- September 2008 (5)
- October 2008 (2)
- November 2008 (4)
- December 2008 (3)
- January 2009 (3)
- February 2009 (2)
- March 2009 (5)
- April 2009 (9)
- May 2009 (3)
- June 2009 (9)
- July 2009 (2)
- October 2009 (2)
- November 2009 (1)
- December 2009 (8)
Port Forwarding with Vyatta VC5
I have been fiddling with Vyatta quite a bit recently in attempt to reduce our Cisco footprint in the datacenter. Their solution has been the best fit for our needs that I can find. One topic that the documentation didn't touch on much is that of "Port Forwarding" as most of us know it by.
Vyatta refers to this topic as DNAT, this requires that you have NAT enabled in your configuration.
To keep things clean and clear I will out line the exact commands that you would need to run at the CLI to forward RDP to a management box, expose Exchange 2007 (POP3,IMAP,OWA,Outlook Anywhere, and SMTP), and how to publish a webserver on port 80.
Enabling Basic NAT
set service nat rule 1 description WAN_Outbound_Interface set service nat rule 1 outbound-interface eth0 set service nat rule 1 source address 172.16.1.0/24 set service nat rule 1 type masquerade
Setting up Exchange Rules
set service nat rule 200 set service nat rule 200 description Exchange_SMTP set service nat rule 200 type destination set service nat rule 200 inbound-interface eth0 set service nat rule 200 destination port smtp set service nat rule 200 inside-address address 172.16.1.20 commit save
set service nat rule 210 set service nat rule 210 description Exchange_OWA_Outlook_Anywhere set service nat rule 210 type destination set service nat rule 210 inbound-interface eth0 set service nat rule 210 destination port https set service nat rule 210 inside-address address 172.16.1.20 commit save set service nat rule 220 set service nat rule 220 description Exchange_Secure_IMAP set service nat rule 220 type destination set service nat rule 220 inbound-interface eth0 set service nat rule 220 destination port 993 set service nat rule 220 inside-address address 172.16.1.20 commit save set service nat rule 230 set service nat rule 230 description Exchange_Secure_POP3 set service nat rule 230 type destination set service nat rule 230 inbound-interface eth0 set service nat rule 230 destination port 995 set service nat rule 230 inside-address address 172.16.1.20 commit save
That is all the ports that are needed for to forward all the ports to an Exchange 2007 Server, as you may have noticed I like to group my rules for organization sakes. Each server or web application I always keep things as together as possible.
Enabling Remote Desktop access to a management port
set service nat rule 300 set service nat rule 300 description Management_Box_RDP set service nat rule 300 type destination set service nat rule 300 inbound-interface eth0 set service nat rule 300 destination port 3389 set service nat rule 300 inside-address address 172.16.1.10 commit save
Exposing a Webserver over port 80
set service nat rule 400 set service nat rule 400 description Primary_WebServer set service nat rule 400 type destination set service nat rule 400 inbound-interface eth0 set service nat rule 400 destination port http set service nat rule 400 inside-address address 172.16.1.20 commit save
As you can see Vyatta is quite straight forward to work with once you get the hang of the workflow that it wants to be worked with.
