Ya... that is right... ip-passthru and the 10.1.10.1 is for managing the SMC IP Gateway. So that is a good idea, I'll add the extra subnet to eth0 (which is the lan).
So I have gotten a bit further, and am now able to ping www.google.com and also Server 1. I can't yet access the internet from Server 1 though. This may be the vyatta router config or perhaps my server configuration, but I would think it not the server since I can see vyatta from there. Is this where I need to configure a NAT rule? I was looking at this person's post on configuring http://hostseries.com/wp-content/uploads/2007/10/installing_vyatta.txt but there doesn't seem to be a translation type property anymore. If I select type = source then I am prompted by the webgui to define an outside address, which I am not sure what is. Otherwise, I have tried masquerade, which I think is the right choice, but still no luck. Here is my latest configuration: protocols { static { disable: false route 0.0.0.0/0 { next-hop: 75.145.xxx.190 metric: 1 } } } policy { } interfaces { restore: false loopback lo { description: "" } ethernet eth0 { disable: false discard: false description: "lan" hw-id: 00:40:63:ee:30:b0 duplex: "auto" speed: "auto" address 192.168.xxx.1 { prefix-length: 24 disable: false } } ethernet eth1 { disable: false discard: false description: "wan" hw-id: 00:40:63:ee:30:af duplex: "auto" speed: "auto" address 75.145.xxx.189 { prefix-length: 24 disable: false } } } service { nat { rule 10 { type: "source" outbound-interface: "eth0" protocols: "all" source { network: "192.168.xxx.0/24" } destination { network: "0.0.0.0/0" } outside-address { address: 0.0.0.0 } } } webgui { http-port: 80 https-port: 443 } } firewall { log-martians: "enable" send-redirects: "disable" receive-redirects: "disable" ip-src-route: "disable" broadcast-ping: "disable" syn-cookies: "enable" } system { host-name: "vyatta" domain-name: "web-wired.com" name-server 68.87.73.242 time-zone: "GMT+4" ntp-server "69.59.150.135" gateway-address: 75.145.xxx.190 login { user root { full-name: "" authentication { encrypted-password: "$1$$Ht7gBYnxI1xCdO/JOnodh." } } user vyatta { full-name: "" authentication { encrypted-password: "$1$$Ht7gBYnxI1xCdO/JOnodh." } } } package { auto-sync: 1 repository community { component: "main" url: "http://archive.vyatta.com/vyatta"; } } } Thanks for the responses! Todd -----Original Message----- From: Aubrey Wells [mailto:[EMAIL PROTECTED] Sent: Sunday, December 02, 2007 2:35 PM To: [EMAIL PROTECTED]@web-wired.biz Cc: vyatta-users@mailman.vyatta.com Subject: Re: [Vyatta-users] I'm stuck... can ping lan but to wan set system gateway-address and set protocols static route 0.0.0.0/0 does the same thing. The problem with your default gateway is its not on any connected subnets. Are you doing ip-passthru on the cable modem, so you can acutally use the public IPs behind it? If that is the case, your default gateway needs to be 75.145.xxx.190. I suspect this is the case, and the 10.1.10.1 is a management ip on the cable modem. If that is the case you'll want to add a secondary ip on the eth1 interface that is in that same subnet (say 10.1.10.2) so you can get to it from inside. ------------------ Aubrey Wells Senior Engineer Shelton | Johns Technology Group A Vyatta Ready Partner www.sheltonjohns.com On Dec 2, 2007, at 11:33 AM, <[EMAIL PROTECTED]> <[EMAIL PROTECTED]> wrote: > Hi! > > I am working with Vyatta for the first time and I am currently stuck > on what > to do. I've googled a few howtos and also watched the videos and > read the > quick start. Here is my hardware/routing info: > > Comcast SMC IP Gateway > 1U dual m-itx VIA EK 10000 with 2 Compact Flash, 2 80G SATA, 2 512MB > ram, 2 > RJ45 10/100 per mobo (planning for VRRP down the road). > eth0 = lan > eth1 = wan > Server 1 - Fedora 7 > Server 2 - Fedora 7 > > IP info: > Static IP block: 75.145.xxx.185 - 75.145.xxx.189 > Gateway: 75.145.xxx.190 > Subnet: 255.255.255.248 > DNS 1: 68.87.73.242 > DNS 2: 68.87.71.226 > SMC IP: 10.1.10.1 > Server 1: 192.168.xxx.189 > Server 2: 192.168.xxx.188 > > Current Vyatta Config: > > protocols { > static { > disable: false > route 0.0.0.0/0 { > next-hop: 10.1.10.1 > metric: 1 > } > } > } > policy { > } > interfaces { > restore: false > loopback lo { > description: "" > } > ethernet eth0 { > disable: false > discard: false > description: "lan" > hw-id: 00:40:63:ef:c3:1c > duplex: "auto" > speed: "auto" > address 192.168.xxx.1 { > prefix-length: 24 > disable: false > } > } > ethernet eth1 { > disable: false > discard: false > description: "wan" > hw-id: 00:40:63:ef:c3:19 > duplex: "auto" > speed: "auto" > address 75.145.xxx.189 { > prefix-length: 29 > disable: false > } > } > } > service { > webgui { > http-port: 80 > https-port: 443 > } > } > firewall { > log-martians: "enable" > send-redirects: "disable" > receive-redirects: "disable" > ip-src-route: "disable" > broadcast-ping: "disable" > syn-cookies: "enable" > } > system { > host-name: "rt1" > domain-name: "" > name-server 68.87.73.242 > name-server 68.87.71.226 > time-zone: "GMT" > ntp-server "69.59.150.135" > gateway-address: 10.1.10.1 > login { > user root { > full-name: "" > authentication { > encrypted-password: "$1$$Ht7gBYnxI1xCdO/JOnodh." > } > } > user vyatta { > full-name: "" > authentication { > encrypted-password: "$1$$Ht7gBYnxI1xCdO/JOnodh." > } > } > } > package { > auto-sync: 1 > repository community { > component: "main" > url: "http://archive.vyatta.com/vyatta"; > } > } > } > > I can currently ping my lan, which is further confirmed by being > able to > access Vyatta through Server1 via the WebGUI, but I cannot seem to > configure > the router correctly to ping the internet from the router. My > thought is > that my static route might not be correctly set, or possibly my > default > gateway. Seems one of them should point to 10.1.10.1 and the other to > 75.145.xxx.190. > > Also, once I have set a static route under protocols I am noticing > that I > get an error whenever I attempt to edit it... > > Error - 102 Command failed cannot replace route for 0.0.0.0/0: no such > route. > > Thanks! > > Todd Worden > Software Developer > > Growing Technologies > P: 434-296-1500 > E: [EMAIL PROTECTED] > > > > _______________________________________________ > Vyatta-users mailing list > Vyatta-users@mailman.vyatta.com > http://mailman.vyatta.com/mailman/listinfo/vyatta-users __________ NOD32 2697 (20071202) Information __________ This message was checked by NOD32 antivirus system. http://www.eset.com _______________________________________________ Vyatta-users mailing list Vyatta-users@mailman.vyatta.com http://mailman.vyatta.com/mailman/listinfo/vyatta-users
