Strange Behavour with NAT

miyoung999 · July 19, 2023, 9:17am

Hi

I would like some help to expain what I am doing wrong,

My network is this

192.168.0.0/24 ------- VyOS 1.4 -------- 192.168.100.0/24

The ip addresses are

192.168.0.20 eth0
192.168.100.254 eth1

I have set up the NAT as follows

set nat destination
set nat source rule 100 outbound-interface ‘eth0’
set nat source rule 100 source address ‘192.168.100.0/24’
set nat source rule 100 translation address ‘masquerade’

I have default route
set protocols static route 0.0.0.0/0 next-hop 192.168.0.1

Now my issue is

I have hosts
192.168.100.1
192.168.100.20
192.168.100.40

From a machine in 192.168.0.0 network I can ping 192.16,8.100.254 (router IF), 192.168.100.1 (Domain Controller), 192.168.100.40 (OpenMediaVault) successfully.

I then added a new host at 192.168.100.10 - vCenter server - this host can reach 192.168.0.10 (the esxi host where it is a guest) however I cannot ping this host or connect to the console

So my question why cannot reach this host?

I did add
set nat destination rule 200 inbound-interface eth0
set nat destination rule 200 translation address 192.168.100.0

or

set nat destination rule 200 inbound-interface eth0
set nat destination rule 200 translation address 192.168.100.254

and neither helped

Please advise if I have missed part of config or what do I need to do get this working

Thanks

n.fort · July 19, 2023, 9:38am

Check if all the devices involved has their default gateway configured to be router IP.
If host located in both networks are configured to use VyOS router as default gateway, then communication should work, even without NAT, unless some machine firewall blocks the connection from different subnet (very common situation with windows, and then you will need to apply NAT or configure windows firewall to allow connections from remote networks).

miyoung999 · July 19, 2023, 10:02am

Hi

I will check this…

I do have a static route on the default gw for the 192.168.0.0 network

Network Destination Subnet Mask Default Gateway Interface
192.168.100.0 255.255.255.0 192.168.0.20 LAN

miyoung999 · July 21, 2023, 3:08pm

OK…

I built a 1.3 VyOS image and have installed that.,

This works as expected.

My config includeds SNAT and DNAT, So something is broken in 1.4 as 1.3 works like a dream.

Mark

miyoung999 · July 22, 2023, 8:31am

#UPDATE

I cannot do what I would like to do with this configuration.

I am going use the VyOS for snat and have a dual homed workstation for access to the lab.

Thank all for your help.

system · July 24, 2023, 8:32am

This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.