Hi Ashwini,
I am sorry I wasn't able to respond earlier.
Basically you have multiple issues here. You are not configuring NAT
outside address as suggested by yangbin. Though you can ignore the default
route comment you don't need to worry about this to make the example work.
Also output-feature (post routing) vs in and out (similar to prerouting)
configuration commes basically down to the use case you have. Usually if
you have just one wan interface and you want to nat all the packets from
all of the other interfaces going outside of the wan interface but you
don't want any other communication internally (between local lan interface)
to be nated then you can stick with output-feature. Post and Pre routing as
mentioned before are just features of NAT that decide at what stage of
packet processing translation occurs.
What you have to do to make the setup work is pretty simple.
1) setup basic nat configuration - aka dynamic nat enabled
nat44 enable
set interface nat44 in lan
set interface nat44 out wan1
set interface nat44 out wan2
nat44 add interface address wan1
nat44 add interface address wan2
or:
nat44 enable
set interface nat44 out wan1 output-feature
set interface nat44 out wan2 output-feature
nat44 add interface address wan1
nat44 add interface address wan2
2) configure static mapping
nat44 add static mapping local 192.168.1.20 external <wan1 ip address>
or
nat44 add static mapping local 192.168.1.20 external <wan2 ip address>
NOTES:
- this is an address only type of static mapping. I would rather suggest
configuring port mapping.
- using tcp in address only mapping has no use.
nat44 add static mapping tcp local 192.168.1.20 <iperf3 port> external
<wan1 ip address> <iperf3 port>
or
nat44 add static mapping tcp local 192.168.1.20 <iperf3 port> external
<wan2 ip address> <iperf3 port>
- nat44 ed requires nat44 pool address to be configured to use static
mapping
- you can configure nat44 pool address simply by running the command "nat44
add interface address wan1" or manually specifying the address "nat44 add
address 4.4.4.4"
This to work several conditions must be met:
a) vpp interface needs to be configured with ip address (for example
4.4.4.4)
b) nat44 outside interface has to be configured on the vpp interface with
4.4.4.4 address
c) nat44 ed plugin needs to have pool address (the same as the interface
4.4.4.4)
Example [0]:
set interface state lan up
set interface state wan1 up
set interface state wan2 up
set interface ip address lan 192.168.1.1/24
set interface ip address wan1 10.0.1.1/24
set interface ip address wan2 10.0.2.1/24
nat44 enable
set interface nat44 in lan
set interface nat44 out wan1
set interface nat44 out wan2
nat44 add address 10.0.1.1
nat44 add address 10.0.2.1
nat44 add static mapping tcp local 192.168.1.20 5001 external 10.0.1.1 5001
Because of NAT limitations we can't have multiple static mapping records
that share the same host and port.
Suggestion:
1) if you don't have a specific need to change the default session
timeouts I would suggest against it
2) if you don't know or need the forwarding feature don't use it.
- with the forwarding feature on your dynamic translations won't work.
- it is a special feature used in very rare situations
P.S.:
I would suggest using example[0] as the base of your configuration.
Obviously with updated IP addresses.
Hope I was able to help. Sorry again for the delay.
Best regards,
Filip Varga
st 21. 9. 2022 o 19:44 yangbin_1638136...@qq.com <zodiacy...@gmail.com>
napĂsal(a):
> There are 2 types of NAT implementation.
> when you use "in" and "out" at same time. it's PRE-ROUTING NAT
> when you use "out" with "output-feature" keyword . it's POST-ROUTING NAT.
>
> no matter what type of NAT you choose to use, there are 2 import thing
> you need to do,
> first,enable nat
> second,make sure you have a right NAT address pool.(nat44 add interface
> address {wan1} )
>
>
>
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#21913): https://lists.fd.io/g/vpp-dev/message/21913
Mute This Topic: https://lists.fd.io/mt/92906473/21656
Group Owner: vpp-dev+ow...@lists.fd.io
Unsubscribe: https://lists.fd.io/g/vpp-dev/leave/1480452/21656/631435203/xyzzy
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
