Not sure if this is a beginner level topic or not.
I’ve got a /29 (1.1.1.200/29) routed in on a /30 (30.30.30.72/30), and a /22 rfc 1918 block behind it all (172.16.0.0/22)
They route 1.1.1.200/29 through to the .74, they own the other end of that wire, and that device is .73
I’m trying to use a single RV2011UiAS-RM (current version v6.1) for this:
I’ve set eth9 to be 30.30.30.74/30 (my provider has 30.30.30.73/30 on the other end of that wire).
I’ve got eth1-5 bundled into bridge-internal, and have it set with 172.16.0.1/22
I’ve got eth6-8 bundled into bridge-routed, and have it set with 1.1.1.201
/ip route add gateway=30.30.30.73
Egress traffic to the outside world should come from 1.1.1.200/29 network (which specific IP in the block is immaterial)
- There are NO routing protocols in use. -
I’ve tried the following NATs, the test device was at 172.16.0.23.
/ip firewall nat add chain=srcnat action=src-nat to-addresses=1.1.1.201 src-address=172.16.0.0/22 out-interface=bridge-routed
/ip firewall nat add chain=srcnat action=src-nat to-addresses=1.1.1.201 src-address=172.16.0.0/22 out-interface=eth9
This yielded proper outgoing NAT, as verified but looking at the upstream, but traffic returned to the RB2011 didn’t make it back to the test device at .23
So, it it a case I need some additional routes? or tear things apart and use source routes for the NAT? or make use of VRFs? Metarouter?
Thanks in advance.