Stanley,
On 08/17/2009 02:40 PM, Stanley Brinkerhoff wrote:
> Now you've done it Rion.
>
> Do you have experience with Vyatta? I am having an issue with multiple IP's
> bound to a single interface and port based nat/routing within Vyatta -- and
> haven't sat down to try and figure them out. Basically I have 5 IP's bound
> to the adapter, and I can bind 1.1.1.1:80 to 192.168.1.1:80, but if I bind
> 1.1.1.2:80 to 192.168.1.2:80, it appears to still route to 1.1.1.1:80..
> almost as if Vyatta can't actually do a destination based (IP+PORT) route,
> but rather interface+port.
I have some experience with Vyatta, handling two Internet connections
with plenty of DNAT and SNAT with multiple IPs bound to each interface.
For example, I have something like this in the NAT section to bind
those public IPs to the internal addresses:
rule 10 {
destination {
address 1.1.1.1
}
inbound-interface eth0
inside-address {
address 192.168.1.1
}
type destination
}
rule 11 {
destination {
address 1.1.1.2
}
inbound-interface eth0
inside-address {
address 192.168.1.2
}
type destination
}
Then these firewall rules to only allow the ports I want:
rule 10 {
action accept
destination {
address 1.1.1.1
port 80
}
protocol tcp
}
rule 11 {
action accept
destination {
address 1.1.1.2
port 80
}
protocol tcp
}
That those firewall rules (part of a set called Internet2Internal) would
then be bound to the interface:
ethernet eth0 {
address 1.1.1.1/24
address 1.1.1.2/24
firewall {
in {
name Internet2Internal
}
}
}
-Zack
