We are migrating our Internet Gateway from Cisco to a VyOS router.
Our ISP gives us a /29 network on VLAN 2715 from their router (A.B.C.114/29 where A.B.C.113 is their router and the gateway for our traffic).
We have a Layer 3 switch which does the Inter-VLAN routing and it has IP 172.16.255.255 for the traffic to the gateway. The traffic is tagged in VLAN 255.
When trying to commit the NAT settings, we get warnings showing all of the IP addresses is not configured on the router except the one. That IP is the one specified in interfaces eth1 vif 2715 address (A.B.C.114, even though the it is the whole A.B.C.114/29 subnet - currently only the Dynamic NAT (source rule 100) is working) which is strange.
We should make 1-to-1 NAT for several servers (in the example configuration - A.B.C.117 to 172.16.10.10)
Note: Sometimes the NAT starts working for several minutes and then stops again.
The router configuration is the following (sensitive information removed; left out only one NAT rule of the incorrectly working):
interfaces {
ethernet eth0 {
description Inside
duplex auto
smp_affinity auto
speed auto
vif 255 {
address 172.16.255.254/31
}
}
ethernet eth1 {
description Outside
duplex auto
smp_affinity auto
speed auto
vif 2715 {
address A.B.C.114/29
}
}
loopback lo {
}
}
nat {
destination {
rule 20 {
destination {
address A.B.C.117
}
inbound-interface eth1.2715
translation {
address 172.16.10.10
}
}
}
source {
rule 20 {
outbound-interface eth1.2715
source {
address 172.16.10.10
}
translation {
address A.B.C.117
}
}
rule 100 {
description Dynamic
destination {
}
outbound-interface eth1.2715
source {
address 172.16.0.0/12
}
translation {
address A.B.C.114
}
}
}
}
protocols {
static {
route 0.0.0.0/0 {
next-hop A.B.C.113 {
distance 1
}
}
route 172.16.0.0/12 {
next-hop 172.16.255.255 {
distance 1
}
}
}
}
