Actually, if you use .18 you'll lose access to your vyatta box since
you're doing an any/any match on the inbound nat. I'm not sure if
vyatta will allow you to use a non-defined ip (such as .19 in your
case) for the nat, as I've never tried it. You can on other firewalls
though, so it might work.
------------------
Aubrey Wells
Senior Engineer
Shelton | Johns Technology Group
A Vyatta Ready Partner
www.sheltonjohns.com
On Dec 1, 2007, at 1:12 PM, Aubrey Wells wrote:
You can't use an ip that is attached to a different device as the
outside-address, otherwise all the inbound connections will
terminate on the other device and it won't know what to do with
them. You need to use .18 for the outside-address of the NAT.
------------------
Aubrey Wells
Senior Engineer
Shelton | Johns Technology Group
A Vyatta Ready Partner
www.sheltonjohns.com
On Dec 1, 2007, at 12:47 PM, Régis wrote:
Hi all,
This is my config for acces to web server in A.B.C.64 (it’s a
public ip):
protocols {
static {
disable: false
route 0.0.0.0/0 {
next-hop: E.F.G.17
metric: 1
}
}
}
policy {
}
interfaces {
restore: false
loopback lo {
description: ""
address 10.0.0.65 {
prefix-length: 32
disable: false
}
}
ethernet eth0 {
disable: false
discard: false
description: ""
hw-id: 00:30:f1:42:04:c3
duplex: "auto"
speed: "auto"
address E.F.G.18 {
prefix-length: 24
disable: false
}
}
ethernet eth1 {
disable: false
discard: false
description: ""
hw-id: 00:30:f1:42:05:e8
duplex: "auto"
speed: "auto"
address A.B.C.95 {
prefix-length: 24
disable: false
}
}
}
service {
nat {
rule 10 {
type: "source"
outbound-interface: "eth0"
protocols: "all"
source {
address: "A.B.C.64"
}
destination {
network: "0.0.0.0/0"
}
outside-address {
address: E.F.G.17
}
}
rule 20 {
type: "destination"
inbound-interface: "eth0"
protocols: "all"
source {
network: "0.0.0.0/0"
}
destination {
address: "E.F.G.17"
}
inside-address {
address: A.B.C.64
}
}
}
ssh {
port: 22
protocol-version: "v2"
}
telnet {
port: 23
}
webgui {
http-port: 80
https-port: 443
}
}
firewall {
log-martians: "enable"
send-redirects: "disable"
receive-redirects: "disable"
ip-src-route: "disable"
broadcast-ping: "disable"
syn-cookies: "enable"
}
system {
host-name: "rt01-estephe"
domain-name: "xxxxx.net"
name-server 80.118.192.100
name-server 80.118.196.36
time-zone: "GMT+1"
ntp-server "0.fr.pool.ntp.org"
ntp-server "1.fr.pool.ntp.org"
gateway-address: E.F.G.17
login {
user root {
full-name: ""
authentication {
encrypted-password: "---"
plaintext-password: ""
}
}
user --- {
full-name: "Regis"
authentication {
encrypted-password: "---"
plaintext-password: ""
}
}
}
package {
auto-sync: 1
repository community {
component: "main"
url: "http://archive.vyatta.com/vyatta";
}
}
options {
reboot-on-panic: true
}
}
Routes: 5/5, Paths: 5/5
0.0.0.0/0 [static(1)] > to E.F.G.17
via eth0
10.0.0.65/32 [connected(0)] > to
10.0.0.65 via lo
A.B.C.0/24 [connected(0)] > to A.B.C.
95 via eth1
127.0.0.0/8 [connected(0)] > to
127.0.0.1 via lo
E.F.G.0/24 [connected(0)] > to E.F.G.
18 via eth0
My web server don’t show http service but i can ping the A.B.C.64
Thanks!
Régis BOULINEAU
_______________________________________________
Vyatta-users mailing list
Vyatta-users@mailman.vyatta.com
http://mailman.vyatta.com/mailman/listinfo/vyatta-users
_______________________________________________
Vyatta-users mailing list
Vyatta-users@mailman.vyatta.com
http://mailman.vyatta.com/mailman/listinfo/vyatta-users
_______________________________________________
Vyatta-users mailing list
Vyatta-users@mailman.vyatta.com
http://mailman.vyatta.com/mailman/listinfo/vyatta-users
