I have inherited a NAT gateway that is implemented on an ubuntu server (through a combination of iptables & multiple interfaces on an ethernet port) and I’d like to move that off to our arista switch. I’ve always done NAT with a server and I’m not sure how to configure a router instead. I’m having some trouble understanding how to set up the PAT from the EOS manual, chapter 27.8.2
Let me start by describing my present set up, and then my understanding (or lack thereof) of how to do this with my arista switch.
The NAT gateway (PUB1.3) is an ubuntu server that translates all addresses in the PR1 and PR2 space to a single outgoing address PUB1.250. The gateways for PR1 and PR2 are PR1.250 and PR2.250 which route to PUB1.250. The NAT gateway sets all these *250 as multiple interfaces on its own interface so that these packets arrive here and get NAT’ed out.
Servers with private ip addresses have outbound connection only and to connect to them from the outside, it’s necessary to proxy through our NAT gateway.
Our primary uplink/connection to outside world is through a router at PUB1.1 (which I do *not* have access to). I have two network switches each connected to the building router (I am in the process of phasing the non-arista switch out) with addresses in the PR1 space and all of our servers are connected to one or the other switch and may have addresses in PUB1, PUB2, PR1, or PR2.
It appears that having multiple ip subnets on a single physical network is a little unusual but that’s what we have. All are on a single vlan, let’s call it vlan4. I’ve attached a rough topology of this below.
I have an Arista 7150S running EOS 4.13 which I would like to configure to do the NAT. Since this is a live switch with a couple hundred servers depending on it, I’m being conservative about setting things up and am trying to work it all out first. Reading through the EOS manual, it seems to me that I have a Dynamic NAT, Many to One (PAT) situation: PR1+PR2–>PUB1.250.
So to configure, it seems first I need to set up the Many list:
then I set up the Single pool
Then I setup the gateways that PR1, PR2 have (still in conf t context)
And then tie it all up together with
ip show ip nat pool
I also assume I would need to add routes
ip route 0.0.0.0/0 PUB1.1 (uplink addr)
Any tips, corrections, suggestions or questions welcomed! (I don’t know how/why I always wind up asking these questions on a friday afternoon, but…)
Post your Answer
You must be logged in to post an answer.