TOTAL
Since dec 2006
1'942'871 Visitors
4'218'042 Pages

Nov 2010 Stats
82'909 Visitors
146'476 Pages
196 countries
Full statistics



Help us translate
our tutorials!

JOIN the
OpenManiak Team.
OM TEAM
Director:
Blaise Carrera
Tutorials creation:
Blaise Carrera
Translaters:
Giovanni Fredducci
Angel Chraniotis
Moham. H. Karvan
Alexandro Silva
Blaise Carrera
Andrei Chertolyas
Sergiy Uvarov
Nickola Kolev
Łukasz Nowatkowski
Ivo Raisr
Catalin Bivolaru
Bogdan A. Costea
Kirill Simonov
Oliver Mucafir
JaeYoung Jeon
Seungyoon Lee
Jie Yu & Si Cheng
Tao Wei
YukiAlex
Fumihito Yoshida
Muhammad Takdir
Çağdaş Tülek
Auditors
Leslie Luthi
Joe Anderson
Jennifer Ockwell
Nigel Titley
Alison Rees
Sabrina Barbey
Webmaster:
Blaise Carrera
VYATTA - The Easy Tutorial - Case Study 6 - NAT

Vyatta Case 6 - NAT
Last Change : Dec 07 2010


Tool
Install
Ergonomy
Forum



Details What is Vyatta?
Screenshots
Prerequisites
Tutorial Vyatta
Vyatta & Cisco Commands
Vyatta/Cisco/Quagga Comparison (Quagga section)
Case Study 1 - Static routes (VC 2.0)
Case Study 2 - OSPF simple (VC 2.0)
Case Study 3 - OSPF advanced (VC 2.0)
Case Study 4 - BGP (VC 3.0)
Case Study 5 - VRRP (VC 2.2)
Case Study 6 - NAT (VC 2.0)
Case Study 7 - DHCP (VC 2.2)
Case Study 8 - IPSec (VC 2.2)
Case Study 9 - Packages (VC 3.0)
Case Study 10 - Bridging (VC 3.0)
Case Study 11 - CDP VC 3.0




If you like our tutorials, don't hesitate to support us and visit our sponsors!
Si vous aimez nos tutoriaux, n'hésitez pas à nous supporter et visiter nos sponsors!


1. NAT - STATIC 2. PAT - STATIC 3. NAT - DYNAMIC 4. NAT - MASQUERADE


1.1 CASE PRINCIPLE 1.2 PICTURE 1.3 CONFIGURATIONS 1.4 SHOW COMMANDS


1. CASE PRINCIPLE

Vyatta version used: VC 2.0 Feb 20, 2007
The Static NAT, where one IP address is translated to another IP address, can be used to reach an internal web server from the Internet.
A benefit of static NAT compared to any other type of NAT is that the TCP or UDP ports are not modified during the translation.

In our example, we configured a source and destination static NAT.


2. PICTURE

cisco vyatta case study static nat Functionalities tested:

(click on the web links to have more details about a protocol)

Interface settings
Telnet access
NAT - Static
Static Routing
 
 
 
 
 
 
 
 
 


3. CONFIGURATIONS

CISCO ROUTER 2651 IOS: 12.2(15)T17 VYATTA ROUTER VC2 Feb 20, 2007
interface FastEthernet0/0
  description Server A
  ip address 10.0.0.1 255.255.255.0
  ip nat inside
edit interfaces ethernet eth1
  set description ServerB
  set address 10.0.0.1 prefix-length 24
 
interface FastEthernet0/1
  description Vyatta
  ip address 50.0.0.2 255.255.255.0
  ip nat outside
edit interfaces ethernet eth0
  set description Cisco
  set address 50.0.0.1 prefix-length 24
 
ip route 60.0.0.0 255.255.255.240
50.0.0.1
set protocols static route 70.0.0.0/28 next-hop
50.0.0.2
ip nat inside source static 10.0.0.2
70.0.0.2

