Chose default GW based on SrcAddr after SRC NAT

We have a WISP network fronted by a CCR1036 that has two upstream connections - a 1 Gbps Ethernet link that was until recently our only upstream, and a 10 Gbps link that will be our only link once a transition is complete. We serve a mix of business customers who get public IP addresses and residential customers on one-to-many NAT using 100.64.0.0/10 addresses. The NAT function is performed on the CCR1036. For the transition, we need to migrate customers from addresses in two existing /25 address blocks (delivered over the 1 Gbps link) to addresses in a new /24 address block (delivered over the 10 Gbps link).

At first I thought we could use mangle to mark packets based on their source address and then add a second default route for that routing mark. Then I noticed that SRC-NAT happens near the end of the packet flow, long after mangle. Presumably I can work around this by creating a new set of NAT rules (mapping to addresses in the new block) and a mangle rule to mark 100.64.0.0/10 packets for the new route.

But before I go down that path, I thought I’d ask if there are other, potentially better approaches. ??

You can put mangle rules at different points in the packet flow, so it should be possible to solve it using
some well placed mark and src-nat rules.

Thanks Pe1chl, but as I read the packet flow diagrams, SRC-NAT is done in PostRouting and after Mangle Postrouting. There doesn’t appear to be any way to do SRC-NAT and then do routing. Am I missing something?

You can do marking in prerouting and then the routing based on those routing marks. The NAT will be done after that.

But that means marking based on pre-NAT source address.
It’s the public IP address range that determines which default gateway to use, so marking based on pre-NAT source addresses was what I was trying to avoid.