Your masquerade rules should look something like this: service { nat { rule 10 { type: "masquerade" outbound-interface: "eth1" source { network: "192.168.xxx.0/24" } destination { network: "0.0.0.0/0" } }
you can use the outside-address keyword to make it use a specific address, otherwise it will use the address of the interface traffic goes out (75.145.xxx.189 in this case). Hope this helps. ------------------ Aubrey Wells Senior Engineer Shelton | Johns Technology Group A Vyatta Ready Partner www.sheltonjohns.com On Dec 2, 2007, at 3:50 PM, Todd Worden wrote: > Ya... that is right... ip-passthru and the 10.1.10.1 is for managing > the SMC > IP Gateway. So that is a good idea, I'll add the extra subnet to eth0 > (which is the lan). > > So I have gotten a bit further, and am now able to ping > www.google.com and > also Server 1. I can't yet access the internet from Server 1 > though. This > may be the vyatta router config or perhaps my server configuration, > but I > would think it not the server since I can see vyatta from there. Is > this > where I need to configure a NAT rule? > > I was looking at this person's post on configuring > http://hostseries.com/wp-content/uploads/2007/10/ > installing_vyatta.txt but > there doesn't seem to be a translation type property anymore. If I > select > type = source then I am prompted by the webgui to define an outside > address, > which I am not sure what is. Otherwise, I have tried masquerade, > which I > think is the right choice, but still no luck. > > Here is my latest configuration: > > protocols { > static { > disable: false > route 0.0.0.0/0 { > next-hop: 75.145.xxx.190 > metric: 1 > } > } > } > policy { > } > interfaces { > restore: false > loopback lo { > description: "" > } > ethernet eth0 { > disable: false > discard: false > description: "lan" > hw-id: 00:40:63:ee:30:b0 > duplex: "auto" > speed: "auto" > address 192.168.xxx.1 { > prefix-length: 24 > disable: false > } > } > ethernet eth1 { > disable: false > discard: false > description: "wan" > hw-id: 00:40:63:ee:30:af > duplex: "auto" > speed: "auto" > address 75.145.xxx.189 { > prefix-length: 24 > disable: false > } > } > } > service { > nat { > rule 10 { > type: "source" > outbound-interface: "eth0" > protocols: "all" > source { > network: "192.168.xxx.0/24" > } > destination { > network: "0.0.0.0/0" > } > outside-address { > address: 0.0.0.0 > } > } > } > webgui { > http-port: 80 > https-port: 443 > } > } > firewall { > log-martians: "enable" > send-redirects: "disable" > receive-redirects: "disable" > ip-src-route: "disable" > broadcast-ping: "disable" > syn-cookies: "enable" > } > system { > host-name: "vyatta" > domain-name: "web-wired.com" > name-server 68.87.73.242 > time-zone: "GMT+4" > ntp-server "69.59.150.135" > gateway-address: 75.145.xxx.190 > login { > user root { > full-name: "" > authentication { > encrypted-password: "$1$$Ht7gBYnxI1xCdO/JOnodh." > } > } > user vyatta { > full-name: "" > authentication { > encrypted-password: "$1$$Ht7gBYnxI1xCdO/JOnodh." > } > } > } > package { > auto-sync: 1 > repository community { > component: "main" > url: "http://archive.vyatta.com/vyatta" > } > } > } > > Thanks for the responses! > > Todd > > > -----Original Message----- > From: Aubrey Wells [mailto:[EMAIL PROTECTED] > Sent: Sunday, December 02, 2007 2:35 PM > To: [EMAIL PROTECTED]@web-wired.biz > Cc: vyatta-users@mailman.vyatta.com > Subject: Re: [Vyatta-users] I'm stuck... can ping lan but to wan > > set system gateway-address and set protocols static route 0.0.0.0/0 > does the same thing. The problem with your default gateway is its not > on any connected subnets. Are you doing ip-passthru on the cable > modem, so you can acutally use the public IPs behind it? If that is > the case, your default gateway needs to be 75.145.xxx.190. I suspect > this is the case, and the 10.1.10.1 is a management ip on the cable > modem. If that is the case you'll want to add a secondary ip on the > eth1 interface that is in that same subnet (say 10.1.10.2) so you can > get to it from inside. > > ------------------ > Aubrey Wells > Senior Engineer > Shelton | Johns Technology Group > A Vyatta Ready Partner > www.sheltonjohns.com > > > > > > On Dec 2, 2007, at 11:33 AM, <[EMAIL PROTECTED]> <[EMAIL PROTECTED]> > wrote: > >> Hi! >> >> I am working with Vyatta for the first time and I am currently stuck >> on what >> to do. I've googled a few howtos and also watched the videos and >> read the >> quick start. Here is my hardware/routing info: >> >> Comcast SMC IP Gateway >> 1U dual m-itx VIA EK 10000 with 2 Compact Flash, 2 80G SATA, 2 512MB >> ram, 2 >> RJ45 10/100 per mobo (planning for VRRP down the road). >> eth0 = lan >> eth1 = wan >> Server 1 - Fedora 7 >> Server 2 - Fedora 7 >> >> IP info: >> Static IP block: 75.145.xxx.185 - 75.145.xxx.189 >> Gateway: 75.145.xxx.190 >> Subnet: 255.255.255.248 >> DNS 1: 68.87.73.242 >> DNS 2: 68.87.71.226 >> SMC IP: 10.1.10.1 >> Server 1: 192.168.xxx.189 >> Server 2: 192.168.xxx.188 >> >> Current Vyatta Config: >> >> protocols { >> static { >> disable: false >> route 0.0.0.0/0 { >> next-hop: 10.1.10.1 >> metric: 1 >> } >> } >> } >> policy { >> } >> interfaces { >> restore: false >> loopback lo { >> description: "" >> } >> ethernet eth0 { >> disable: false >> discard: false >> description: "lan" >> hw-id: 00:40:63:ef:c3:1c >> duplex: "auto" >> speed: "auto" >> address 192.168.xxx.1 { >> prefix-length: 24 >> disable: false >> } >> } >> ethernet eth1 { >> disable: false >> discard: false >> description: "wan" >> hw-id: 00:40:63:ef:c3:19 >> duplex: "auto" >> speed: "auto" >> address 75.145.xxx.189 { >> prefix-length: 29 >> disable: false >> } >> } >> } >> service { >> webgui { >> http-port: 80 >> https-port: 443 >> } >> } >> firewall { >> log-martians: "enable" >> send-redirects: "disable" >> receive-redirects: "disable" >> ip-src-route: "disable" >> broadcast-ping: "disable" >> syn-cookies: "enable" >> } >> system { >> host-name: "rt1" >> domain-name: "" >> name-server 68.87.73.242 >> name-server 68.87.71.226 >> time-zone: "GMT" >> ntp-server "69.59.150.135" >> gateway-address: 10.1.10.1 >> login { >> user root { >> full-name: "" >> authentication { >> encrypted-password: "$1$$Ht7gBYnxI1xCdO/JOnodh." >> } >> } >> user vyatta { >> full-name: "" >> authentication { >> encrypted-password: "$1$$Ht7gBYnxI1xCdO/JOnodh." >> } >> } >> } >> package { >> auto-sync: 1 >> repository community { >> component: "main" >> url: "http://archive.vyatta.com/vyatta" >> } >> } >> } >> >> I can currently ping my lan, which is further confirmed by being >> able to >> access Vyatta through Server1 via the WebGUI, but I cannot seem to >> configure >> the router correctly to ping the internet from the router. My >> thought is >> that my static route might not be correctly set, or possibly my >> default >> gateway. Seems one of them should point to 10.1.10.1 and the other >> to >> 75.145.xxx.190. >> >> Also, once I have set a static route under protocols I am noticing >> that I >> get an error whenever I attempt to edit it... >> >> Error - 102 Command failed cannot replace route for 0.0.0.0/0: no >> such >> route. >> >> Thanks! >> >> Todd Worden >> Software Developer >> >> Growing Technologies >> P: 434-296-1500 >> E: [EMAIL PROTECTED] >> >> >> >> _______________________________________________ >> Vyatta-users mailing list >> Vyatta-users@mailman.vyatta.com >> http://mailman.vyatta.com/mailman/listinfo/vyatta-users > > > > __________ NOD32 2697 (20071202) Information __________ > > This message was checked by NOD32 antivirus system. > http://www.eset.com > > > > _______________________________________________ > Vyatta-users mailing list > Vyatta-users@mailman.vyatta.com > http://mailman.vyatta.com/mailman/listinfo/vyatta-users _______________________________________________ Vyatta-users mailing list Vyatta-users@mailman.vyatta.com http://mailman.vyatta.com/mailman/listinfo/vyatta-users