255.0.0 default gateway: 10.3.1.1 Traffic originating from workstations connected to the switch serving eth1 can connect to the internet as well as other devices existing on other subnets. For example workstation with IP 10.11.230.10 can ping, telnet, etc. to a server with IP 10.3.1.5. However, using the same example, traffic originating from server with IP 10.3.1.5 cannot even ping workstations and devices existing on subnet 10.11.0.0/255.255.0.0. NAT is not turned on with only simple routing running (only static routes, no routing protocols). Is there something obvious I'm missing? Thanks, GregR ___ Vyatta-users mailing list Vyatta-users@mailman.vyatta.com http://mailman.vyatta.com/mailman/listinfo/vyatta-users
Re: [Vyatta-users] Dual-screened subnet
You apply a firewall on an interface-basis, and whether it's inbound, outbound, or local to the router, so I think that'll do what you want (if I'm interpreting correctly). Best, Justin On Jan 22, 2008 8:58 AM, Elías Manchón López <[EMAIL PROTECTED]> wrote: > > > > Hi Folks!. > > I need set up a dual-screened subnet and I'm thinking to use vyatta on the > two pc with two NIC's every one. The front firewall and the back firewall, I > don`t know if this is possible with vyatta and if I will have some > limitation. I think that the front router will does natting and the back > router will does routing. > > Wha do you think about this issue?. > > Thanks in advance. > > > > ___ > Vyatta-users mailing list > Vyatta-users@mailman.vyatta.com > http://mailman.vyatta.com/mailman/listinfo/vyatta-users > > ___ Vyatta-users mailing list Vyatta-users@mailman.vyatta.com http://mailman.vyatta.com/mailman/listinfo/vyatta-users
[Vyatta-users] Restricting access to default route
Hi, First, thanks for the Vyatta router. I have a question about the following. We have a soekris box with vyatta installed and 3 interfaces. In the network behind one of those interfaces lives a firewall. Now I want some clients and servers to be able to use the firewall if the IP adres they call is outside of the range the router knows as static/dynamic routes. I created a default route 0.0.0.0/0 with next hop -> firewall but the problem then is that any PC connected to the router can take that path. So I had to remove that static route. Is it something I should do with firewall rules? Thnx in advance. Kind regards, Michel Wij zijn verhuisd naar een pand aan het Surinameplein. Ons bezoekadres is niet langer Jacques Veltmanstraat 463, maar SURINAMEPLEIN 122, 1058 GV Amsterdam. Alle overige gegevens zoals telefoonnummers, faxnummer, postadres zijn ongewijzigd. We moved to a new office. Our visiting address changed from Jacques Veltmanstraat 463 to SURINAMEPLEIN 122, 1058 GV Amsterdam, the Netherlands. All our other contact details such as phone and fax numbers and mail address will remain the same. ___ Vyatta-users mailing list Vyatta-users@mailman.vyatta.com http://mailman.vyatta.com/mailman/listinfo/vyatta-users