diff options
| author | Christian Breunig <christian@breunig.cc> | 2023-09-13 19:10:45 +0200 |
|---|---|---|
| committer | Christian Breunig <christian@breunig.cc> | 2023-09-13 19:11:17 +0200 |
| commit | 55b1909b030b931c9281334d747f8ef10d4e6216 (patch) | |
| tree | 67181dce21ce74da84e7f00d71f29af92be5809f | |
| parent | 93c8726ab93757300661c9b3d2331414eb6d8421 (diff) | |
| download | vyos-documentation-55b1909b030b931c9281334d747f8ef10d4e6216.tar.gz vyos-documentation-55b1909b030b931c9281334d747f8ef10d4e6216.zip | |
vrf: add NAT example
| -rw-r--r-- | docs/configuration/vrf/index.rst | 42 |
1 files changed, 39 insertions, 3 deletions
diff --git a/docs/configuration/vrf/index.rst b/docs/configuration/vrf/index.rst index a51aca52..dea53321 100644 --- a/docs/configuration/vrf/index.rst +++ b/docs/configuration/vrf/index.rst @@ -279,6 +279,42 @@ Configuration set vrf name red protocols static route 10.0.0.0/24 interface eth1 vrf 'default' set vrf name red table '2000' +VRF and NAT +----------- + +Configuration +^^^^^^^^^^^^^ + + .. code-block:: none + + set interfaces ethernet eth0 address '172.16.50.12/24' + set interfaces ethernet eth0 vrf 'red' + + set interfaces ethernet eth1 address '192.168.130.100/24' + set interfaces ethernet eth1 vrf 'blue' + + set nat destination rule 110 description 'NAT ssh- INSIDE' + set nat destination rule 110 destination port '2022' + set nat destination rule 110 inbound-interface 'eth0' + set nat destination rule 110 protocol 'tcp' + set nat destination rule 110 translation address '192.168.130.40' + + set nat source rule 100 outbound-interface 'eth0' + set nat source rule 100 protocol 'all' + set nat source rule 100 source address '192.168.130.0/24' + set nat source rule 100 translation address 'masquerade' + + set service ssh vrf 'red' + + set vrf bind-to-all + set vrf name blue protocols static route 0.0.0.0/0 next-hop 172.16.50.1 vrf 'red' + set vrf name blue protocols static route 172.16.50.0/24 interface eth0 vrf 'red' + set vrf name blue table '1010' + + set vrf name red protocols static route 0.0.0.0/0 next-hop 172.16.50.1 + set vrf name red protocols static route 192.168.130.0/24 interface eth1 vrf 'blue' + set vrf name red table '2020' + .. _vrf example operation: Operation @@ -427,9 +463,9 @@ address-family. .. cfgcmd:: set vrf name <name> protocols bgp address-family <ipv4-unicast|ipv6-unicast> label vpn allocation-mode per-nexthop - Select how labels are allocated in the given VRF. By default, the per-vrf - mode is selected, and one label is used for all prefixes from the VRF. The - per-nexthop will use a unique label for all prefixes that are reachable via + Select how labels are allocated in the given VRF. By default, the per-vrf + mode is selected, and one label is used for all prefixes from the VRF. The + per-nexthop will use a unique label for all prefixes that are reachable via the same nexthop. .. cfgcmd:: set vrf name <name> protocols bgp address-family |