Basic 1-to-1 NAT Example using proxy-arp

Created by Yuriy Andamasov, Modified on Fri, 12 Jan 2024 at 06:26 PM by Srividya Anantapatnaikuni

Article review date
2024-01-12
Validated for VyOS versions
1.2.5, 1.3.5

Introduction:

In this example, both source and destination NAT are used to NAT all traffic from an external IP address to an internal IP address and vice-versa. If there is a condition where no specific routing needs to take place between the external and internal network, and to allow the hosts to transparently communicate with each other, we need to use proxy-arp in the router.  It gives its own MAC address in response to ARP requests  to reach the destination. All that is necessary is that the networks be reachable from the gateway.


Untitled-Diagram-2.png


Configuration:

Gateway Router:

set interfaces ethernet eth0 address '2.2.2.1/24'

set interfaces ethernet eth1 vif 902 address '10.7.255.1/24'


Vyos Firewall Router:

set interfaces ethernet eth0 vif 102 address '172.16.2.24/24'

set interfaces ethernet eth1 vif 902 address '10.7.255.253/24'

set interfaces ethernet eth1 vif 902 ip proxy-arp-pvlan

set nat destination rule 100 destination address '10.7.255.129'

set nat destination rule 100 inbound-interface 'eth1.902'

set nat destination rule 100 translation address '172.16.2.8'

set nat source rule 110 outbound-interface 'eth1.902'

set nat source rule 110 source address '172.16.2.8'

set nat source rule 110 translation address '10.7.255.129'

set protocols static route 0.0.0.0/0 next-hop 10.7.255.1


Output:

Ping from the server:

server:~$ ping 2.2.2.2

PING 2.2.2.2 (2.2.2.2) 56(84) bytes of data.

64 bytes from 2.2.2.2: icmp_seq=1 ttl=62 time=3.11 ms

64 bytes from 2.2.2.2: icmp_seq=2 ttl=62 time=5.72 ms

64 bytes from 2.2.2.2: icmp_seq=3 ttl=62 time=6.65 ms

64 bytes from 2.2.2.2: icmp_seq=4 ttl=62 time=6.04 ms


tcpdump from the gateway router:

13:13:15.149367 IP 2.2.2.2 > 10.7.255.129: ICMP echo reply, id 1669, seq 1, length 64

13:13:16.149086 IP 10.7.255.129 > 2.2.2.2: ICMP echo request, id 1669, seq 2, length 64

13:13:16.153248 IP 2.2.2.2 > 10.7.255.129: ICMP echo reply, id 1669, seq 2, length 64

13:13:17.150988 IP 10.7.255.129 > 2.2.2.2: ICMP echo request, id 1669, seq 3, length 64


Was this article helpful?

That’s Great!

Thank you for your feedback

Sorry! We couldn't be helpful

Thank you for your feedback

Let us know how can we improve this article!

Select atleast one of the reasons
CAPTCHA verification is required.

Feedback sent

We appreciate your effort and will try to fix the article