Hi all,
I’d appreciate some help getting DNAT working. I want to achieve SSH access to be forwarded from the internet to my local machine 192.168.99.9 .
My VyOS is behind another router (a cheap box from my ISP) and has a WAN address of 192.168.0.66 .
The ISP device forwards port 22 to 192.168.0.66 .
Here is what I have done:
``
vyos@vyos# run sh nat destination rules
Disabled rules are not shown
Codes: X - exclude rule
rule intf translation
10 eth0 daddr ANY to 192.168.99.9
proto-tcp dport 22
Desc: Port forward: SSH to 192.168.99.9
``
vyos@vyos# sh nat destination rule 10 description "Port forward: SSH to 192.168.99.9" destination { port 22 } inbound-interface eth0 protocol tcp translation { address 192.168.99.9 }
vyos@vyos# sh firewall na WAN-in default-action drop rule 10 { action accept state { established enable related enable } } rule 20 { action accept destination { address 192.168.99.9 port 22 } protocol tcp }
When I try to connect to port 22 from the outside, the NAT rule gets triggered:
``
vyos@vyos# run sh nat dest sta
rule pkts bytes interface
10 5 300 eth0
``
And so does the firewall rule:
``
vyos@vyos# run sh fire na WAN-in statistics
Rulesets Information
IPv4 Firewall “WAN-in”:
Active on (eth0,IN)
rule packets bytes action source destination
10 4.03K 6.03M ACCEPT 0.0.0.0/0 0.0.0.0/0
20 5 300 ACCEPT 0.0.0.0/0 192.168.99.9
10000 0 0 DROP 0.0.0.0/0 0.0.0.0/0
``
However, each time I try to log in from the outside, there is only 1 packet forwarded and the login attempt times out. What am I doing wrong here?