Tip
This is the documentation for the 22.10 version. Looking for the documentation of the latest version? Have a look here.
LAN + WAN with NAT (Basic SOHO Router Including DHCP and DNS Resolver)¶
Use Case¶
A typical use case for TNSR is a device that sits between a local area network (LAN) in an office or home and a wide area network (WAN) such as the Internet.
At a minimum, such a TNSR instance routes traffic between the LAN and the WAN. In many cases, it provides additional services that are useful for a LAN, including:
DHCP to provide hosts in the LAN with IP addresses.
DNS to respond to name resolution queries from hosts in the LAN
NAT (Network Address Translation), to map one public IPv4 address to internal (private) IP addresses assigned to hosts on the LAN.
Example Scenario¶
This example configures TNSR with basic the basic functions mentioned earlier: DHCP, DNS, and NAT
Item |
Value |
---|---|
Local PC |
DHCP: 172.16.1.100/24 |
TNSR Local Interface |
GigabitEthernet0/14/2 |
TNSR Local Address |
172.16.1.1/24 |
TNSR Internet Interface |
GigabitEthernet0/14/1 |
TNSR Internet Address |
203.0.113.2/24 |
Remote DNS |
8.8.8.8, 8.8.4.4 |
TNSR Configuration¶
Basic Connectivity¶
First, there is the basic interface configuration of TNSR to handle IP connectivity:
tnsr(config)# interface GigabitEthernet0/14/2
tnsr(config-interface)# ip address 172.16.1.1/24
tnsr(config-interface)# description Local
tnsr(config-interface)# enable
tnsr(config-interface)# exit
tnsr(config)# interface GigabitEthernet0/14/1
tnsr(config-interface)# ip address 203.0.113.2/24
tnsr(config-interface)# description Internet
tnsr(config-interface)# enable
tnsr(config-interface)# exit
DHCP¶
Next, configure the DHCP server and DHCP pool on TNSR:
tnsr(config)# dhcp4 server
tnsr(config-kea-dhcp4)# description LAN DHCP Server
tnsr(config-kea-dhcp4)# interface listen GigabitEthernet0/14/2
tnsr(config-kea-dhcp4)# lease lfc-interval 3600
tnsr(config-kea-dhcp4)# option domain-name
tnsr(config-kea-dhcp4-opt)# data example.com
tnsr(config-kea-dhcp4-opt)# exit
tnsr(config-kea-dhcp4)# subnet 172.16.1.0/24
tnsr(config-kea-subnet4)# pool 172.16.1.100-172.16.1.245
tnsr(config-kea-subnet4-pool)# exit
tnsr(config-kea-subnet4)# interface GigabitEthernet0/14/2
tnsr(config-kea-subnet4)# option domain-name-servers
tnsr(config-kea-subnet4-opt)# data 172.16.1.1
tnsr(config-kea-subnet4-opt)# exit
tnsr(config-kea-subnet4)# option routers
tnsr(config-kea-subnet4-opt)# data 172.16.1.1
tnsr(config-kea-subnet4-opt)# exit
tnsr(config-kea-dhcp4)# exit
tnsr(config)# dhcp4 enable
The above example configures example.com
as the domain name supplied to all
clients. For the specific subnet in the example, the TNSR IP address inside the
subnet is supplied by DHCP as the default gateway for clients, and DHCP will
instruct clients to use the DNS Resolver daemon on TNSR at 172.16.1.1
for
DNS.
Outbound NAT¶
Now configure Outbound NAT:
tnsr(config)# nat global-options nat44 forwarding true
tnsr(config)# nat global-options nat44 endpoint-dependent true
tnsr(config)# nat global-options nat44 enabled true
tnsr(config)# nat pool addresses 203.0.113.2
tnsr(config)# interface GigabitEthernet0/14/1
tnsr(config-interface)# ip nat outside
tnsr(config-interface)# exit
tnsr(config)# interface GigabitEthernet0/14/2
tnsr(config-interface)# ip nat inside
tnsr(config-interface)# exit
tnsr(config)#
DNS Resolver¶
Finally, configure a DNS Resolver in forwarding mode:
tnsr# configure
tnsr(config)# unbound server
tnsr(config-unbound)# interface 127.0.0.1
tnsr(config-unbound)# interface 172.16.1.1
tnsr(config-unbound)# outgoing-interface 203.0.113.2
tnsr(config-unbound)# access-control 172.16.1.0/24 allow
tnsr(config-unbound)# forward-zone .
tnsr(config-unbound-fwd-zone)# nameserver address 8.8.8.8
tnsr(config-unbound-fwd-zone)# nameserver address 8.8.4.4
tnsr(config-unbound-fwd-zone)# exit
tnsr(config-unbound)# exit
tnsr(config)# unbound enable
This example enables the Unbound DNS service and configures it to listen on
localhost as well as 172.16.1.1
(GigabitEthernet0/14/2
, labeled LAN in
the example). It uses 203.0.113.2
, which is the example WAN interface
address, for outgoing queries. The example also allows clients inside that
subnet, 172.16.1.0/24
, to perform DNS queries and receive responses. It will
send all DNS queries to the upstream DNS servers 8.8.8.8
and 8.8.4.4
.
Local PC Configuration¶
No configuration is necessary on the Local PC, it will pull all its required settings from DHCP.