Home :

• Home
• Contact
• Readme
• Thanks
• Translations
• History
• References
• Statistics
• About us

Tutorials :

• Analyzing
• 
• Wireshark
• Ettercap
• Snort & BASE
• Snort_Inline & BASE
• Kismet
• 
• Monitoring
• 
• Cacti
• PHP Weathermap
• 
• Logging
• 
• Php-syslog-ng
• Rancid
• Ipplan
• 
• Routing
• 
• Vyatta
• Quagga
• 
• VPN
• 
• OpenVPN
• 
• Telephony
• 
• Trixbox
• 
• Link Emulation
• 
• WANem

Other :

• Open Source
• MySQL

Networking :

• Interfaces
• Ping
• TCPdump
• Netstat
• Iperf
• CDP

OS :

• Linux ;
• Windows ;
• 
• Debian ;
• Ubuntu ;
• 
• APT Tools
• CheckInstall
• Minicom

Php Scripts :

• World Time
• Menu

Vyatta Case 6 - NAT
Last Change : Dec 07 2010

---

Tool
Install
Ergonomy
Forum


Details What is Vyatta?
Screenshots
Prerequisites
Tutorial Vyatta
Vyatta & Cisco Commands
Vyatta/Cisco/Quagga Comparison (Quagga section)
Case Study 1 - Static routes (VC 2.0)
Case Study 2 - OSPF simple (VC 2.0)
Case Study 3 - OSPF advanced (VC 2.0)
Case Study 4 - BGP (VC 3.0)
Case Study 5 - VRRP (VC 2.2)
Case Study 6 - NAT (VC 2.0)
Case Study 7 - DHCP (VC 2.2)
Case Study 8 - IPSec (VC 2.2)
Case Study 9 - Packages (VC 3.0)
Case Study 10 - Bridging (VC 3.0)
Case Study 11 - CDP VC 3.0

---

⚠️⚠️⚠️
Please check our website about
attractions in Western Switzerland !! (Please use english translation).

⚠️⚠️⚠️
Merci de consulter notre site sur les
activités à faire en Suisse romande !!

---

1. NAT - STATIC

2. PAT - STATIC

3. NAT - DYNAMIC

4. NAT - MASQUERADE

---

1.1 CASE PRINCIPLE

1.2 PICTURE

1.3 CONFIGURATIONS

1.4 SHOW COMMANDS

---

1. CASE PRINCIPLE

Vyatta version used: VC 2.0 Feb 20, 2007

The Static NAT, where one IP address is translated to another IP address, can be used to reach an internal web server from the Internet.
A benefit of static NAT compared to any other type of NAT is that the TCP or UDP ports are not modified during the translation.

In our example, we configured a source and destination static NAT.

---

2. PICTURE

Functionalities tested: (click on the web links to have more details about a protocol) Interface settings Telnet access NAT - Static Static Routing

---

3. CONFIGURATIONS

CISCO ROUTER 2651 IOS: 12.2(15)T17	VYATTA ROUTER VC2 Feb 20, 2007
interface FastEthernet0/0   description Server A   ip address 10.0.0.1 255.255.255.0   ip nat inside	edit interfaces ethernet eth1   set description ServerB   set address 10.0.0.1 prefix-length 24
interface FastEthernet0/1   description Vyatta   ip address 50.0.0.2 255.255.255.0   ip nat outside	edit interfaces ethernet eth0   set description Cisco   set address 50.0.0.1 prefix-length 24
ip route 60.0.0.0 255.255.255.240 50.0.0.1	set protocols static route 70.0.0.0/28 next-hop 50.0.0.2
ip nat inside source static 10.0.0.2 70.0.0.2	set service nat rule 1 edit service nat rule 1   set type destination   set translation-type static   set inbound-interface eth0   set protocols all   set source network 0.0.0.0/0   set destination address 60.0.0.56   set inside-address address 10.0.0.2 set service nat rule 2 edit service nat rule 2   set type source   set translation-type static   set outbound-interface eth0   set protocols all   set source address 10.0.0.2   set destination network 0.0.0.0/0   set outside-address address 60.0.0.2
line vty 0 4   no login	set service telnet
enable secret password	edit system login user vyatta   set authentification plaintext-password password

---

4. SHOW COMMANDS

vyatta@vyatta>show nat rules


vyatta@vyatta>show nat statistics


vyatta:~#tcpdump -v -p icmp
(must be executed by the root user at the Linux prompt)


Router#show ip nat translations


Router#show ip nat statistics


Router#debug ip nat
Router#terminal monitor


END TO END CONNECTIVITY CHECKS:

From WebServerA:
c:\>tracert 60.0.0.2


From WebServerB:
c:\>tracert 70.0.0.2


Top of the page

---

2.1 CASE PRINCIPLE

2.2 PICTURE

2.3 CONFIGURATIONS

2.4 SHOW COMMANDS

---

1. CASE PRINCIPLE

The Static PAT (Port Address Translation) is where an IP address and a layer 4 (TCP/UDP) port are translated to one IP address and one layer 4 port.
It can be used to reach an internal file server from the Internet.

In our example, we configured static destination PAT.

