[Vyatta-users] NAT problem

Alexc Wed, 23 Jan 2008 06:49:03 -0800

Hi,
Sounds like vyatta vc3 has a problem with NAT, I want to map not routed
IPs to real ones with static one-to-one NAT, I did according to manual
butr all packets go out with single IP. 
Please look at config and iptables output below, did I make any error
in configuration?


vyatta:~# iptables -L -t nat -n
Chain PREROUTING (policy ACCEPT)
target     prot opt source               destination         
DNAT       tcp  --  0.0.0.0/0            192.114.41.4         tcp dpt:22 
to:10.10.1.1 
DNAT       tcp  --  0.0.0.0/0            192.114.41.5         multiport dports 
22,80,443,53,21 to:10.10.1.2 
DNAT       udp  --  0.0.0.0/0            192.114.41.5         udp dpt:53 
to:10.10.1.2 
DNAT       tcp  --  0.0.0.0/0            192.114.41.6         tcp dpt:22 
to:10.10.1.5 
DNAT       tcp  --  0.0.0.0/0            192.114.41.7         multiport dports 
22,80,443,53,110,21 to:10.10.1.6 
DNAT       udp  --  0.0.0.0/0            192.114.41.7         udp dpt:53 
to:10.10.1.6 

Chain POSTROUTING (policy ACCEPT)
target     prot opt source               destination         
SNAT       0    --  0.0.0.0/0            0.0.0.0/0           to:192.114.41.4 
SNAT       0    --  0.0.0.0/0            0.0.0.0/0           to:192.114.41.5 
SNAT       0    --  0.0.0.0/0            0.0.0.0/0           to:192.114.41.6 
SNAT       0    --  0.0.0.0/0            0.0.0.0/0           to:192.114.41.7 

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination         


service {
    nat {
        rule 10 {
            type: "source"
            inbound-interface: "vif30"
            outbound-interface: "eth1"
            inside-address {
                address: 10.10.1.1
            }
            outside-address {
                address: 194.90.41.4
            }
        }
        rule 20 {
            type: "destination"
            inbound-interface: "eth1"
            outbound-interface: "vif30"
            protocols: "tcp"
            destination {
                address: "194.90.41.4"
                port-number 22
            }
            inside-address {
                address: 10.10.1.1
            }
        }
        rule 30 {
            type: "source"
            inbound-interface: "vif30"
            outbound-interface: "eth1"
            inside-address {
                address: 10.10.1.2
            }
            outside-address {
                address: 194.90.41.5
            }
        }
        rule 40 {
            type: "destination"
            inbound-interface: "eth1"
            outbound-interface: "vif30"
            protocols: "tcp"
            destination {
                address: "194.90.41.5"
                port-number 22
                port-number 80
                port-number 443
                port-number 53
                port-number 21
            }
            inside-address {
                address: 10.10.1.2
            }
        }


Thanks, Alexc

_______________________________________________
Vyatta-users mailing list
Vyatta-users@mailman.vyatta.com
http://mailman.vyatta.com/mailman/listinfo/vyatta-users

[Vyatta-users] NAT problem

Reply via email to