Need help to setup 1:1 Static NAT

2 posts / 0 new
Log in or register to post comments
Last post
Tue, 05/01/2012 - 18:09
#1
dtuser
Need help to setup 1:1 Static NAT

Need help to setup 1:1 Static NATing on Vyatta 6.1

I have vyatta router setup as bellow:

eth0: 192.168.200.254/24
eth1: 10.10.100.254/24
eth2: 10.10.201.254/24
eth3: 172.10.10.126/25
eth4: 10.10.205.254/24
Gateway: 10.10.205.205

I have front End MS TMG firewall (10.10.205.205) which is connected to Vyatta Router .

I have server 172.10.10.100 which i want to access using 1:1 nating on IP 10.205.205.101 from TMG firewall.

E.g. TMG firewall send request to 10.205.205.101 then vyatta do NAT and send request to 172.10.10.100.

I have added the NAT rule but it is not working. I can't ping/access 10.205.205.101 from TMG server.

Can someone please help me.

Here is my router config

interfaces {
ethernet eth0 {
address 192.168.200.254/24
duplex auto
hw-id 00:50:56:88:00:19
smp_affinity auto
speed auto
}
ethernet eth1 {
address 10.10.100.254/24
duplex auto
hw-id 00:50:56:88:00:25
smp_affinity auto
speed auto

}
ethernet eth2 {
address 10.10.201.126/25
duplex auto
hw-id 00:50:56:88:00:27
smp_affinity auto
speed auto
}
ethernet eth3 {
address 172.10.10.126/25
duplex auto
hw-id 00:50:56:88:00:2c
smp_affinity auto
speed auto

ethernet eth4 {
address 10.10.205.254/24
duplex auto
hw-id 00:50:56:88:4d:ce
smp_affinity auto
speed auto

loopback lo {
}
}
protocols {
static {
}
}
service {
dhcp-relay {
interface eth0
interface eth1
interface eth2
server 10.10.100.100
}
https
nat {
rule 10 {
destination {
address 10.10.205.101
}
inbound-interface eth4
inside-address {
address 172.10.10.100
}
protocol all
source {
address 0.0.0.0/0
}
type destination
}
rule 20 {
destination {
address 0.0.0.0/0
}
outbound-interface eth3
outside-address {
address 10.10.205.101
}
protocol all
source {
address 172.10.10.100
}
type source
}
}
ssh {
port 22
protocol-version v2
}
}
system {
gateway-address 10.10.205.205
host-name vRouterProd01
login {
user vyatta {
authentication {
encrypted-password mypassword
}
level admin
}
}
ntp-server 0.vyatta.pool.ntp.org
package {
auto-sync 1
repository community {
components main
distribution stable
password ""
url http://packages.vyatta.com/vyatta
username ""
}
}
syslog {
global {
facility all {
level notice
}
facility protocols {
level debug
}
}
}
time-zone GMT
}

Many Thanks
[/img]

Top
Thu, 05/03/2012 - 09:51
Permalink
tmbxtrmn
Need help to setup 1:1 Static NAT

I do not see the IP address 10.205.205.101 on any interface. You would need to add this IP address to your eth4 interface, and make sure that your MS-TMG firewall also has an IP address from the same subnet.

Once you are able to ping the 10.205.205.101 IP address on your Vyatta router, then you should be able to set up NAT

Your current nat rules are for 10.10.205.101 which won't work for the 10.205.205.101 address. You may want to check that to make sure you are using the correct IP addresses.

If you have a typographical error in your request and would like to actually use the 10.10.205.101 address then all you need to do is ad the 10.10.205.101 IP to the eth4 interface.

Tom

Top
Log in or register to post comments