Vyatta masquerade out bridge interface
Posted
by
miquella
on Server Fault
See other posts from Server Fault
or by miquella
Published on 2010-10-08T17:04:03Z
Indexed on
2012/09/26
9:41 UTC
Read the original article
Hit count: 246
We have set up a Vyatta Core 6.1 gateway on our network with three interfaces:
eth0-1.1.1.1- public gateway/router IP (to public upstream router)eth1-2.2.2.1/24- public subnet (connected to a second firewall2.2.2.2)eth2-10.10.0.1/24- private subnet
Our ISP provided the 1.1.1.1 address for us to use as our gateway. The 2.2.2.1 address is so the other firewall (2.2.2.2) can communicate to this gateway which then routes the traffic out through the eth0 interface.
Here is our current configuration:
interfaces {
bridge br100 {
address 2.2.2.1/24
}
ethernet eth0 {
address 1.1.1.1/30
vif 100 {
bridge-group {
bridge br100
}
}
}
ethernet eth1 {
bridge-group {
bridge br100
}
}
ethernet eth2 {
address 10.10.0.1/24
}
loopback lo {
}
}
service {
nat {
rule 100 {
outbound-interface eth0
source {
address 10.10.0.1/24
}
type masquerade
}
}
}
With this configuration, it routes everything, but the source address after masquerading is 1.1.1.1, which is correct, because that's the interface it's bound to. But because of some of our requirements here, we need it to source from the 2.2.2.1 address instead (what's the point of paying for a class C public subnet if the only address we can send from is our gateway!?).
I've tried binding to br100 instead of eth0, but it doesn't seem to route anything if I do that.
I imagine I'm just missing something simple. Any thoughts?
© Server Fault or respective owner
