Hi and ty Aubrey for your answer. For this config, can i create many rules for acces of a range like A.B.C.64-94 In rules 10 source { range{ start: "A.B.C.64" stop: "A.B.C.94" } } In rules 20 inside-address { range{ start: "A.B.C.64" stop: "A.B.C.94" } } And, have a solution to dont lose the acces to the vyatta. I can acces to the A.B.C.95 ? The vyatta box is connected to E.F.G.17/30 (wan side internet) And A.B.C.64-94 (internal side - public web service) ---------------------------------------------------------------------------- ---------- protocols { static { disable: false route 0.0.0.0/0 { next-hop: E.F.G.17 metric: 1 } } } policy { } interfaces { restore: false loopback lo { description: "" address 10.0.0.65 { prefix-length: 32 disable: false } } ethernet eth0 { disable: false discard: false description: "" hw-id: 00:30:f1:42:04:c3 duplex: "auto" speed: "auto" address E.F.G.18 { prefix-length: 24 disable: false } } ethernet eth1 { disable: false discard: false description: "" hw-id: 00:30:f1:42:05:e8 duplex: "auto" speed: "auto" address A.B.C.95 { prefix-length: 24 disable: false } } } service { nat { rule 10 { type: "source" outbound-interface: "eth0" protocols: "all" source { address: "A.B.C.64" } destination { network: "0.0.0.0/0" } outside-address { address: E.F.G.18 } } rule 20 { type: "destination" inbound-interface: "eth0" protocols: "all" source { network: "0.0.0.0/0" } destination { address: "E.F.G.17" } inside-address { address: A.B.C.64 } } } ssh { port: 22 protocol-version: "v2" } telnet { port: 23 } webgui { http-port: 80 https-port: 443 } } firewall { log-martians: "enable" send-redirects: "disable" receive-redirects: "disable" ip-src-route: "disable" broadcast-ping: "disable" syn-cookies: "enable" } system { host-name: "rt01-estephe" domain-name: "xxxxx.net" name-server 80.118.192.100 name-server 80.118.196.36 time-zone: "GMT+1" ntp-server "0.fr.pool.ntp.org" ntp-server "1.fr.pool.ntp.org" gateway-address: E.F.G.17 login { user root { full-name: "" authentication { encrypted-password: "---" plaintext-password: "" } } user --- { full-name: "Regis" authentication { encrypted-password: "---" plaintext-password: "" } } } package { auto-sync: 1 repository community { component: "main" url: "http://archive.vyatta.com/vyatta <http://archive.vyatta.com/vyatta%22> " } } options { reboot-on-panic: true } }
Thank you again for the answer. Régis BOULINEAU ----------------------------
_______________________________________________ Vyatta-users mailing list Vyatta-users@mailman.vyatta.com http://mailman.vyatta.com/mailman/listinfo/vyatta-users