my gateway will only allow traffic when the traffic comes from the assigned mac address and ip. Thus I have 3 interfaces in the same sub-net >> eth2, eth3 and eth6.
What I want is, any traffic that comes in to eth2, must go out from eth2 , and same for eth3 and eth6 … They all have the same gateway.
vyos@vyos:~$ show interfaces Codes: S - State, L - Link, u - Up, D - Down, A - Admin Down Interface IP Address S/L Description --------- ---------- --- ----------- eth0 192.168.122.11/24 u/u eth2 x.y.z.61/26 u/u eth3 x.y.z.60/26 u/u eth4 - u/u eth5 - u/u eth6 x.y.z.62/26 u/u eth7 - u/u eth8 - u/u eth9 - u/u eth10 - u/u lo 127.0.0.1/8 u/u ::1/128 ## this is the default gateway via eth0 set protocols static route 0.0.0.0/0 next-hop 192.168.122.1 ## set policy route route-60 rule 60 set table '60' ## using /32 or /26 made no difference set policy route route-60 rule 60 source address 'x.y.z.60/32' set protocols static table 60 route 0.0.0.0/0 next-hop x.y.z.1 next-hop-interface 'eth3' # set interfaces ethernet eth3 policy route 'route60'
with the above code in place, if I ping .60 from my laptop, I do not get a reply back. I see that the vyos receives the ping in eth3, but the outgoing is done via eth0 ( so the policy is not working)
When the above works, I can replicate the same to eth2 and eth6.
The goal is any traffic that comes to .60/.61/.62 address … or any traffic from inside the vyos with this IPs are source IP must go via their respective interface to .1 gateway
Please let me know how to make this work.