VyOS. How to forward external IPs to internal ones in the local network?

G

gudron2016-05-12 21:04:39

Computer networks

gudron, 2016-05-12 21:04:39

Good day to all.
I figured out how to work in VyOS. Configured interfaces, configured the main gateway, configured users. There are no problems with this ..
There is a problem with forwarding everything that comes to several external IPs to how internal they are. At the moment, it is necessary to forward essentially One-to-One. That is, everything coming, for example, to 120.13.123.123, should be forwarded inside to the local address 10.0.100.3.
If closer to the body, then we have the following:

Interface        IP Address                        S/L  Description
---------        ----------                        ---  -----------
eth0              120.13.123.20/24                u/u  MAIN-WAN 
eth1             10.0.101.2/24                     u/u  LAN 
eth2              120.13.123.123/24                u/u  TEST-1-WAN 
eth3              120.13.123.124/24                u/u  TEST-2-WAN

I want everything coming to eth2 (120.13.123.123) to be forwarded to the local network through eth1 to the local address (10.0.100.3).
What I am currently doing is forwarding to One-to-One, following the example from Off. guide and just some article on the internet .

set nat source rule 10 source address 10.0.100.3
set nat source rule 10 outbound-interface eth1
set nat source rule 10 translation address 120.13.123.123

set nat destination rule 10 inbound-interface eth2
set nat destination rule 10 destination address 120.13.123.123
set nat destination rule 10 translation address 10.0.100.3

But unfortunately it doesn't work. Ping does not work, telnet too, in general, it is impossible to reach the end machine on the local network.
Thanks in advance.

Reply

Answer the question

In order to leave comments, you need to log in

2 answer(s)

G

gudron, 2016-05-16
@gudron

It clears things up a bit.
There is a problem through which interface VyOs gives a response to ping and so on.
That is, the ping comes where it is needed, let's say on
eth3 120.13.123.124/24 u / u TEST-2-WAN
but the answer goes through another interface in my case it is eth3, and therefore through eth2 120.13.123.123/24 u / u TEST-1- WAN.
VyOs is extremely strange and chooses this interface on its own.
If I disable the eth2 and eth3 network adapters in the VM settings, then VyOS communicates normally via
eth0 120.13.123.20/24 u/u MAIN-WAN
If I enable eth2 and eth3 again in the VM settings, then VyOS selects eth2 on its own.
I just can’t overcome the line that always remains in the routes table:

default via 120.13.123.254 dev eth2  proto zebra 
10.0.101.0/24 dev eth1  proto kernel  scope link  src 10.0.101.2 
127.0.0.0/8 dev lo  proto kernel  scope link  src 127.0.0.1 
120.13.123.0/24 dev eth2  proto kernel  scope link  src 120.13.123.123 
120.13.123.0/24 dev eth0  proto kernel  scope link  src 120.13.123.20 
120.13.123.0/24 dev eth3  proto kernel  scope link  src 120.13.123.124

Here VyOS changes eth0/eth2 on its own, regardless of any settings:
Code:
Everything I set up just lays on top of the table. but this route does not cancel.
The casket opened terribly simply. Tritely tied several external ip to one network interface.
I came up with the same question but on another forum .

S

satoo, 2016-05-14
@satoo

compare, it looks like an error in the interfaces

set nat source rule 10 source address 10.0.100.3
set nat source rule 10 outbound-interface eth2
set nat source rule 10 translation address 120.13.123.123

set nat destination rule 10 inbound-interface eth2
set nat destination rule 10 destination address 120.13.123.123
set nat destination rule 10 translation address 10.0.100.3