[rbak-nsp] Problems with NAT

Tomas Lynch tomas.lynch at gmail.com
Thu May 16 17:00:02 EDT 2013 

NAT is not applied to the subscriber as shown on the output.`Please
verify that the subscriber default config is in use.

Source NAT is not an option.

On Thu, May 16, 2013 at 5:53 PM, Golem <golem at mtm-info.pl> wrote:
>
> [routerek]Redback#show subscribers active
> d8:5d:4c:80:2f:a6
>         Session state Up
>         Circuit   2/1 clips 262145
>         Internal Circuit   2/1:511:63:31/7/2/1
>         Interface bound  ge1
>         Current port-limit unlimited
>         Protocol Stack IPV4
>         dhcp max-addrs 1 (applied)
>         ip address 192.168.30.19 255.255.255.0 (applied)
>         dhcp vendor class id MSFT 5.0 (applied)
>         dhcp option client id 0x3d0701d85d4c802fa6 (applied)
>         dhcp option hostname 0x0c05676f6c656d (applied)
>           IP host entries installed by DHCP: (max_addr 1 cur_entries 1)
>                 192.168.30.19    d8:5d:4c:80:2f:a6
>
>
> Maybe i should add source nat address somewhere ?
> I have tried
> interface ge1 multibind
> ip address 192.168.30.1/24
> ip  address  178.214.27.1/27  secondary     <- added this one here and
> it's reachable from outside.
> dhcp server interface
>
> Nothing changed, still nat doesnt work.
>
>
>
>
>
> Thursday, May 16, 2013, 10:42:07 PM, you wrote:
>
>> Ideas: Try doing so without NAT, just one DHCP customer
>
>> Can you please share an output from show subscribers active?
>
>> On Thu, May 16, 2013 at 5:38 PM, Golem <golem at mtm-info.pl> wrote:
>>> Still doesn't work.
>>> Any ideas ?
>>>
>>>
>>>
>>>
>>> Thursday, May 16, 2013, 9:52:43 PM, you wrote:
>>>
>>>> Golem,
>>>
>>>> You need to apply the NAT policy to the subscribers:
>>>
>>>>  subscriber default
>>>>    nat policy-name NAT_policy
>>>>    dhcp max-addrs 1
>>>
>>>> Tomás
>>>
>>>
>>>> On Thu, May 16, 2013 at 11:44 AM, Golem <golem at mtm-info.pl> wrote:
>>>>> Hello Redback-nsp,
>>>>>
>>>>> My first steps with Redback. I'm trying to run simple NAT + Clips.
>>>>> Clips   seems   working  fine  with  radius server, dhcp offers IP but
>>>>> there is still no access to network (client receive proper dhcp pack), only 192.168.30.1 is reachable.
>>>>> There is my config:
>>>>>
>>>>> context routerek
>>>>>  domain router30.pl
>>>>> !
>>>>>  no ip domain-lookup
>>>>> !
>>>>>  ip nat pool NAT_pool napt multibind
>>>>>   address 178.214.27.1/32
>>>>> !
>>>>>  nat policy NAT_policy
>>>>> ! Default class
>>>>>   pool NAT_pool routerek
>>>>>   timeout tcp 18000
>>>>>   endpoint-independent filtering udp
>>>>>   icmp-notification
>>>>> !
>>>>>  interface ge1 multibind
>>>>>   ip address 192.168.30.1/24
>>>>>   dhcp server interface
>>>>> !
>>>>>  interface wan
>>>>>   ip address 178.214.0.23/27
>>>>>  no logging console
>>>>> !
>>>>>  aaa authentication administrator local
>>>>>  aaa authentication administrator maximum sessions 1
>>>>>  aaa authentication subscriber radius
>>>>> !
>>>>>  radius server 178.214.0.27 encrypted-key *****
>>>>> !
>>>>>  ip route 0.0.0.0/0 178.214.0.1
>>>>> !
>>>>>  dhcp server policy
>>>>>    nak-on-subnet-deletion
>>>>>    option subnet-mask 255.255.255.0
>>>>>    option domain-name-server 178.214.0.16 178.214.0.14
>>>>>    option domain-name router30.pl
>>>>>    offer-lease-time 300
>>>>>    default-lease-time 43200
>>>>>    maximum-lease-time 43200
>>>>>    subnet 192.168.30.0/24
>>>>>      option subnet-mask 255.255.255.0
>>>>>      option router 192.168.30.1
>>>>> !
>>>>> !
>>>>> !
>>>>> ! ** End Context **
>>>>>
>>>>> Ports:
>>>>>
>>>>>
>>>>> card ge2-10-port 2
>>>>> !
>>>>> port ethernet 2/1
>>>>>  no shutdown
>>>>>  bind interface ge1 routerek
>>>>>  service clips dhcp maximum 10 context routerek
>>>>> !
>>>>> port ethernet 2/10
>>>>>  no shutdown
>>>>>  bind interface wan routerek
>>>>> !
>>>>> !
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> It  looks  like  packets  are  not  forwarded for 178.214.27.1 however
>>>>> 178.214.27.1/27 is routed to 178.214.0.23 from outside.
>>>>>
>>>>> Thanks!
>>>>>
>>>>> --
>>>>> Best regards,
>>>>>  Ozga Rafal                          mailto:golem at mtm-info.pl
>>>>>
>>>>>
>>>>> _______________________________________________
>>>>> redback-nsp mailing list
>>>>> redback-nsp at puck.nether.net
>>>>> https://puck.nether.net/mailman/listinfo/redback-nsp
>>>
>>>
>>>
>>> --
>>> Best regards,
>>> Ozga Rafal                          mailto:golem at mtm-info.pl
>>>
>>>
>>> _______________________________________________
>>> redback-nsp mailing list
>>> redback-nsp at puck.nether.net
>>> https://puck.nether.net/mailman/listinfo/redback-nsp
>
>
>
> --
> Best regards,
> Ozga Rafal                          mailto:golem at mtm-info.pl
>
>
> _______________________________________________
> redback-nsp mailing list
> redback-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/redback-nsp

More information about the redback-nsp mailing list