 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
set service nat rule 1
edit service nat rule 1
  set type destination
  set translation-type static
  set inbound-interface eth0
  set protocols all
  set source network 0.0.0.0/0
  set destination address 60.0.0.56
  set inside-address address 10.0.0.2

set service nat rule 2
edit service nat rule 2
  set type source
  set translation-type static
  set outbound-interface eth0
  set protocols all
  set source address 10.0.0.2
  set destination network 0.0.0.0/0
  set outside-address address 60.0.0.2
line vty 0 4
  no login
set service telnet
 
enable secret password
 
edit system login user vyatta
  set authentification plaintext-password password


4. SHOW COMMANDS

vyatta@vyatta>show nat rules

vyatta output show nat rules

vyatta@vyatta>show nat statistics

vyatta output show nat statistics

vyatta:~#tcpdump -v -p icmp
(must be executed by the root user at the Linux prompt)

vyatta output tcpdump

Router#show ip nat translations

Cisco output show ip nat translations

Router#show ip nat statistics

Cisco output show ip nat statistics

Router#debug ip nat
Router#terminal monitor

Cisco output debug ip nat

END TO END CONNECTIVITY CHECKS:

From WebServerA:
c:\>tracert 60.0.0.2

windows tracert

From WebServerB:
c:\>tracert 70.0.0.2

windows tracert

Top of the page


2.1 CASE PRINCIPLE 2.2 PICTURE 2.3 CONFIGURATIONS 2.4 SHOW COMMANDS



1. CASE PRINCIPLE

The Static PAT (Port Address Translation) is where an IP address and a layer 4 (TCP/UDP) port are translated to one IP address and one layer 4 port.
It can be used to reach an internal file server from the Internet.

In our example, we configured static destination PAT.


2. PICTURE

Vyatta Cisco case study static pat Functionalities tested:

(click on the web links to have more details about a protocol)

Interface settings
Telnet access
PAT - Static
Static Routing
 
 
 
 
 
 
 
 
 


3. CONFIGURATIONS

CISCO ROUTER 2651 IOS: 12.2(15)T17 VYATTA ROUTER VC2 Feb 20, 2007
interface FastEthernet0/0
  description Server A
  ip address 10.0.0.1 255.255.255.0
  ip nat inside
edit interfaces ethernet eth1
  set description ServerB
  set address 10.0.0.1 prefix-length 24
 
interface FastEthernet0/1
  description Vyatta
  ip address 50.0.0.2 255.255.255.0
  ip nat outside
edit interfaces ethernet eth0
  set description Cisco
  set address 50.0.0.1 prefix-length 24
 
ip route 60.0.0.0 255.255.255.240
50.0.0.1
set protocols static route 70.0.0.0/28 next-hop
50.0.0.2
ip nat inside source static
tcp 10.0.0.2 21 70.0.0.2 21
 
 
 
 
 
 
 
 
set service nat rule 1
edit service nat rule 1
  set type destination
  set translation-type static
  set inbound-interface eth0
  set protocols tcp
  set source network 0.0.0.0/0
  set destination address 60.0.0.2
  set destination port-name ftp
  set inside-address address 10.0.0.2
line vty 0 4
  no login
set service telnet
 
enable secret password
 
edit system login user vyatta
  set authentification plaintext-password password


4. SHOW COMMANDS

vyatta@vyatta>show nat rules

vyatta output show nat rules

vyatta@vyatta>show nat statistics

vyatta output show nat statistics

vyatta:~#tcpdump port 21
(must be executed by the root user at the Linux prompt)

vyatta output tcpdump

Router#show ip nat translations

cisco output show ip nat translations

Router#show ip nat statistics

cisco output show ip nat statistics

Router#debug ip nat
Router#terminal monitor

cisco output debug ip nat

Top of the page


3.1 CASE PRINCIPLE 3.2 PICTURE 3.3 CONFIGURATIONS 3.4 SHOW COMMANDS


1. CASE PRINCIPLE

The dynamic NAT is where an IP address member of a pool is translated to an IP address member of another pool of addresses.
It can be used when you want to link two networks having the same IP range.

In our example, we configured dynamic source NAT.


2. PICTURE

Cisco vyatta case study dynamic nat Functionalities tested:

(click on the web links to have more details about a protocol)

Interface settings
Telnet access
NAT - Dynamic
Static Routing
 
 
 
 
 
 
 
 
 


