NAT setup


#1

We have some terminals which can only connect to a single public internet IP, but we need them to access various hosts on the internet.

I want to use Vyatta to map these hosts to a single IP. So for example clients can access ftp and ssh services on two separate Internet hosts (not on our network) via the vyatta ip.

vy.a.t.ta:2023 -> 2.3.4.5:22
vy.a.t.ta:2024 -> 4.5.6.7:21

How can I set this up?


#2

See Vyatta-NAT_6.5R1_v01.pdf, but you might try:

set nat destination rule 20 destination address $vyattaip
set nat destination rule 20 destination port '2023'
set nat destination rule 20 inbound-interface 'eth3'
set nat destination rule 20 protocol 'tcp'
set nat destination rule 20 source address '0.0.0.0/0'
set nat destination rule 20 translation address '2.3.4.5'
set nat destination rule 20 translation port '22'

set nat destination rule 20 destination address $vyattaip
set nat destination rule 20 destination port '2024'
set nat destination rule 20 inbound-interface 'eth3'
set nat destination rule 20 protocol 'tcp'
set nat destination rule 20 source address '0.0.0.0/0'
set nat destination rule 20 translation address '4.5.6.7'
set nat destination rule 20 translation port '21'

But ftp on port 21 might need other rules, depending on active vs passive ftp.