I’m moving my router from a Debian installation & iptables (FWbuilder GUI) to VYOS.
Currently I’ve managed site-2-site connections and all the basic settings almost without any problems.
At my very simle home network, I’ve just one masqurading rule to hide the internal network behind the official router address - like normal.
So far so good. The question is now how can I exclude traffic to one external address IP from beeing masqueraded?
My current nat-script does it like this:
$IPTABLES -t nat -A POSTROUTING -o eth1 -s ! -d <external destination not nat’ed> -j SNAT --to-source