Hello again Vyatta users:
I have a block of static IPs from Comcast, of which I am trying to configure
2 of them through my Vyatta router. I can ping in all directions, but it
does not appear that my NAT rule is functioning. I currently do not have
firewall rules set in place.
Here are the applicable parts of my config.
interfaces {
restore: false
loopback lo {
description: ""
}
ethernet eth0 {
disable: false
discard: false
description: ""
hw-id: 00:40:63:ef:c3:1c
duplex: "auto"
speed: "auto"
address 192.168.xxx.1 {
prefix-length: 24
disable: false
}
}
ethernet eth1 {
disable: false
discard: false
description: "wan"
hw-id: 00:40:63:ef:c3:19
duplex: "auto"
speed: "auto"
address 75.145.xxx.185 {
prefix-length: 29
disable: false
}
address 75.145.xxx.186 {
prefix-length: 29
disable: false
}
}
service {
nat {
rule 10 {
type: "masquerade"
outbound-interface: "eth1"
protocols: "all"
source {
network: "192.168.xxx.0/24"
}
destination {
network: "0.0.0.0/0"
}
}
rule 20 {
type: "destination"
inbound-interface: "eth1"
protocols: "tcp"
source {
network: "0.0.0.0/0"
}
destination {
address: "75.145.xxx.185"
}
inside-address {
address: 192.168.xxx.185
}
}
rule 21 {
type: "destination"
inbound-interface: "eth1"
protocols: "tcp"
source {
network: "0.0.0.0/0"
}
destination {
address: "75.145.xxx.186"
}
inside-address {
address: 192.168.xxx.186
}
}
>From the above, rule 20 works great! I can serve up a test page via http.
Rule 21 doesn't seem to allow me from the outside to get in. FF Browser
says "Unable to Connect". From within Vyatta, I can ping 192.168.xxx.186,
also, on the outside, I can ping 75.145.xxx.186, but NAT isn't translating
seems.
How can more than one static IP live in harmony?
Thanks!
Todd
_______________________________________________
Vyatta-users mailing list
Vyatta-users@mailman.vyatta.com
http://mailman.vyatta.com/mailman/listinfo/vyatta-users
