vyosのUターンNATではまったのでシェア
構成
internet gw --- eth0(outside) vyos eth1(inside) --- servers...問題点
上記構成でinside server がGIP経由で内部のserverにアクセスするとき、
UターンNAT設定がないと通信がほげる。解決策
vyosにUターンNATの設定を追加destinationNAT
set nat destination rule 998 description 'Hair-pin NAT from Inside'
set nat destination rule 998 destination address '1.1.1.10'
set nat destination rule 998 inbound-interface 'eth1'
set nat destination rule 998 translation address '192.168.1.10'
- source-NAT
set nat source rule 998 description 'Hair-pin NAT to Inside'
set nat source rule 998 destination address '192.168.1.0/24'
set nat source rule 998 outbound-interface 'eth1'
set nat source rule 998 source address '192.168.1.0/24'
set nat source rule 998 translation address 'masquerade'