Hi!
Thanks for working on VyOS.
Destination NAT does not work for me. I try I’m trying to port 2222 to the server 192.168.0.4 port 22.
show configuration commands 1.1.1.1 - my external address, 2.2.2.2 - gateway ISP:
set interfaces ethernet eth0 address '192.168.0.6/22'
set interfaces ethernet eth0 description 'DMZ_LAN'
set interfaces ethernet eth0 duplex 'auto'
set interfaces ethernet eth0 smp_affinity 'auto'
set interfaces ethernet eth0 speed 'auto'
set interfaces ethernet eth1 address '1.1.1.1/29'
set interfaces ethernet eth1 duplex 'auto'
set interfaces ethernet eth1 smp_affinity 'auto'
set interfaces ethernet eth1 speed 'auto'
set interfaces ethernet eth2 duplex 'auto'
set interfaces ethernet eth2 smp_affinity 'auto'
set interfaces ethernet eth2 speed 'auto'
set interfaces loopback 'lo'
set nat destination rule 5 description 'test nat'
set nat destination rule 5 destination port '2222'
set nat destination rule 5 inbound-interface 'any'
set nat destination rule 5 log 'enable'
set nat destination rule 5 protocol 'tcp'
set nat destination rule 5 translation address '192.168.0.4'
set nat destination rule 5 translation port '22'
set nat source rule 10 outbound-interface 'eth0'
set nat source rule 10 source address '192.168.0.4'
set nat source rule 10 translation address 'masquerade'
set protocols static route 0.0.0.0/0 next-hop '2.2.2.2'
set protocols static route 10.10.0.0/16 next-hop '192.168.0.1'
set service ssh port '22'
set system config-management commit-revisions '50'
set system console device ttyS0 speed '9600'
set system domain-name 'vyos'
set system host-name 'vyos'
set system login user vyos authentication encrypted-password ''
set system login user vyos authentication plaintext-password ''
set system login user vyos level 'admin'
set system name-server '8.8.8.8'
set system ntp server '0.pool.ntp.org'
set system ntp server '1.pool.ntp.org'
set system ntp server '2.pool.ntp.org'
set system package auto-sync '1'
set system package repository community components 'main'
set system package repository community distribution 'helium'
set system package repository community password ''
set system package repository community url 'http://packages.vyos.net/vyos'
set system package repository community username ''
set system syslog global facility all level 'notice'
set system syslog global facility protocols level 'debug'
set system time-zone 'UTC'
I made the simplest configuration for investigated this issue.
Ok, I try “ssh 1.1.1.1 -p 2222” on the external server. output: “ssh: connect to host 1.1.1.1 port 2222: Connection timed out”
show nat destination translations:
Pre-NAT Post-NAT Prot Timeout
1.1.1.1:2222 192.168.0.4:22 tcp 118
Log for this nat rule:
tcpdump on vyos:
root@vyos:/home/vyos# tcpdump -i eth1 port 2222
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth1, link-type EN10MB (Ethernet), capture size 65535 bytes
15:02:40.854117 IP 3.3.3.3.27452 > 1.1.1.1.2222: Flags [S], seq 1215647533, win 29200, options [mss 1460,sackOK,TS val 3047214033 ecr 0,nop,wscale 7], length 0
15:02:41.858487 IP 3.3.3.3.27452 > 1.1.1.1.2222: Flags [S], seq 1215647533, win 29200, options [mss 1460,sackOK,TS val 3047214283 ecr 0,nop,wscale 7], length 0
15:02:43.855343 IP 3.3.3.3.27452 > 1.1.1.1.2222: Flags [S], seq 1215647533, win 29200, options [mss 1460,sackOK,TS val 3047214784 ecr 0,nop,wscale 7], length 0
15:02:47.870808 IP 3.3.3.3.27452 > 1.1.1.1.2222: Flags [S], seq 1215647533, win 29200, options [mss 1460,sackOK,TS val 3047215786 ecr 0,nop,wscale 7], length 0
tcpdump on 192.168.0.4:
18:02:45.859020 ARP, Request who-has 192.168.0.4 tell 192.168.0.6, length 46
18:02:45.859043 ARP, Reply 192.168.0.4 is-at ee:8f:f4:8d:00:00 (oui Unknown), length 28
ping on 3.3.3.3. to 1.1.1.1: there is
What am I doing wrong?
Just want to know, is it necessary to define the rules of the firewall for nat? Yes, I tried with them, there is no result.