I have VYOS in public IP 1.2.3.4 and internal IP 10.0.0.195. There is a web server in 10.0.0.104. VYOS can ping 8.8.8.8 and 10.0.0.104/16. VYOS and web server are using KVM on Debian and can ping each other. The NAT just does not work. so if i browse 1.2.3.4 and it just loading and die after 60s.
this is my settings.
set interfaces ethernet eth0 address 1.2.3.4/27
set interfaces ethernet eth0 description ‘WAN’
set system gateway-address 1.2.3.1
set system name-server 8.8.8.8
set interfaces ethernet eth1 address ‘10.0.0.195/16’
set interfaces ethernet eth1 description ‘LAN’
set nat source rule 100 outbound-interface eth0
set nat source rule 100 source address 10.0.0.0/16
set nat source rule 100 translation address masquerade
set firewall name OUTSIDE-IN default-action drop
set firewall name OUTSIDE-IN rule 10 action accept
set firewall name OUTSIDE-IN rule 10 state established enable
set firewall name OUTSIDE-IN rule 10 state related enable
set firewall name OUTSIDE-LOCAL default-action drop
set firewall name OUTSIDE-LOCAL rule 10 action ‘accept’
set firewall name OUTSIDE-LOCAL rule 10 state established ‘enable’
set firewall name OUTSIDE-LOCAL rule 10 state related ‘enable’
set interfaces ethernet eth0 firewall in name ‘OUTSIDE-IN’
set interfaces ethernet eth0 firewall local name ‘OUTSIDE-LOCAL’
set nat destination rule 110 description ‘Port Forward: HTTP to 10.0.0.104’
set nat destination rule 110 destination port ‘80’
set nat destination rule 110 destination address 1.2.3.4
set nat destination rule 110 inbound-interface ‘eth0’
set nat destination rule 110 protocol ‘tcp’
set nat destination rule 110 translation address ‘10.0.0.104’
set nat destination rule 110 translation port 80
set firewall name OUTSIDE-IN rule 111 action ‘accept’
set firewall name OUTSIDE-IN rule 111 destination address ‘10.0.0.104’
set firewall name OUTSIDE-IN rule 111 destination port ‘80’
set firewall name OUTSIDE-IN rule 111 protocol ‘tcp’
set firewall name OUTSIDE-IN rule 111 state new ‘enable’