[Vyatta-users] [Resolved] Re: Masquerade between eth0/ eth1 et eth1 to eth0

Wed, 05 Dec 2007 19:51:02 -0800 

Replied to myself.

I find my problem for the static Address :
show route show
0.0.0.0/0               [static(1)]     > to 192.168.2.1        via eth1

because I added system   gateway-address: 192.168.2.1 :-)

so  after delete it

show route is more like

Routes: 4/4, Paths: 4/4
10.0.0.65/32            [connected(0)]  > to 10.0.0.65          via lo
127.0.0.0/8              [connected(0)]  > to 127.0.0.1          via lo
192.168.2.0/24          [connected(0)]  > to 192.168.2.10       via eth1
192.168.10.0/24         [connected(0)]  > to 192.168.10.1       via eth0

and show nat rules seems to be correct

rule  type     IN         OUT     source              destination
translation
----  ----  ---------  ---------  ------              -----------
-----------
1     MASQ      -      eth1
2     MASQ  eth1       eth0       192.168.2.0/24       192.168.10.0/24


The Rules

        nat {
            rule 1 {
                type: "masquerade"
                outbound-interface: "eth2"
            }
            rule 2 {
                type: "masquerade"
                inbound-interface: "eth2"
                outbound-interface: "eth0"
                protocols: "all"
                source {
                    network: "192.168.2.0/24"
                }
                destination {
                    network: "192.168.10.0/24"
                }


The problem was from my previous Router which I think can't forward to
192.168.10.0 (I haven't finish to resolve the problem yet)


Thanks for your help



damien

On Dec 5, 2007 10:02 PM, Dams < [EMAIL PROTECTED]> wrote:

> Thanks for your quick reply.
>
>
> so I tried to delete the default route 0.0.0.0/24
> and reboot
>
> but it seems to be still in the config of the router
> [EMAIL PROTECTED] > show route
> Routes: 5/5, Paths: 5/5
> 0.0.0.0/0               [static(1)]     > to 192.168.2.1        via eth1
> 10.0.0.65/32            [connected(0)]  > to 10.0.0.65          via lo
> 127.0.0.0/8             [connected(0)]  > to 127.0.0.1           via lo
> 192.168.2.0/24          [connected(0)]  > to 192.168.2.10       via eth1
> 192.168.10.0/24         [connected(0)]  > to 192.168.10.1       via eth0
>
>
> STRANGE !!!!!
>
>
> and configure 2 rule like in openmaniak
>
>         nat {
>             rule 1 {
>                 type: "masquerade"
>                 outbound-interface: "eth2"
>                 }
>             }
>             rule 2 {
>                 type: "masquerade"
>                 inbound-interface: "eth2"
>                 outbound-interface: "eth0"
>                 protocols: "all"
>                 source {
>                     network: "192.168.2.0/24"
>                 }
>                 destination {
>                     network: "192.168.10.0/24"
>                 }
>
>
> and no success.
>
> Can't ping from 192.168.2.XX to 192.168.10.XX
> but it work on the other way, can ping 192.168.10.XX to 192.168.2.XX
> And I can access to anythink from the router.
>
> So, I supposse it's just a question of route.
>
> But, don't know how to do it :-(
>
> Thanks for your help
>
>
> On Dec 5, 2007 8:04 PM, Troopy . <[EMAIL PROTECTED]> wrote:
>
> >
> > Hello,
> >
> > TRy to see our tutorials if this can help you:
> > http://www.openmaniak.com/vyatta_case6.php
> >
> > TRoopy
> >
> >
> >
> > ---------- Original Message ----------------------------------
> > From: Dams <[EMAIL PROTECTED]>
> > Date:  Wed, 5 Dec 2007 19:44:54 +0700
> >
> > >Hi everybody,
> > >
> > >
> > >sorry for the network newbie question,
> > >
> > >I would like to authorize a range of IP to be abble to access a subnet
> > >
> > >Detail.
> > >eth1 : several Server on 192.168.2.XX and a proxy to Internet on
> > 192.168.2.1
> > >eth0:  Users PC on ip 192.168.10.XXX
> > >
> > >So no problem for the masquarade for eth0 to eth1, but I don't know how
> > to
> > >authorize 192.168.2.XX to access 192.168.10.XXX.
> > >I can ping 192.168.10.1 from 192.168.2.XX but not the pc inside the
> > network
> > >behind eth0 (like 192.168.10.2).
> > >
> > >How can I do that??????
> > >
> > >Thanks for your help. :-)
> > >
> > >
> > >Config:
> > >
> > >
> > >        ethernet eth0 {
> > >            description: "My LAN network "
> > >            hw-id: XX
> > >            address 192.168.10.1 {
> > >                prefix-length: 24
> > >            }
> > >        }
> > >        ethernet eth1 {
> > >            description: "Interface Out"
> > >            hw-id: XX
> > >            address 192.168.2.10 {
> > >                prefix-length: 24
> > >            }
> > >        }
> > >
> > >       static {
> > >            route 0.0.0.0/0 {
> > >                next-hop: 192.168.2.1
> > >            }
> > >
> > >       nat {
> > >            rule 1 {
> > >                type: "masquerade"
> > >                outbound-interface: "eth1"
> > >            }
> > >
> > >
> > >
> > >BTW : Vyatta rocks :-)
> > >
> > >
> > >--
> > >Cordialement / Sincerely
> > >Damien
> > >MEP Volunteer Indonesia / Volontaire MEP Indonesia
> > > http://www.mepasie.org
> > >
> > >
> > >
> >
> >
> >
> > ______________________________________________________
> > Désirez vous une adresse éléctronique @suisse.com ?
> > Visitez la Suisse virtuelle sur http://www.suisse.com
> >
> >
>
>
> --
> Cordialement / Sincerely
> Damien HERITIER
>
> MEP Volunteer Indonesia / Volontaire MEP Indonesia
> http://www.mepasie.org
>



-- 
Cordialement / Sincerely
Damien HERITIER
MEP Volunteer Indonesia / Volontaire MEP Indonesia
http://www.mepasie.org

_______________________________________________
Vyatta-users mailing list
Vyatta-users@mailman.vyatta.com
http://mailman.vyatta.com/mailman/listinfo/vyatta-users

Reply via email to