Skip to main content

Port Forwarding with Vyatta VC5

Recent blog posts

more

Submitted by Eric Fouarge on Sun, 05/17/2009 - 09:24

I have been fiddling with Vyatta quite a bit recently in attempt to reduce our Cisco footprint in the datacenter.  Their solution has been the best fit for our needs that I can find.  One topic that the documentation didn't touch on much is that of "Port Forwarding" as most of us know it by.

Vyatta refers to this topic as DNAT, this requires that you have NAT enabled in your configuration.

To keep things clean and clear I will out line the exact commands that you would need to run at the CLI to forward RDP to a management box, expose Exchange 2007 (POP3,IMAP,OWA,Outlook Anywhere, and SMTP), and how to publish a webserver on port 80.

Enabling Basic NAT

set service nat rule 1 description WAN_Outbound_Interface
set service nat rule 1 outbound-interface eth0
set service nat rule 1 source address 172.16.1.0/24
set service nat rule 1 type masquerade

Setting up Exchange Rules

set service nat rule 200
set service nat rule 200 description Exchange_SMTP
set service nat rule 200 type destination
set service nat rule 200 inbound-interface eth0
set service nat rule 200 destination port smtp
set service nat rule 200 inside-address address 172.16.1.20
commit
save


set service nat rule 210
set service nat rule 210 description Exchange_OWA_Outlook_Anywhere
set service nat rule 210 type destination
set service nat rule 210 inbound-interface eth0
set service nat rule 210 destination port https
set service nat rule 210 inside-address address 172.16.1.20
commit
save

set service nat rule 220
set service nat rule 220 description Exchange_Secure_IMAP
set service nat rule 220 type destination
set service nat rule 220 inbound-interface eth0
set service nat rule 220 destination port 993
set service nat rule 220 inside-address address 172.16.1.20
commit
save

set service nat rule 230
set service nat rule 230 description Exchange_Secure_POP3
set service nat rule 230 type destination
set service nat rule 230 inbound-interface eth0
set service nat rule 230 destination port 995
set service nat rule 230 inside-address address 172.16.1.20
commit
save

That is all the ports that are needed for to forward all the ports to an Exchange 2007 Server, as you may have noticed I like to group my rules for organization sakes.  Each server or web application I always keep things as together as possible.

Enabling Remote Desktop access to a management port

set service nat rule 300
set service nat rule 300 description Management_Box_RDP
set service nat rule 300 type destination
set service nat rule 300 inbound-interface eth0
set service nat rule 300 destination port 3389
set service nat rule 300 inside-address address 172.16.1.10
commit
save

Exposing a Webserver over port 80

set service nat rule 400
set service nat rule 400 description Primary_WebServer
set service nat rule 400 type destination
set service nat rule 400 inbound-interface eth0
set service nat rule 400 destination port http
set service nat rule 400 inside-address address 172.16.1.20
commit
save

As you can see Vyatta is quite straight forward to work with once you get the hang of the workflow that it wants to be worked with.

Drupal theme by Adaptivethemes - Design by Kodamera