Hello,
Hoping to get some help here for a nat question. This maybe a routing question.
We have a CCR 1009-8G-1S-1S+
We are using it primarily for wan routing on our wisp. PUBLIC IP TO PUBLIC IP. We have a fiber connection on ETH 8 with a static IP this routes (2) /24 public subnets for our wisp clients. This comes in on a bridge connection that has ETH1, ETH2, ETH3, ETH4 assigned.
We also have a 10.0.0.0/8 network on the bridge that is for management. We have this setup src-nat to the ETH 8 IP. This works well all 10.0.0.0/8 subnet can reach the internet.
We got a new backup connection today eventually to become a BGP peer along with ETH 8 connected to ETH 7. ETH 7 has a public IP assigned from the upstream ISP. I added the gateway ip for this in routing. The table in routing says the gateway is reachable via ETH 7.
We want to be able to src nat 10.0.0.0/8 to this new gateway. I changed the src-nat rule to out interface ETH 7 and at the bottom assigned the TO ADDRESS to the ETH 7 IP as I had done with the ETH 8. We are unable to get out the gateway. The gateway remains inactive under the routing tab.
What am I missing here do I need some sort of mangle rule here for the multiple gateways?
With a 10.0.0.0 subnet assigned to my pc I can ping the IP on ETH 7 and the gateway IP of the ISP on ETH 7.
Thanks in advance for any help.
-
-
skynetcommky
just joined
- Posts: 8
- Joined:
Re: Source Nat Multiple Gateways
So I done some research and found out I needed to add a Mangle Rule for some policy based routing for this since the routing table main already was routing my public subnet. I added the rule and put chain prerouting, source address 10.0.0.0/8, action mark routing, made a new mark called at&t. I then went into routing and selected the gateway I had created earlier. I added the routing mark that was just created and now the traffic from 10.0.0.0 subnet indeed leaves the gateway as expected.
Now I need a rule to allow me to access the 10.0.0.0 subnet from other internal ips such as my public subnets on the bridge as I can manage the devices again. Any Ideals what rule this would be?
Now I need a rule to allow me to access the 10.0.0.0 subnet from other internal ips such as my public subnets on the bridge as I can manage the devices again. Any Ideals what rule this would be?
Re: Source Nat Multiple Gateways
Check this, it should give you some ideas:
viewtopic.php?p=774794#p774794
If not, then ask for more details.
viewtopic.php?p=774794#p774794
If not, then ask for more details.
People who quote full posts should be spanked with ethernet cable. Some exceptions for multi-topic threads may apply. Not intended as incentive for masochists.