[rbak-nsp] Problems with NAT

Golem golem at mtm-info.pl
Thu May 16 17:35:44 EDT 2013


Thanks, you did point me in the right direction.

This does works !


Thursday, May 16, 2013, 11:00:02 PM, you wrote:

> NAT is not applied to the subscriber as shown on the output.`Please
> verify that the subscriber default config is in use.

> Source NAT is not an option.

> On Thu, May 16, 2013 at 5:53 PM, Golem <golem at mtm-info.pl> wrote:
>>
>> [routerek]Redback#show subscribers active
>> d8:5d:4c:80:2f:a6
>>         Session state Up
>>         Circuit   2/1 clips 262145
>>         Internal Circuit   2/1:511:63:31/7/2/1
>>         Interface bound  ge1
>>         Current port-limit unlimited
>>         Protocol Stack IPV4
>>         dhcp max-addrs 1 (applied)
>>         ip address 192.168.30.19 255.255.255.0 (applied)
>>         dhcp vendor class id MSFT 5.0 (applied)
>>         dhcp option client id 0x3d0701d85d4c802fa6 (applied)
>>         dhcp option hostname 0x0c05676f6c656d (applied)
>>           IP host entries installed by DHCP: (max_addr 1 cur_entries 1)
>>                 192.168.30.19    d8:5d:4c:80:2f:a6
>>
>>
>> Maybe i should add source nat address somewhere ?
>> I have tried
>> interface ge1 multibind
>> ip address 192.168.30.1/24
>> ip  address  178.214.27.1/27  secondary     <- added this one here and
>> it's reachable from outside.
>> dhcp server interface
>>
>> Nothing changed, still nat doesnt work.
>>
>>
>>
>>
>>
>> Thursday, May 16, 2013, 10:42:07 PM, you wrote:
>>
>>> Ideas: Try doing so without NAT, just one DHCP customer
>>
>>> Can you please share an output from show subscribers active?
>>
>>> On Thu, May 16, 2013 at 5:38 PM, Golem <golem at mtm-info.pl> wrote:
>>>> Still doesn't work.
>>>> Any ideas ?
>>>>
>>>>
>>>>
>>>>
>>>> Thursday, May 16, 2013, 9:52:43 PM, you wrote:
>>>>
>>>>> Golem,
>>>>
>>>>> You need to apply the NAT policy to the subscribers:
>>>>
>>>>>  subscriber default
>>>>>    nat policy-name NAT_policy
>>>>>    dhcp max-addrs 1
>>>>
>>>>> Tomás
>>>>
>>>>
>>>>> On Thu, May 16, 2013 at 11:44 AM, Golem <golem at mtm-info.pl> wrote:
>>>>>> Hello Redback-nsp,
>>>>>>
>>>>>> My first steps with Redback. I'm trying to run simple NAT + Clips.
>>>>>> Clips   seems   working  fine  with  radius server, dhcp offers IP but
>>>>>> there is still no access to network (client receive proper dhcp pack), only 192.168.30.1 is reachable.
>>>>>> There is my config:
>>>>>>
>>>>>> context routerek
>>>>>>  domain router30.pl
>>>>>> !
>>>>>>  no ip domain-lookup
>>>>>> !
>>>>>>  ip nat pool NAT_pool napt multibind
>>>>>>   address 178.214.27.1/32
>>>>>> !
>>>>>>  nat policy NAT_policy
>>>>>> ! Default class
>>>>>>   pool NAT_pool routerek
>>>>>>   timeout tcp 18000
>>>>>>   endpoint-independent filtering udp
>>>>>>   icmp-notification
>>>>>> !
>>>>>>  interface ge1 multibind
>>>>>>   ip address 192.168.30.1/24
>>>>>>   dhcp server interface
>>>>>> !
>>>>>>  interface wan
>>>>>>   ip address 178.214.0.23/27
>>>>>>  no logging console
>>>>>> !
>>>>>>  aaa authentication administrator local
>>>>>>  aaa authentication administrator maximum sessions 1
>>>>>>  aaa authentication subscriber radius
>>>>>> !
>>>>>>  radius server 178.214.0.27 encrypted-key *****
>>>>>> !
>>>>>>  ip route 0.0.0.0/0 178.214.0.1
>>>>>> !
>>>>>>  dhcp server policy
>>>>>>    nak-on-subnet-deletion
>>>>>>    option subnet-mask 255.255.255.0
>>>>>>    option domain-name-server 178.214.0.16 178.214.0.14
>>>>>>    option domain-name router30.pl
>>>>>>    offer-lease-time 300
>>>>>>    default-lease-time 43200
>>>>>>    maximum-lease-time 43200
>>>>>>    subnet 192.168.30.0/24
>>>>>>      option subnet-mask 255.255.255.0
>>>>>>      option router 192.168.30.1
>>>>>> !
>>>>>> !
>>>>>> !
>>>>>> ! ** End Context **
>>>>>>
>>>>>> Ports:
>>>>>>
>>>>>>
>>>>>> card ge2-10-port 2
>>>>>> !
>>>>>> port ethernet 2/1
>>>>>>  no shutdown
>>>>>>  bind interface ge1 routerek
>>>>>>  service clips dhcp maximum 10 context routerek
>>>>>> !
>>>>>> port ethernet 2/10
>>>>>>  no shutdown
>>>>>>  bind interface wan routerek
>>>>>> !
>>>>>> !
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>> It  looks  like  packets  are  not  forwarded for 178.214.27.1 however
>>>>>> 178.214.27.1/27 is routed to 178.214.0.23 from outside.
>>>>>>
>>>>>> Thanks!
>>>>>>
>>>>>> --
>>>>>> Best regards,
>>>>>>  Ozga Rafal                          mailto:golem at mtm-info.pl
>>>>>>
>>>>>>
>>>>>> _______________________________________________
>>>>>> redback-nsp mailing list
>>>>>> redback-nsp at puck.nether.net
>>>>>> https://puck.nether.net/mailman/listinfo/redback-nsp
>>>>
>>>>
>>>>
>>>> --
>>>> Best regards,
>>>> Ozga Rafal                          mailto:golem at mtm-info.pl
>>>>
>>>>
>>>> _______________________________________________
>>>> redback-nsp mailing list
>>>> redback-nsp at puck.nether.net
>>>> https://puck.nether.net/mailman/listinfo/redback-nsp
>>
>>
>>
>> --
>> Best regards,
>> Ozga Rafal                          mailto:golem at mtm-info.pl
>>
>>
>> _______________________________________________
>> redback-nsp mailing list
>> redback-nsp at puck.nether.net
>> https://puck.nether.net/mailman/listinfo/redback-nsp



-- 
Best regards,
Ozga Rafal                          mailto:golem at mtm-info.pl




More information about the redback-nsp mailing list