Try VC3; there were a number of firewall issues addressed in that release.

Best,
Justin

On Nov 29, 2007 10:48 AM, Alain Kelder <[EMAIL PROTECTED]> wrote:
> Hello,
>
> I'm trying to set protocols to "all" for a "destination" NAT rule. But Vyatta 
> complains that it wants either TCP or UDP. However, in this awesome how-to, 
> they did just that: 
> http://www.openmaniak.com/vyatta_case6.php#ancre-configurations
>
> Here's what I tried:
>
> [EMAIL PROTECTED] edit service nat rule 35
> [edit service/nat/rule/35]
> [EMAIL PROTECTED] set protocols all
> [edit service/nat/rule/35]
> [EMAIL PROTECTED] commit
> [edit service/nat/rule/35]
> Commit Failed
> 102 Command failed TCP/UDP Protocol must be specified
>
> What's weird is that 'tab' (auto complete) shows "all" as an option:
>
> [EMAIL PROTECTED] set protocols
> `protocols' is ambiguous.
> Possible completions:
>   <[Enter]>            Execute this command
>   all                  Perform NAT on all protocol traffic
>   icmp                 Perform NAT on ICMP traffic only
>   tcp                  Perform NAT on TCP traffic only
>   udp                  Perform NAT on UDP traffic only
>
>
> I'm able to set protocols to "udp" or "tcp", but not "all". What I'd like is 
> this:
>
>         rule 35 {
>             type: "destination"
>             translation-type: "static"
>             inbound-interface: "eth0"
> >           protocols: "all"
>             source {
>                 network: 0.0.0.0/0
>                 }
>             destination {
>                 address: 65.xx.xx.xx
>                 port-number 53
>                         }
>             inside-address {
>                 address: 10.10.3.20
>                 }
>             }
>
> Interestingly, Vyatta accepts "all" for a "source" NAT rule:
>
>         rule 39 {
>             type: "source"
>             translation-type: "static"
>             outbound-interface: "eth0"
> >           protocols: "all"
>             source {
>                 address: 10.10.3.20
>                 }
>             destination {
>                 network: 0.0.0.0/0
>                 }
>             outside-address {
>                 address: 65.xx.xx.xx
>             }
>         }
>
> Any ideas?  Thanks a bunch in advance..  I'm at a loss!
>
> [EMAIL PROTECTED]> show version
> Version:    VC2
> Built by:   [EMAIL PROTECTED]
> Built on:   200702080056 -- Thu Feb  8 00:56:19 UTC 2007
>
>
> _______________________________________________
> Vyatta-users mailing list
> Vyatta-users@mailman.vyatta.com
> http://mailman.vyatta.com/mailman/listinfo/vyatta-users
>
_______________________________________________
Vyatta-users mailing list
Vyatta-users@mailman.vyatta.com
http://mailman.vyatta.com/mailman/listinfo/vyatta-users

Reply via email to