I’m looking to achieve the following with 1 x router:
Enable multiple interfaces as inbound interfaces for NAT, each of them already have IPs from different upstreams - eth0 (ISP 1), eth1 (ISP 2) and eth2 (ISP 3)
Enable 1 outbound interface - eth4 (ISP 1) - I’ve already got this working
Problem:
As soon as I set the outbound interface to eth4, I can no longer use eth1 and eth2 as the inbound IP.
Inbound interface eth0 continues to work (since the outbound interface eth4 is from the same upstream)
NAT source is set to address: masquerade, so my guess is theres packets being dropped by eth1 and eth2 since the source IP is from eth4 (different upstream)
Any ideas? There must be some additional policies etc. I can create to cater for this, not sure which ones I need though.
Having several internet connections, requires more configuration that you might think.
You must ensure that if incoming traffic is received from internet, for example in eth0-ISP, then the response should also be routed through same interface. Otherwise, the response will have another source ip address (let say eth4-ISPX public IP address), and client who initiated the connection will not accept this response, since it comes from a different IP.
This can be achieved, but as far as I remember, not directly from vyos cli. An idea on how to achieve this? You can try WAN Load Balancing, and enable sticky-connections. Then analize firewall rules and policies.
Also, a thread with similar requirements can be found here
Thanks! Just double checking having read the WAN Load Balancing doc, this would work for my scenario where I have multiple inbound interfaces (eth1, eth2, eth3 where NAT port forwarding occurs), and then all outbound traffic goes via a separate interface (eth4 DHCP)?
The challenge then is to ensure the response goes back from 1) eth4 → 2) the relevant inbound interface the request came from