Configure NAT

lab topology

      internet
         |
       deltaos
       /   \
     pc1    pc2

deltaos
    ge0: 10.11.1.2/24
    ge1: 10.0.1.1/24

pc1
    eth0: 10.0.1.41/24

pc2
    eth0: 10.0.1.42/24

lab configuration

running deltaos, see How to run deltaos

check current configuration

# show running-config

# DELTAOS CONFIG VERSION: 0

interface ge 0
  no ip address
  shutdown

interface ge 1
  no ip address
  shutdown

line console

line serial

line vty
  no login
  transport input none

end

configure the static ip

# conf t
(config)# int ge0
(config-if)# ip address 10.11.1.2 255.255.255.0
(config-if)# no shutdown
(config-if)# int ge1
(config-if)# ip address 10.0.1.1 255.255.255.0
(config-if)# no shutdown
(config-if)# end
#

configure default route

(config)# ip route 0.0.0.0 0.0.0.0 10.11.1.1

the deltaos now can go internet, let's check it

# ping 8.8.8.8
type ctrl-c to abort.
sending 5, 100-byte icmp echos to 8.8.8.8, timeout is 3s, interval is 1ms:
!!!!!
success rate is 100 percent (5/5), round-trip min/avg/max = 43.021/44.401/46.265 ms

configure snat

# conf t
(config)# ip access-list list1
(config-nacl)# 10 permit 10.0.1.0 0.0.0.255
(config-nacl)# exit
(config)# ip nat inside source list list1 interface ge0
(config)# int ge0
(config-if)# ip nat outside
(config-if)# int ge1
(config-if)# ip nat inside
(config-if)# end

pc1, pc2 now can go internet, let's check it

pc1

# ping 8.8.8.8 -c 4
PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.
64 bytes from 8.8.8.8: icmp_seq=1 ttl=110 time=42.9 ms
64 bytes from 8.8.8.8: icmp_seq=2 ttl=110 time=46.3 ms
64 bytes from 8.8.8.8: icmp_seq=3 ttl=110 time=41.9 ms
64 bytes from 8.8.8.8: icmp_seq=4 ttl=110 time=111 ms

--- 8.8.8.8 ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3004ms
rtt min/avg/max/mdev = 41.904/60.546/111.038/29.199 ms

pc2

# ping 9.9.9.9 -c 4
PING 9.9.9.9 (9.9.9.9) 56(84) bytes of data.
64 bytes from 9.9.9.9: icmp_seq=1 ttl=50 time=92.7 ms
64 bytes from 9.9.9.9: icmp_seq=2 ttl=50 time=94.2 ms
64 bytes from 9.9.9.9: icmp_seq=3 ttl=50 time=60.3 ms
64 bytes from 9.9.9.9: icmp_seq=4 ttl=50 time=62.10 ms

--- 9.9.9.9 ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3002ms
rtt min/avg/max/mdev = 60.284/77.544/94.203/15.954 ms

check nat translation on deltaos

# show ip nat translation
proto  inside global  inside local  outside global  outside local  expire time
    1  10.11.1.2:10  10.0.1.41:10  8.8.8.8:10  8.8.8.8:10  59
    1  10.11.1.2:4  10.0.1.42:4  9.9.9.9:4  9.9.9.9:4  59
total number of translations: 2

configure dnat

let's expose ssh port for pc1, pc2

(config)# ip nat inside source static tcp 10.0.1.41 22 10.11.1.2 10022
(config)# ip nat inside source static tcp 10.0.1.42 22 10.11.1.2 20022

test it, try log in from outside

$ ssh -p10022 10.11.1.2
root@10.11.1.2's password:
Activate the web console with: systemctl enable --now cockpit.socket

Last login: Thu May 23 19:50:39 2024 from 10.11.1.1
[root@pc1 ~]#

$ ssh -p20022 10.11.1.2
root@10.11.1.2's password:
Activate the web console with: systemctl enable --now cockpit.socket

Last login: Thu May 23 19:51:21 2024 from 10.11.1.1
[root@pc2 ~]#