I’ve been dealing with technical issues over the past while getting my network address translations to work on the wonderful, virtual, kicking butt in the cloud, Vyatta router. Finally, it looks like this chapter is coming to a close.
Moving forward, as a choice for routing platform, Vyatta stands up to the test and lives up to its name. And with some tweaking, you’re able to build a high availability solution in the cloud at literally no cost (except for server fees). Architecture shot below;
So, the big question is,
Why was I not able to get something as simple as NAT to work?
The errors were in part due to the firewall not loading at boot up. This only came to light after trying multiple things, studying different scenarios and looking at the console being a last option. Lo and behold,
Starting Quagga…ripd…ripngd…ospfd…ospf6d…bgpd…done. Starting deferred execution scheduler: atd. Starting periodic command scheduler: crond. Mounting Vyatta Config…done. Starting Vyatta router: migrate rl-system Usage: modprobe [-v] [-V] [-C config-file] [-n] [-i] [-q] [-b] [-o <modname>] [ —dump-modversions ] <modname> [parameters…] modprobe -r [-n] [-i] [-v] <modulename> … modprobe -l -t <dirname> [ -a <modulename> …] firewallUsage: modprobe [-v] [-V] [-C config-file] [-n] [-i] [-q] [-b] [-o <modname>] [ —dump-modversions ] <modname> [parameters…]
Towards the bottom, you’ll find the error message that actually begins to point you in the right direction.
Usage: /sbin/modprobe [-v] [-V] [-C config-file] [-n] [-i] [-q] [-b] [-o <modname>] [ —dump-modversions ] <modname> [parameters…] /sbin/modprobe -r [-n] [-i] [-v] <modulename> … /sbin/modprobe -l -t <dirname> [ -a <modulename> …] iptables v22.214.171.124: can’t initialize iptables table `nat’: iptables who? (do you need to insmod?) Perhaps iptables or your kernel needs to be upgraded.
Robert over at Vyatta informed me that the error is due to the fact that the kernel which comes with Vyatta cannot be used, and that all server instances must use the kernel supplied by Amazon. The workaround, for now, is to issue the command
sudo /opt/vyatta/sbin/firewall start
This got the ball rolling and the NATs were working fine.