Accessing internet while exposing the host IP


#1

Hi Guys,

I wish if I can get some help with my poor setup of VyOS,

I have 3 interfaces

eth0= internet
eth1= connected to hosts
eth2= Management only

the main purpose of the setup is to assign some public IP’s to hosts,

i have a bunch of public subnets, that is already routed through a Juniper router,
eth0 is directly connected to the router and it has 185.x.x.x/29
default gateway is the juniper router IP

eth1, added those public subnets to it and I can assign public IP’s that is connected to this interface.

my problem now is when the host connect to internet it shows the eth0 IP address not the host IP address which i guess is a NAT masquerade

how can i make those public ip’s connect to internet and use their own IP’s?

thanks


#2

It’s curious because by default there’s no NAT configured.

you can easily check this with “show nat” in configuration mode.

if you have a nat source rule , you can delete it or, for testing purpose, just disable it with the command

set nat source rule XX disable


#3

Another possibility is ‘The Sky Heart’ has enabled the webproxy service, which by default transparently redirects HTTP. That might be affecting their ‘whatismyip’ type check.


#4

thanks a lot for the help guys

disabling the NAT did worked now i can see the host real IP instead of the eth0 IP,

sorry but what is the command to enable it back, i didn’t find the way to enable it.

I have one more question, as i mentioned the VyOS router is used to manage public subnet’s and route between those subnet’s so everything connected to the eth1 should have a public IP,

my question is I want to separate each subnet with different VLAN, I can do that but my problem is the hosts that is connected might have many IP’s form different subnets, so is there a way that i can use one IP as a gateway for all the subnets, since the host will only have one default gateway.

here is my poor configuration i didn’t enable any firewall or anything else so any recommendation is also appreciated.


#5

to re-enable the nat rule , delete the disable statement

ie :

delete nat source rule xx disable

if you want to multi-home a host, you can. But in any case, it’s better to have a single default gateway, and you need to set routes on the host. It can be done easily on any OS.


#6

Thanks again,

with this configuration i don’t need to add any routes on the host it just works, but i just need more protection for the firewall and the subnets, and adding routes to the host might be too much since some times each host can have 100 of ip’s and each ip from different subnet.