Tip

This is the documentation for the 23.11 version. Looking for the documentation of the latest version? Have a look here.

Static LAN + WAN with NAT (Basic SOHO Router Including DHCP and DNS Resolver)

Use Case

A typical use case for TNSR is a device that sits between a local area network (LAN) in an office or home and a wide area network (WAN) such as the Internet.

At a minimum, such a TNSR instance routes traffic between the LAN and the WAN. In many cases, it provides additional services that are useful for a LAN, including:

  • DHCP to provide hosts in the LAN with IP addresses.

  • DNS to respond to name resolution queries from hosts in the LAN

  • NAT (Network Address Translation), to map one public IPv4 address to internal (private) IP addresses assigned to hosts on the LAN.

See also

This document covers a basic configuration with static addressing. See Zero-to-Ping: Getting Started for a similar scenario with a dynamic (DHCP) WAN.

Example Scenario

This example configures TNSR with basic the basic functions mentioned earlier: DHCP, DNS, and NAT

Item

Value

Local PC

DHCP: 172.16.1.100/24

TNSR Local Interface

GigabitEthernet0/14/2

TNSR Local Address

172.16.1.1/24

TNSR Internet Interface

GigabitEthernet0/14/1

TNSR Internet Address

203.0.113.2/24

Remote DNS

8.8.8.8, 8.8.4.4

../../_images/diagram-basic-soho-router.png

Basic SOHO Router Example

TNSR Configuration

Basic Connectivity

First, there is the basic interface configuration of TNSR to handle IP connectivity:

tnsr(config)# interface GigabitEthernet0/14/2
tnsr(config-interface)# ip address 172.16.1.1/24
tnsr(config-interface)# description Local
tnsr(config-interface)# enable
tnsr(config-interface)# exit
tnsr(config)# interface GigabitEthernet0/14/1
tnsr(config-interface)# ip address 203.0.113.2/24
tnsr(config-interface)# description Internet
tnsr(config-interface)# enable
tnsr(config-interface)# exit

DHCP

Next, configure the DHCP server and DHCP pool on TNSR:

tnsr(config)# dhcp4 server
tnsr(config-kea-dhcp4)# description LAN DHCP Server
tnsr(config-kea-dhcp4)# interface listen GigabitEthernet0/14/2
tnsr(config-kea-dhcp4)# lease lfc-interval 3600
tnsr(config-kea-dhcp4)# option domain-name
tnsr(config-kea-dhcp4-opt)# data example.com
tnsr(config-kea-dhcp4-opt)# exit
tnsr(config-kea-dhcp4)# subnet 172.16.1.0/24
tnsr(config-kea-subnet4)# pool 172.16.1.100-172.16.1.245
tnsr(config-kea-subnet4-pool)# exit
tnsr(config-kea-subnet4)# interface GigabitEthernet0/14/2
tnsr(config-kea-subnet4)# option domain-name-servers
tnsr(config-kea-subnet4-opt)# data 172.16.1.1
tnsr(config-kea-subnet4-opt)# exit
tnsr(config-kea-subnet4)# option routers
tnsr(config-kea-subnet4-opt)# data 172.16.1.1
tnsr(config-kea-subnet4-opt)# exit
tnsr(config-kea-dhcp4)# exit
tnsr(config)# dhcp4 enable

The above example configures example.com as the domain name supplied to all clients. For the specific subnet in the example, the TNSR IP address inside the subnet is supplied by DHCP as the default gateway for clients, and DHCP will instruct clients to use the DNS Resolver daemon on TNSR at 172.16.1.1 for DNS.

Outbound NAT

Now configure Outbound NAT:

tnsr(config)# nat global-options nat44 forwarding true
tnsr(config)# nat global-options nat44 endpoint-dependent true
tnsr(config)# nat global-options nat44 enabled true
tnsr(config)# nat pool addresses 203.0.113.2
tnsr(config)# interface GigabitEthernet0/14/1
tnsr(config-interface)# ip nat outside
tnsr(config-interface)# exit
tnsr(config)# interface GigabitEthernet0/14/2
tnsr(config-interface)# ip nat inside
tnsr(config-interface)# exit
tnsr(config)#

DNS Resolver

Finally, configure a DNS Resolver in forwarding mode:

tnsr# configure
tnsr(config)# unbound server
tnsr(config-unbound)# interface 127.0.0.1
tnsr(config-unbound)# interface 172.16.1.1
tnsr(config-unbound)# outgoing-interface 203.0.113.2
tnsr(config-unbound)# access-control 172.16.1.0/24 allow
tnsr(config-unbound)# forward-zone .
tnsr(config-unbound-fwd-zone)# nameserver address 8.8.8.8
tnsr(config-unbound-fwd-zone)# nameserver address 8.8.4.4
tnsr(config-unbound-fwd-zone)# exit
tnsr(config-unbound)# exit
tnsr(config)# unbound enable

This example enables the Unbound DNS service and configures it to listen on localhost as well as 172.16.1.1 (GigabitEthernet0/14/2, labeled LAN in the example). It uses 203.0.113.2, which is the example WAN interface address, for outgoing queries. The example also allows clients inside that subnet, 172.16.1.0/24, to perform DNS queries and receive responses. It will send all DNS queries to the upstream DNS servers 8.8.8.8 and 8.8.4.4.

Local PC Configuration

No configuration is necessary on the Local PC, it will pull all its required settings from DHCP.