---

2. PICTURE

Functionalities tested: (click on the web links to have more details about a protocol) Interface settings Telnet access PAT - Static Static Routing

---

3. CONFIGURATIONS

CISCO ROUTER 2651 IOS: 12.2(15)T17	VYATTA ROUTER VC2 Feb 20, 2007
interface FastEthernet0/0   description Server A   ip address 10.0.0.1 255.255.255.0   ip nat inside	edit interfaces ethernet eth1   set description ServerB   set address 10.0.0.1 prefix-length 24
interface FastEthernet0/1   description Vyatta   ip address 50.0.0.2 255.255.255.0   ip nat outside	edit interfaces ethernet eth0   set description Cisco   set address 50.0.0.1 prefix-length 24
ip route 60.0.0.0 255.255.255.240 50.0.0.1	set protocols static route 70.0.0.0/28 next-hop 50.0.0.2
ip nat inside source static tcp 10.0.0.2 21 70.0.0.2 21	set service nat rule 1 edit service nat rule 1   set type destination   set translation-type static   set inbound-interface eth0   set protocols tcp   set source network 0.0.0.0/0   set destination address 60.0.0.2   set destination port-name ftp   set inside-address address 10.0.0.2
line vty 0 4   no login	set service telnet
enable secret password	edit system login user vyatta   set authentification plaintext-password password

---

4. SHOW COMMANDS

vyatta@vyatta>show nat rules


vyatta@vyatta>show nat statistics


vyatta:~#tcpdump port 21
(must be executed by the root user at the Linux prompt)


Router#show ip nat translations


Router#show ip nat statistics


Router#debug ip nat
Router#terminal monitor


Top of the page

---

3.1 CASE PRINCIPLE

3.2 PICTURE

3.3 CONFIGURATIONS

3.4 SHOW COMMANDS

---

1. CASE PRINCIPLE

The dynamic NAT is where an IP address member of a pool is translated to an IP address member of another pool of addresses.
It can be used when you want to link two networks having the same IP range.

In our example, we configured dynamic source NAT.

---

2. PICTURE

Functionalities tested: (click on the web links to have more details about a protocol) Interface settings Telnet access NAT - Dynamic Static Routing

---

3. CONFIGURATIONS

CISCO ROUTER 2651 IOS: 12.2(15)T17	VYATTA ROUTER VC2 Feb 20, 2007
interface FastEthernet0/0   description Server A   ip address 10.0.0.1 255.255.255.0   ip nat inside	edit interfaces ethernet eth1   set description ServerB   set address 10.0.0.1 prefix-length 24
interface FastEthernet0/1   description Vyatta   ip address 50.0.0.2 255.255.255.0   ip nat outside	edit interfaces ethernet eth0   set description Cisco   set address 50.0.0.1 prefix-length 24
ip route 60.0.0.0 255.255.255.240 50.0.0.1	set protocols static route 70.0.0.0/28 next-hop 50.0.0.2
ip nat pool nat-pool 70.0.0.0 70.0.0.15 netmask 255.255.255.240 ip nat inside source list 1 pool nat-pool access-list 1 permit 10.0.0.0 0.0.0.255	set service nat rule 1 edit service nat rule 1   set type source   set translation-type dynamic   set outbound-interface eth0   set protocols all   set source network 10.0.0.0/24   set destination network 0.0.0.0/0   set outside-address address 60.0.0.0/28
line vty 0 4   no login	set service telnet
enable secret password	edit system login user vyatta   set authentification plaintext-password password

---

4. SHOW COMMANDS

vyatta@vyatta>show nat rules


vyatta@vyatta>show nat statistics


vyatta:~#tcpdump -v
(must be executed by the root user at the Linux prompt)


Router#show ip nat translations


Router#show ip nat statistics


Router#debug ip nat
Router#terminal monitor


END TO END CONNECTIVITY CHECKS:

From Desktop A:
c:\>tracert 50.0.0.1


From Desktop B:
c:\>tracert 50.0.0.2


Top of the page

---

4.1 CASE PRINCIPLE

4.2 PICTURE

4.3 CONFIGURATIONS

4.4 SHOW COMMANDS

---

1. CASE PRINCIPLE

The masquerade NAT is where source IP addresses inside a pool of addresses are translated to one unique IP address.

It is typically used for a group of users having private IP addresses and which are requesting access to the Internet.

---

2. PICTURE

Functionalities tested: (click on the web links to have more details about a protocol) Interface settings Telnet access NAT - Masquerade Static Routing

---

3. CONFIGURATIONS

CISCO ROUTER 2651 IOS: 12.2(15)T17	VYATTA ROUTER VC2 Feb 20, 2007
interface FastEthernet0/0   description Server A   ip address 10.0.0.1 255.255.255.0   ip nat inside	edit interfaces ethernet eth1   set description ServerB   set address 10.0.0.1 prefix-length 24
interface FastEthernet0/1   description Vyatta   ip address 50.0.0.2 255.255.255.0   ip nat outside	edit interfaces ethernet eth0   set description Cisco   set address 50.0.0.1 prefix-length 24
ip route 60.0.0.0 255.255.255.240 50.0.0.1	set protocols static route 70.0.0.0/28 next-hop 50.0.0.2
ip nat inside source list 1 interface FastEthernet0/1 overload access-list 1 permit 10.0.0.0 0.0.0.255	set service nat rule 1 edit service nat rule 1   set type source   set translation-type masquerade   set inbound-interface eth0   set protocols all   set source network 10.0.0.0/24   set destination address 0.0.0.0/0
line vty 0 4   no login	set service telnet
enable secret password	edit system login user vyatta   set authentification plaintext-password password

---

4. SHOW COMMANDS

vyatta@vyatta>show nat rules


vyatta@vyatta>show nat statistics


vyatta:~#tcpdump -v
(must be executed by the root user at the Linux prompt)


Router#show ip nat translations
(telnet from Desktop A to Vyatta)


Router#show ip nat statistics


Router#debug ip nat
Router#terminal monitor


END TO END CONNECTIVITY CHECKS:

From Desktop A:
c:\>tracert 50.0.0.1


From Desktop B:
c:\>tracert 50.0.0.2


Top of the page