Recent Searches

No recent searches

    Popular Articles

      Articles
      View all
        Topics
        View all
          Tickets
          View all
            no results

            Sorry! nothing found for

            Basic 1-to-1 NAT Example using proxy-arp

            Created by Yuriy Andamasov, Modified on Fri, 12 Jan at 6:26 PM by Srividya Anantapatnaikuni

            Article review date
            		2024-01-12
            Validated for VyOS versions
            		1.2.5, 1.3.5

            Introduction:

            In this example, both source and destination NAT are used to NAT all traffic from an external IP address to an internal IP address and vice-versa. If there is a condition where no specific routing needs to take place between the external and internal network, and to allow the hosts to transparently communicate with each other, we need to use proxy-arp in the router.  It gives its own MAC address in response to ARP requests  to reach the destination. All that is necessary is that the networks be reachable from the gateway.


            Untitled-Diagram-2.png


            Configuration:

            Gateway Router:

            set interfaces ethernet eth0 address '2.2.2.1/24'

            set interfaces ethernet eth1 vif 902 address '10.7.255.1/24'


            Vyos Firewall Router:

            set interfaces ethernet eth0 vif 102 address '172.16.2.24/24'

            set interfaces ethernet eth1 vif 902 address '10.7.255.253/24'

            set interfaces ethernet eth1 vif 902 ip proxy-arp-pvlan

            set nat destination rule 100 destination address '10.7.255.129'

            set nat destination rule 100 inbound-interface 'eth1.902'

            set nat destination rule 100 translation address '172.16.2.8'

            set nat source rule 110 outbound-interface 'eth1.902'

            set nat source rule 110 source address '172.16.2.8'

            set nat source rule 110 translation address '10.7.255.129'

            set protocols static route 0.0.0.0/0 next-hop 10.7.255.1


            Output:

            Ping from the server:

            server:~$ ping 2.2.2.2

            PING 2.2.2.2 (2.2.2.2) 56(84) bytes of data.

            64 bytes from 2.2.2.2: icmp_seq=1 ttl=62 time=3.11 ms

            64 bytes from 2.2.2.2: icmp_seq=2 ttl=62 time=5.72 ms

            64 bytes from 2.2.2.2: icmp_seq=3 ttl=62 time=6.65 ms

            64 bytes from 2.2.2.2: icmp_seq=4 ttl=62 time=6.04 ms


            tcpdump from the gateway router:

            13:13:15.149367 IP 2.2.2.2 > 10.7.255.129: ICMP echo reply, id 1669, seq 1, length 64

            13:13:16.149086 IP 10.7.255.129 > 2.2.2.2: ICMP echo request, id 1669, seq 2, length 64

            13:13:16.153248 IP 2.2.2.2 > 10.7.255.129: ICMP echo reply, id 1669, seq 2, length 64

            13:13:17.150988 IP 10.7.255.129 > 2.2.2.2: ICMP echo request, id 1669, seq 3, length 64


            Was this article helpful?

            That’s Great!

            Thank you for your feedback

            Sorry! We couldn't be helpful

            Thank you for your feedback

            Let us know how can we improve this article!

            Select at least one of the reasons
            CAPTCHA verification is required.

            Feedback sent

            We appreciate your effort and will try to fix the article

            Preview
            0 of 0