Community discussions

MUM Europe 2020
 
skynetcommky
just joined
Topic Author
Posts: 8
Joined: Wed May 16, 2018 1:28 am

Source Nat Multiple Gateways

Sat Feb 15, 2020 1:05 am

Hello,

Hoping to get some help here for a nat question. This maybe a routing question.

We have a CCR 1009-8G-1S-1S+

We are using it primarily for wan routing on our wisp. PUBLIC IP TO PUBLIC IP. We have a fiber connection on ETH 8 with a static IP this routes (2) /24 public subnets for our wisp clients. This comes in on a bridge connection that has ETH1, ETH2, ETH3, ETH4 assigned.

We also have a 10.0.0.0/8 network on the bridge that is for management. We have this setup src-nat to the ETH 8 IP. This works well all 10.0.0.0/8 subnet can reach the internet.

We got a new backup connection today eventually to become a BGP peer along with ETH 8 connected to ETH 7. ETH 7 has a public IP assigned from the upstream ISP. I added the gateway ip for this in routing. The table in routing says the gateway is reachable via ETH 7.

We want to be able to src nat 10.0.0.0/8 to this new gateway. I changed the src-nat rule to out interface ETH 7 and at the bottom assigned the TO ADDRESS to the ETH 7 IP as I had done with the ETH 8. We are unable to get out the gateway. The gateway remains inactive under the routing tab.

What am I missing here do I need some sort of mangle rule here for the multiple gateways?

With a 10.0.0.0 subnet assigned to my pc I can ping the IP on ETH 7 and the gateway IP of the ISP on ETH 7.

Thanks in advance for any help.
 
skynetcommky
just joined
Topic Author
Posts: 8
Joined: Wed May 16, 2018 1:28 am

Re: Source Nat Multiple Gateways

Sat Feb 15, 2020 5:22 am

So I done some research and found out I needed to add a Mangle Rule for some policy based routing for this since the routing table main already was routing my public subnet. I added the rule and put chain prerouting, source address 10.0.0.0/8, action mark routing, made a new mark called at&t. I then went into routing and selected the gateway I had created earlier. I added the routing mark that was just created and now the traffic from 10.0.0.0 subnet indeed leaves the gateway as expected.

Now I need a rule to allow me to access the 10.0.0.0 subnet from other internal ips such as my public subnets on the bridge as I can manage the devices again. Any Ideals what rule this would be?
 
Sob
Forum Guru
Forum Guru
Posts: 5111
Joined: Mon Apr 20, 2009 9:11 pm

Re: Source Nat Multiple Gateways

Sat Feb 15, 2020 5:24 pm

Check this, it should give you some ideas:

viewtopic.php?p=774794#p774794

If not, then ask for more details.
People who quote full posts should be spanked with ethernet cable. Some exceptions for multi-topic threads may apply. Not intended as incentive for masochists.

Who is online

Users browsing this forum: Abdock, Bing [Bot], Google [Bot], guemat, MSN [Bot], RobWFS, skylark, vortex and 157 guests