Advanced routing/rules: 2nd IP on LAN and NAT this over LTE interface.

xp8it · Tue Apr 26, 2022 4:46 pm

Hi!

my target is as follows:

internal-bridge ether1
|-------- 10.93.12.254/24 -> NAT over PPPoE on ether2-> Internet 
|-------- 10.93.13.254/24 -> NAT over LTE-Interface  -> Internet

So if any request to internet comes over 10.93.12.254 it should go to internet over ether2, if it comes from 10.93.13.254 it should go over lte.
Background is that there is a pf-router behind the ROS-Router on ether2, badly i have to decide on pfsense over which interface the connections have to to.

Is this possible with ROS?

Greets

anav · Tue Apr 26, 2022 10:39 pm

Of course...........
You have two internet connections.
You have some requirements that one subnet goes over one WAN, and another subnet goes over the second WAN.

Do you have more subnets?
Which Wan is the primary? and which is the secondary?

The easy way is to make the Primary(WAN1) the shortest distance route between the two default routes (WAN1, WAN2) and then all traffic goes there.
Then you make a third route, a duplicate of the WAN2 route, make a route rule for it and then point the source subnet at the third route by either route-marking v6, or making a new table v7.

The further questions needing answering is what happens if WAN1 goes down, do you want those users to switch to WAN2 and vice versa, if WAN2 goes down do you want users to go to WAN1.

All very doable on RoS
Check out Paras I & J here - viewtopic.php?t=182373

xp8it · Wed Apr 27, 2022 11:36 am

Hi anav,

thanks for your answer!

Do you have more subnets?

no, only these two.

Which Wan is the primary? and which is the secondary?

How to define primary and seconday WAN? Isnt this done by route-distance? But i cant change this values.

If this matter, primary should be the pppoe-link.

Flags: X - disabled, A - active, D - dynamic, C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme, B - blackhole, U - unreachable, P - prohibit 
 #      DST-ADDRESS        PREF-SRC        GATEWAY            DISTANCE
 0 ADS  0.0.0.0/0                          pppoe-telekom-f...        1
 1  DS  0.0.0.0/0                          lte1                      2
 2 ADC  10.93.12.0/24      10.93.12.254    br-int                    0
 3 ADC  10.93.13.0/24      10.93.13.254    br-int                    0
 4 ADC  10.157.35.183/32   10.157.35.183   lte1                      0
 5 ADC  62.156.244.23/32   xx.xx.xx.xx  pppoe-telekom-f...        0

The further questions needing answering is what happens if WAN1 goes down, do you want those users to switch to WAN2 and vice versa, if WAN2 goes down do you want users to go to WAN1.

connections from 10.93.12.0/24 should never go to WAN2
connections from 10.93.13.0/24 should never go to WAN1

I will try to play around with route-rules.

anav · Wed Apr 27, 2022 7:20 pm

I see the dilemma, you dont want any failover whatsoever so that WAN1 users dont get pushed to WAN2 if WAN1 goes down.
So you need four routes and 2 route rules.

dst-address WAN1 distance=1
dst-address WAN2 distance=2
++++++++++++++++++++++++
dst-address WAN1 distance=1 table=onlyWAN1 ( in version 6 this would routing-mark=onlyWAN1 )
ds-address WAN2 distance=2 table=onlyWAN2 ( same same )

/routing rule add src-address=10.93.13.0/24 action=lookup-only-in-table table=onlyWAN1
/routing rule add scr-address=10.93.12.0/24 action=lookup-only-in-table table=onlyWAN2

Advanced routing/rules: 2nd IP on LAN and NAT this over LTE interface.

Advanced routing/rules: 2nd IP on LAN and NAT this over LTE interface.

Re: Advanced routing/rules: 2nd IP on LAN and NAT this over LTE interface.

Re: Advanced routing/rules: 2nd IP on LAN and NAT this over LTE interface.

Re: Advanced routing/rules: 2nd IP on LAN and NAT this over LTE interface.

Who is online