Hi,
i have a fairly simple config with eth0 as WAN interface and eth1 as LAN interface.
Packets are going out to the default gateway IP of interface eth0
set protocols static route 0.0.0.0/0 next-hop a.x.y.z
Now i did setup eth2 as a second WAN interface. I can ping the gateway IP of that wan interface (of course).
The first basic thing i want to do is:
How can i configure vyOS that ICMP Packets coming in on eth2 are replied on eth2 and not on eth0?
Thanks,
Michael
If you ping the IP of eth2 the reply will come from that interface. The issue you describe above is however route based. Your pkg comes in on eth2 and is supposed to be route to a host via let’s say eth3. Your default route goes via eth0. Your host will receive that pkg and will reply, the reply comes in on eth3. Since the destination network is not a local reachable network/ip it gets route via default route and will leave therefore on eth0.
If you know the destination networks you can set routes so for the defined networks/host it will always leave via eth2. Or you can use a routing table (aka policy based routing) and define the src ips who are supposed to always send traffic out via eth2. Everything else would involver NAT which would probably work as you want it, but the IP of the request will be only known to the firewall and needs to be terminated there as well.
cheers
Hi,
just wanted to let you know that your reply really helped me.
I need the interface to reply on ICMP for HE.NET’s tunnel broker service. I solved the issue with a ‘nat destination rule’ for ICMP coming in on the IP Address of that interface and a corresponding ‘policy route rule’ for the ICMP reply.
I dont know if it is the most elegant way, but it works as expected.
Thanks,
Michael
This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.