Page 1 of 1

Source Nat Multiple Gateways

Posted: Sat Feb 15, 2020 1:05 am
by skynetcommky

Hoping to get some help here for a nat question. This maybe a routing question.

We have a CCR 1009-8G-1S-1S+

We are using it primarily for wan routing on our wisp. PUBLIC IP TO PUBLIC IP. We have a fiber connection on ETH 8 with a static IP this routes (2) /24 public subnets for our wisp clients. This comes in on a bridge connection that has ETH1, ETH2, ETH3, ETH4 assigned.

We also have a network on the bridge that is for management. We have this setup src-nat to the ETH 8 IP. This works well all subnet can reach the internet.

We got a new backup connection today eventually to become a BGP peer along with ETH 8 connected to ETH 7. ETH 7 has a public IP assigned from the upstream ISP. I added the gateway ip for this in routing. The table in routing says the gateway is reachable via ETH 7.

We want to be able to src nat to this new gateway. I changed the src-nat rule to out interface ETH 7 and at the bottom assigned the TO ADDRESS to the ETH 7 IP as I had done with the ETH 8. We are unable to get out the gateway. The gateway remains inactive under the routing tab.

What am I missing here do I need some sort of mangle rule here for the multiple gateways?

With a subnet assigned to my pc I can ping the IP on ETH 7 and the gateway IP of the ISP on ETH 7.

Thanks in advance for any help.

Re: Source Nat Multiple Gateways

Posted: Sat Feb 15, 2020 5:22 am
by skynetcommky
So I done some research and found out I needed to add a Mangle Rule for some policy based routing for this since the routing table main already was routing my public subnet. I added the rule and put chain prerouting, source address, action mark routing, made a new mark called at&t. I then went into routing and selected the gateway I had created earlier. I added the routing mark that was just created and now the traffic from subnet indeed leaves the gateway as expected.

Now I need a rule to allow me to access the subnet from other internal ips such as my public subnets on the bridge as I can manage the devices again. Any Ideals what rule this would be?

Re: Source Nat Multiple Gateways

Posted: Sat Feb 15, 2020 5:24 pm
by Sob
Check this, it should give you some ideas:


If not, then ask for more details.