3. CONFIGURATIONS

CISCO ROUTER 2651 IOS: 12.2(15)T17 VYATTA ROUTER VC2 Feb 20, 2007
interface FastEthernet0/0
  description Server A
  ip address 10.0.0.1 255.255.255.0
  ip nat inside
edit interfaces ethernet eth1
  set description ServerB
  set address 10.0.0.1 prefix-length 24
 
interface FastEthernet0/1
  description Vyatta
  ip address 50.0.0.2 255.255.255.0
  ip nat outside
edit interfaces ethernet eth0
  set description Cisco
  set address 50.0.0.1 prefix-length 24
 
ip route 60.0.0.0 255.255.255.240
50.0.0.1
set protocols static route 70.0.0.0/28 next-hop
50.0.0.2
ip nat pool nat-pool 70.0.0.0 70.0.0.15
netmask 255.255.255.240
ip nat inside source list 1 pool nat-pool
access-list 1 permit 10.0.0.0 0.0.0.255
 
 
 
 
 
set service nat rule 1
edit service nat rule 1
  set type source
  set translation-type dynamic
  set outbound-interface eth0
  set protocols all
  set source network 10.0.0.0/24
  set destination network 0.0.0.0/0
  set outside-address address 60.0.0.0/28
line vty 0 4
  no login
set service telnet
 
enable secret password
 
edit system login user vyatta
  set authentification plaintext-password password


4. SHOW COMMANDS

vyatta@vyatta>show nat rules

vyatta output show nat rules

vyatta@vyatta>show nat statistics

vyatta output show nat statistics

vyatta:~#tcpdump -v
(must be executed by the root user at the Linux prompt)

vyatta output tcpdump

Router#show ip nat translations

cisco output show ip nat translations

Router#show ip nat statistics

cisco output show ip nat statistics

Router#debug ip nat
Router#terminal monitor

cisco output debug ip nat

END TO END CONNECTIVITY CHECKS:

From Desktop A:
c:\>tracert 50.0.0.1

windows tracert

From Desktop B:
c:\>tracert 50.0.0.2

windows tracert

Top of the page


4.1 CASE PRINCIPLE 4.2 PICTURE 4.3 CONFIGURATIONS 4.4 SHOW COMMANDS



1. CASE PRINCIPLE

The masquerade NAT is where source IP addresses inside a pool of addresses are translated to one unique IP address.

It is typically used for a group of users having private IP addresses and which are requesting access to the Internet.


2. PICTURE

cisco vyatta case study nat masquerade overloading Functionalities tested:

(click on the web links to have more details about a protocol)

Interface settings
Telnet access
NAT - Masquerade
Static Routing
 
 
 
 
 
 
 
 
 


3. CONFIGURATIONS

CISCO ROUTER 2651 IOS: 12.2(15)T17 VYATTA ROUTER VC2 Feb 20, 2007
interface FastEthernet0/0
  description Server A
  ip address 10.0.0.1 255.255.255.0
  ip nat inside
edit interfaces ethernet eth1
  set description ServerB
  set address 10.0.0.1 prefix-length 24
 
interface FastEthernet0/1
  description Vyatta
  ip address 50.0.0.2 255.255.255.0
  ip nat outside
edit interfaces ethernet eth0
  set description Cisco
  set address 50.0.0.1 prefix-length 24
 
ip route 60.0.0.0 255.255.255.240
50.0.0.1
set protocols static route 70.0.0.0/28 next-hop
50.0.0.2
ip nat inside source list 1 interface
FastEthernet0/1 overload
access-list 1 permit 10.0.0.0 0.0.0.255
 
 
 
 
 
set service nat rule 1
edit service nat rule 1
  set type source
  set translation-type masquerade
  set inbound-interface eth0
  set protocols all
  set source network 10.0.0.0/24
  set destination address 0.0.0.0/0
line vty 0 4
  no login
set service telnet
 
enable secret password
 
edit system login user vyatta
  set authentification plaintext-password password


4. SHOW COMMANDS

vyatta@vyatta>show nat rules

vyatta output show nat rules

vyatta@vyatta>show nat statistics

vyatta output show nat statistics

vyatta:~#tcpdump -v
(must be executed by the root user at the Linux prompt)

vyatta output tcpdump

Router#show ip nat translations
(telnet from Desktop A to Vyatta)

cisco output show ip nat translations

Router#show ip nat statistics

cisco output show ip nat statistics

Router#debug ip nat
Router#terminal monitor

cisco output debug ip nat

END TO END CONNECTIVITY CHECKS:

From Desktop A:
c:\>tracert 50.0.0.1

tracert windows

From Desktop B:
c:\>tracert 50.0.0.2

tracert windows

Top of the page





If you liked our tutorials, don't hesitate to support us and visit our sponsors!
Si vous aimez nos tutoriaux, n'hésitez pas à nous supporter et visiter nos sponsors!