issue with default route

General questions
1

Hi, I’m new to VyOS. I’m having an issue getting my hosts to route through to the default route. I can ping hosts either direction from the eth0 nets (via eth2), but I cannot ping the internet (e.g. 8.8.8.8). The routers can ping the internet, and I can ping eth1 from hosts on eth0 nets, just can’t get out beyond eth1.

Below are my configs, and I’ve included an image of what i’m trying to accomplish. I’m sure I’ve made a simple mistake somewhere.

HO/A

interfaces {
    ethernet eth0 {
        address 192.168.200.1/24
        description LAN
        duplex auto
        hw-id 00:1c:c4:ee:70:0e
        smp_affinity auto
        speed auto
    }
    ethernet eth1 {
        address 10.230.0.254/24
        description WAN
        duplex auto
        hw-id 00:1c:c4:ee:70:0c
        smp_affinity auto
        speed auto
    }
    ethernet eth2 {
        address 10.220.0.254/24
        description LANX
        duplex full
        hw-id 90:e2:ba:70:bd:3e
        speed 100
    }
    ethernet eth3 {
        hw-id 90:e2:ba:70:bd:3f
    }
    loopback lo {
    }
}
protocols {
    rip {
        neighbor 10.220.0.253
        network 192.168.200.0/24
        network 192.168.150.0/24
        network 192.168.100.0/24
        redistribute {
            connected {
            }
            static {
            }
        }
    }
    static {
        route 0.0.0.0/0 {
            next-hop 10.230.0.252 {
                distance 1
            }
        }
        route 10.0.0.0/24 {
            next-hop 192.168.200.1 {
                distance 5
            }
        }
        route 10.1.100.0/24 {
            next-hop 192.168.200.1 {
                distance 5
            }
        }
        route 10.1.200.0/24 {
            next-hop 192.168.200.1 {
                distance 5
            }
        }
        route 10.10.10.0/24 {
            next-hop 192.168.200.1 {
                distance 5
            }
        }
        route 192.168.100.0/24 {
            next-hop 192.168.200.1 {
                distance 5
            }
        }
        route 192.168.150.0/24 {
            next-hop 192.168.200.1 {
                distance 5
            }
        }
        route 192.168.155.0/24 {
            next-hop 192.168.200.1 {
                distance 5
            }
        }
    }
}

COLO/B

interfaces {
    ethernet eth0 {
        address 10.210.200.253/24
        description LAN
        duplex auto
        hw-id 00:13:21:b1:4f:8a
        smp_affinity auto
        speed auto
    }
    ethernet eth1 {
        address 10.230.1.253/24
        description WAN
        duplex auto
        hw-id 00:13:21:b1:4f:89
        smp_affinity auto
        speed auto
    }
    ethernet eth2 {
        address 10.220.0.253/24
        description LANX
        duplex full
        hw-id 00:04:23:e5:4e:4c
        smp_affinity auto

        speed 100
    }
    ethernet eth3 {
        description UNUSED
        duplex auto
        hw-id 00:04:23:e5:4e:4d
        smp_affinity auto
        speed auto
    }
    loopback lo {
    }
}
protocols {
    rip {
        neighbor 10.220.0.254
        network 10.210.210.0/24
        network 10.210.220.0/24
        network 10.210.230.0/24
        redistribute {
            connected {
            }
            static {
            }
        }
    }
    static {
        route 0.0.0.0/0 {
            next-hop 10.230.1.252 {
                distance 1
            }
        }
        route 10.210.210.0/24 {
            next-hop 10.210.200.253 {
            }
        }
        route 10.210.220.0/24 {
            next-hop 10.210.200.253 {
            }
        }
        route 10.210.230.0/24 {
            next-hop 10.210.200.253 {
            }
        }
    }
}
2

I think you could try one of two things (using the COLOB location for example):

  1. setup NAT on the VyOS box to NAT 10.210.200.0/24 to 10.230.1.253

  2. The internet connected device 10.230.1.252 needs a static route to 10.210.200.0/24 via 10.230.1.253

RIP is taking care of the VyOS boxes knowing how to route to each other’s subnets, but there is no routing protocol on the firewall looking devices so they are unaware of how to reach the subnets behind the VyOS servers. Use tcpdump to see the icmp packets arriving and leaving the expected interfaces on the VyOS installs as well as the internet connected firewall looking devices.

3

Thanks jl3128. I can’t have NAT on the eth1 interfaces as I’ll need to route traffic through the VPN as well. However your post did help me resolve one of my issues in terms of routing out to the internet.

The next issue is how to get the routers to fail over their default routes to each other’s eth2 interface.

4

I would use BGP.

5

How will this going to help him?