Im sorry im forget to add vpp version and host system.vpp 17.04 and vpp master
17.07, CentOS 7.3 x86_64
--
Yours sincerely,
Denis Lotarev
----- Forwarded Message -----From: Denis Lotarev <dlota...@yahoo.com>To:
"vpp-dev@lists.fd.io" <vpp-dev@lists.fd.io>Sent: Tuesday, May 30, 2017, 5:00:49
PM GMT+5Subject: SNAT problem between users
Hi!
We are testing VPP SNAT plugin, simple SNAT working wheel, but:
In this example:
Client A cannot ping and connect to client B by IP address 2.2.2.3. Client A
can access to internet.
Client B cannot ping and connect to client A by IP address 2.2.2.2. Client B
can access to internet.
Another clients from subnet 1.1.2.0/24 cannot connect to client A and client B
by IP addresses 2.2.2.2 and 2.2.2.3 respectively. Another clients can access to
internet.
My VPP configuration is:
set int state GigabitEthernet2/0/1 up (internet interface)
set int state GigabitEthernet2/0/0 up (local interface)
set int ip address GigabitEthernet2/0/1 2.2.2.100/24 (internet address)
set int ip address GigabitEthernet2/0/0 1.1.2.1/24 (local address)
ip route add 0.0.0.0/0 via 2.2.2.1 GigabitEthernet2/0/1 (default route to upper
gateway)
set int snat in GigabitEthernet2/0/0 out GigabitEthernet2/0/1 (configure snat
on local interface (in) and ineternet interface (out))
snat add static mapping local 1.1.2.22 external 2.2.2.2 (static mapping client
A)
snat add static mapping local 1.1.2.33 external 2.2.2.3 (static mapping client
B)
snat add address 2.2.2.10 (for SNAT another clients, without static mapping)
But the same configuration on Linux iptables working wheel and clients between
mapping and SNAT could connect to to each other as usual.
In this example:
Client A can ping and connect to client B by IP address 2.2.2.3. Client A can
access to internet.
Client B can ping and connect to client A by IP address 2.2.2.2. Client B can
access to internet.
Another clients from subnet 1.1.2.0/24 can connect to client A and client B by
IP addresses 2.2.2.2 and 2.2.2.3 respectively. Another clients can access to
internet.
My iptables configuration is (ip forwarding turned on):
*filter
:INPUT ACCEPT
:OUTPUT ACCEPT
:FORWARD ACCEPT
COMMIT
*nat
:POSTROUTING ACCEPT
-A POSTROUTING -s 1.1.2.22/32 -o eno2 -j NETMAP --to 2.2.2.2/32 (static mapping
client A)
-A POSTROUTING -s 1.1.2.33/32 -o eno2 -j NETMAP --to 2.2.2.3/32 (static mapping
client B)
-A POSTROUTING -s 1.1.2.0/24 -o eno2 -j SNAT --to source 2.2.2.10 (for SNAT
another clients, without static mapping)
:PREROUTING ACCEPT
-A PREROUTING -s 2.2.2.2/32 -i eno2 -j NETMAP --to 1.1.2.22/32 (static mapping
client A)
-A PREROUTING -s 2.2.2.3/32 -i eno2 -j NETMAP --to 1.1.2.33/32 (static mapping
client B)
COMMIT
ip link set dev eno1 up; (local interface)
ip link set dev eno2 up; (internet interface)
ip addr add dev eno1 1.1.2.1/24; (local address)
ip addr add dev eno2 2.2.2.100/24 (internet address, we are route to this
address subnet 2.2.2.0/24 from upper gateway with IP address 2.2.2.1)
ip route add default via 2.2.2.1 (default route to upper gateway)
--
Yours sincerely,
Denis Lotarev
_______________________________________________
vpp-dev mailing list
vpp-dev@lists.fd.io
https://lists.fd.io/mailman/listinfo/vpp-dev
