So you have Vyatta running and you want to publish your interal webserver to the internet. This is a simple article on how to forward internet requests to the external Vyatta interface to an internal server. Some call it Port Forwarding but Vyatta calls this DNAT. They have a few examples listed in the security documentation but I think the documentation is missing this example. You can easily use to open any other type of server to the internet you just need to change the destination port.
First, login to the Vyatta console and enter configuration mode, this is done by typing “configure” in the console.
Now lets create a rule to open the internal webserver to the internet.
Before we begin I need to let you know the assumptions that are made below. First, the extenal interface is eth1. Second, I'm forwarding HTTP. Third, the IP address is 192.168.1.10.
I also want to point out that I do not apply a outside-address as the Vyatta documentation shows. This is not needed unless you have multiple external IP address and want to have a one to one IP address mapping.
#set service nat rule 20 type destinationNow anyone on the internet should be able to access your internal web server.
#set service nat rule 20 inbound-interface eth1
#set service nat rule 20 protocol tcp
#set service nat rule 20 destination port http
#set service nat rule 20 inside-address address 192.168.1.10
If you want to publish HTTPS, simply use this above rule as a template and increment the rule by one and change “port http” to “port https”. This will forward both http and https ports to your internal web server.
If you don’t increment the rule by one, you will overwrite nat rule 10 instead of creating nat rule 11.