Vyatta, routing issue: internal-external-internal

Discussion in 'Network Routers' started by benny007, Aug 30, 2013.

  1. benny007

    benny007 Guest

    Hi guys,
    I ma having an interesting (at least for me) problem with vyatta routing.
    I have simple nat/masquarade setup with two interfaces.

    The external eth0 has static IP for the external services
    The Internal eth1 has static IP and acts as DHCP, DNS forward and few more services for internal network

    the current routing setup:
    protocols {
    static {
    route 0.0.0.0/0 {
    next-hop [EXTERNAL IP] {
    }
    }
    }
    }

    NAT:

    nat {
    nat {
    destination {
    rule 10 {
    description HTTP
    destination {
    address [EXTERNAL IP]
    port 80
    }
    inbound-interface eth0
    protocol tcp
    translation {
    address 192.168.1.3
    port 80
    }
    }
    rule 11 {
    ...
    }
    ...... and some more rules
    source {
    rule 1 {
    description LAN2WAN
    outbound-interface eth0
    source {
    address 192.168.1.0/24
    }
    translation {
    address masquerade
    }
    }
    }
    }

    So far everything works well.

    The problem happens when user does not have DNS records taken from DHCP, but from other source.
    Then the domain name returns IP of the external interface and it gets routed to the external interface where it ends.

    For internal DNS we use static-mapping overrides to be able to access the internal servers via domain name, but obviously that's not good solution.
    I need some way or "returning" packets bak to our network via external interface as incoming packet so the nat destination rules can be applied and it can be delivered to the correct machine.

    Any idea how to achieve this?

    thanks

    Pavel
     
    benny007, Aug 30, 2013
    #1
    1. Advertisements

  2. benny007

    benny007 Guest

    benny007, Aug 30, 2013
    #2
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.