Routing only, no NAT


#1

Hi all,

We have been using Vyatta for a while and are moving to VyOS as we bring new services online.

We use Vyatta purely as a router, without NAT.
We would like VyOS to do the same but seem to be having problems.
If we set up routing without a NAT rule (masquerade) then we cannot access subnets beyond the VyOS system, i.e. from 192.168.89.0 network to hosts on 192.168.100.0
However, we need to allow Active Directory traffic between the two subnets.

Some examples of what we want to do:
We have one AD server on 192.168.89.10 and another on 192.168.100.20. These should communicate in both directions

Note that upstream from the next-hop is a cisco firewall that connects to the internet.

We do not have masquerading or NAT rules on our Vyatta routers.

any help woudl be appreciated

I have include my config below.

interfaces {
ethernet eth0 {
address 192.168.89.250/24
description LAN
duplex auto
hw-id 00:50:56:a1:06:bb
smp_affinity auto
speed auto
}
ethernet eth1 {
address 192.168.100.251/23
description PTP-Link
duplex auto
hw-id 00:50:56:a1:76:aa
smp_affinity auto
speed auto
}
loopback lo {
}
}
nat {
source {
rule 100 {
destination {
address 0.0.0.0/0
}
outbound-interface eth1
source {
address 192.168.89.0/24
}
translation {
address masquerade
}
}
}
}
protocols {
static {
route 0.0.0.0/0 {
next-hop 192.168.100.250 {
distance 1
}
}
}
}
service {
ssh {
port 22
}
}
system {
config-management {
commit-revisions 20
}
console {
device ttyS0 {
speed 9600
}
}
domain-name challengelogistics.com.au
host-name VMhost1
login {
user vyos {
authentication {
encrypted-password ****************
plaintext-password ****************
}
level admin
}
}
name-server 192.168.100.50
name-server 192.168.100.51
ntp {
server oceania.pool.ntp.org {
}
server time.google.com {
}
}
package {
auto-sync 1
repository community {
components main
distribution helium
password ****************
url http://packages.vyos.net/vyos
username “”
}
}
syslog {
global {
facility all {
level notice
}
facility protocols {
level debug
}
}
}

}

thanks!


#2

we decided to rebuild from scratch without a NAT rule as we could not work out why the NAT configuration was required in the above configuration.


#3

Can you show network configuration for AD servers
192.168.100.20 and 192.168.89.10
Thay must use VyOS as default gateway


#4

Hi,

thanks for the reply.
We have started from scratch again but without a NAT rule and the system works fine.
it is odd that removing NAT and rebooting VyOS did not resolve our issue.

cheers!