Gateway and router on one computer

Question

We have been attempting to setup a Linux/BSD/etc box that can behave as both an internet gateway and as a router. I don't know how to articulate our situation very well, so please forgive me...

Currently we are using Vyatta with the following network interfaces (with masked IP addresses):

eth0 -> x.x.x.178/30 - WAN (upstream router: x.x.x.177)
- vlan100 -> Attached to eth0
br100 -> y.y.y.1 - Bridges eth0.vlan100 and eth1
eth1 -> y.y.y.y/24 - Bridged with the WAN (x.x.x.178 is the upstream router for this subnet)
eth2 -> 10.10.0.1/16 - Private network, NAT through y.y.y.1

The problem is: when we set the NAT rule to route 10.10.0.0/16 traffic through br100 nothing gets routed. However, if we set the NAT rule to route through eth0, the traffic actually routes, but now it is sourced from the x.x.x.178 address instead of the y.y.y.1 address.

What am I doing wrong here? Any thoughts or suggestions would be helpful.

Current configuration (minus some fluff):

interfaces {
    bridge br100 {
        address y.y.y.1/24
    }
    ethernet eth0 {
        address x.x.x.178/30
        vif 100 {
            bridge-group {
                bridge br100
            }
        }
    }
    ethernet eth1 {
        bridge-group {
            bridge br100
        }
    }
    ethernet eth2 {
        address 10.10.0.1/16
    }
    loopback lo {
    }
}
services {
    nat {
        rule 1 {
            outbound-interface br100
            source {
                address 10.10.0.0/16
            }
            type masquerade
        }
    }
}
system {
    gateway-address x.x.x.177
}

score 2 · Accepted Answer · answered Dec 31 '09 at 22:16

2

The way that we were able to solve this was to change the NAT rule to an SNAT instead of a masquerade.

answered Dec 31 '09 at 22:16

Futoque

136
2

score 1 · Answer 2 · answered Dec 31 '09 at 15:30

1

On most distro, unless they are set up to serve as routers, they will default to the behavior of refusing to forward IP traffic. Generally I use a packetprotector (linux running on asus home router) for such work. But you will want to check the settings in /etc/sysctl.conf.

Look for 'net.ipv4.ip_forward = ', if you wish to forward traffic, this value should be set to 1 (if not then '0'). Changing the file here will have the change persist across reboots, and will start when network services start.

answered Dec 31 '09 at 15:30

haus

104
1

1

very good point. This might be worth reading: http://www.ducea.com/2006/08/01/how-to-enable-ip-forwarding-in-linux/ – BuildTheRobots Dec 31 '09 at 16:26
1

Thank you for the suggestion! I always seem to forget that when I setup a Linux distro, but that is one of the things I checked this time. Vyatta is a firewall distro and it has ip forwarding on by default. – miquella Jan 01 '10 at 17:24

score -1 · Answer 3 · edited Jun 11 '20 at 10:02

-1

I would recommend you use pfSense.

It has a really nice Web-based interface.

edited Jun 11 '20 at 10:02

Community

1

answered Dec 31 '09 at 19:30

Brad Gilbert

2,473
2
21
19

1

Thank you for the suggestion, but pfSense is the last one we tried. The reason we're using Vyatta at all is because pfSense stopped routing our traffic... Don't know why, it worked fine for 2 weeks and then it just stopped routing. – miquella Jan 01 '10 at 17:28

Gateway and router on one computer

3 Answers3

Linked