I have looked around, and cannot find exactly what I am looking for that matches my issue. I have a CCR2116 with a dual WAN setup and OSPF routing. We also have public IP’s that need to route out a specific WAN, but be accessible. So here’s the basis of the setup;
WAN 1 —> distance 1 —> route table main
WAN 2 ----> distance 2 ----> route table main
WAN 2 ----> distance 1 ----> route table Public
lets say ip 5.5.5.5 is WAN 1. This is just basic, WAN in, OSPF out to network.
10.10.10.10 will represent public IP space that needs to go out WAN 2
routing rule —> 10.10.10.10 ----> WAN 2 (Mangle rules weren’t working for me, specified IP still went out via WAN 1)
10.10.10.10 currently goes out WAN 2. All proceeds out correct route. Public IP can be pinged, and accessed from wherever externally just fine.
My issue is, WAN2 cannot be pinged, accessed etc from inside the network. I need an IPTV server to be accessible locally for customers going across the OSPF network, but this server pushes traffic out WAN2, so therefore the local clients cannot talk to this server. Firewall rules are non-existent. This have been removed, and no change. NAT rules are basic. Masquerade src-nat for public IP’s, and accept src-nat of IP range. I feel like my issue is having OSPF talk to this network, and making it push out a separate routing table. Any help would be great. Just let me know what command to post for config if needed.
Unfortunately there apparently may be issues with the min-prefix=0 when things change.
(Otherwise you might need to give a bunch of rules for all the local subnets)
This phrase makes no sense to me. 10.10.10.10 will represent public IP space that needs to go out WAN 2
First 10.10.10 is a private IP address range ???
Second your seconding a public iP space out a public IP???
Asking for a solution without a full plan and set of requirements is frankly a waste of our time.
Come up with a plan
a. draw a network diagram showing equipment, internet connection, subnets envisaged
b. identify all the user(s)/device(s) ( external, internal, and admin)
c. identify all the traffic they need.
d. identify the WANs, how many, public private , static dynamic
e. detail use of the wans, load balance, primary/backup, any vpns, any port forwarding, any exceptions or special needs by users.
f. attempt the config.
g. come here for help when required
/export file=anynameyouwish (minus router serial number, any public WANIP information, vpn keys )
I was using 10.x.x.x just as an example to simulate my needs. Anyways, this has been sorted. Mangle rules now work. Used a mark routing —> prerouting rule, with the source IP to push out the second routing table, which did kind of work prior, but in order to retain local access to these devices, under action had to set dst. address type as ! local. Public IP’s now route out secondary WAN interface, but anything local in the network can route direct rather than going out to internet, then back in.