SNAT with 2 routers

General questions
1

We just started playing with VYOS in the classroom and want to incorporate into test labs.

I have setup 2 routers to simplify how our students build test labs in Hyper-V.
Router1-VYOS has 3 interfaces
eth0 - DHCP (access to internet)
eth1 - 192.168.1.1./24 (Subnet1)
eth2 - 10.1.1.1/30 (WANLink1-2)
Router2-VYOS has 2 interfaces
eth0 - 10.1.1.2/30 (WANLink1-2)
eth1 - 192.168.2.1/24 (Subnet2)

Router1 has the following setup.
INTERFACES (router1)
set interfaces ethernet eth0 address dhcp
set interfaces ethernet eth0 description ‘External’
set interfaces ethernet eth1 address ‘192.168.1.1/24’
set interfaces ethernet eth1 description ‘Subnet1’
set interfaces ethernet eth2 address ‘10.1.1.1/30’
set interfaces ethernet eth2 description ‘WANLink1-2’

RIP
set protocols rip network 192.168.1.0/24
set protocols rip interface eth1
set protocols rip neighbor 10.1.1.2
set protocols rip passive-interface default

NAT
set nat source rule 100 description ‘Outbound NAT for Subnet1’
set nat source rule 100 outbound-interface eth0
set nat source rule 100 source address 192.168.1.0/24
set nat source rule 100 translation address masquerade

set nat source rule 110 description ‘Outbound NAT for Subnet2’
set nat source rule 110 outbound-interface eth0
set nat source rule 110 source address 192.168.2.0/24
set nat source rule 110 translation address masquerade

Router2 has the following setup.
INTERFACES (router2)
set interfaces ethernet eth0 address 10.1.1.2/30
set interfaces ethernet eth0 description ‘WANLink1-2’
set interfaces ethernet eth1 address ‘192.168.2.1/24’
set interfaces ethernet eth1 description ‘Subnet2’

RIP(router2)
set protocols rip network 192.168.2.0/24
set protocols rip interface eth1
set protocols rip neighbor 10.1.1.1
set protocols rip passive-interface default

DHCP Relay (Router2)
set service dhcp-relay listen-interface eth1
set service dhcp-relay upstream-interface eth0
set service dhcp-relay server 192.168.1.2

Set DEFAULT ROUTE
set protocols static route 0.0.0.0/0 next-hop 10.1.1.1

My issue is NAT works fine on Router1 but not with Router2. router2 can ping everything on Subnet1, but goes no further. Pings and traceroutes just die.

Can anyone lend assistance? I want to have our students perform their own setups and need to be able to show them how to make everything works.

2

You have defined 2 source nat rules, one for each “LAN subnet”.
Pinging from router2 to internet, will use source IP 10.1.1
2, and you haven’t define a source nat rule in router1 for such network

1 Like
3

So do I need to define something like this

set nat source rule 130 description ‘Outbound NAT for WANLink1-2’
set nat source rule 130 outbound-interface eth0
set nat source rule 130 source address 10.1.1.0/30
set nat source rule 130 translation address masquerade

10.1.1.2 being on my router2

4

Or more general solution, delete source matcher in rule 100, so will apply source NAT to all outgoing traffic through eth0

1 Like
5

So simply
? No source addresses?
set nat source rule 100 description ‘Outbound NAT’
set nat source rule 100 outbound-interface eth0
set nat source rule 100 translation address masquerade

6

Just build a lab environment to test your configuration.
Add the nat rule 120 on Router1 will fix this issue.

set nat source rule 120 outbound-interface 'eth0'
set nat source rule 120 source address '10.1.1.0/30'
set nat source rule 120 translation address 'masquerade'
1 Like
7

This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.