sNAT secondary outbound-interface not working

e1ts · October 1, 2021, 12:53pm

Hi,

I’m having trouble getting a sNAT to work.

When i configure eth0 as outbound interface everything works correctly but if I change to eth3 it stops working and I see no traffic in NAT monitor.

I’m new to vyos, can someone point me in right direction?

 ethernet eth0 {
     address 10.110.100.95/24
     address 10.110.100.96/24
     description `OUTSIDE`
     firewall {
         in {
             name OUTSIDE-IN
         }
         local {
             name OUTSIDE-LOCAL
         }
     }
 }
 ethernet eth2 {
     address 192.168.100.1/24
     description vyos-internal-lab
 }
 ethernet eth3 {
     address 192.168.3.170/24
     firewall {
         in {
             name OUTSIDE-IN
         }
         local {
             name OUTSIDE-LOCAL
         }
     }
 }

 source {
     rule 110 {
         log
         outbound-interface eth3
         source {
             address 192.168.100.0/24
         }
         translation {
             address masquerade
         }
     }
 }

n.fort · October 1, 2021, 1:05pm

When you modify nat rules to oubound interface eth3, do you also change your routing table? Otherwise, traffic will still try to go out through eth0

e1ts · October 1, 2021, 2:01pm

Thank you for your answer.

 static {
     route 0.0.0.0/0 {
         next-hop 10.110.100.1 {
         }
     }
     route 192.168.3.0/24 {
         next-hop 192.168.3.1 {
         }
     }
 }

The output from run show ip route static shows inactive, not sure why. Do i need to enable it?

S>* 0.0.0.0/0 [1/0] via 10.110.100.1, eth0, weight 1, 07:31:07
S   192.168.3.0/24 [1/0] via 192.168.3.1 inactive, weight 1, 02:14:36

n.fort · October 1, 2021, 2:11pm

Hi, next route is not necessary, since network 192.168.3.0/24 is attached to interface… If you type “show ip route” you may see it

set protocols static route 192.168.3.0/24 next-hop 192.168.3.1

So, you should delete it with:

del protocols static route 192.168.3.0/24

Also, you have configured you default gateway as 10.110.100.1 with command:

set protocols static route 0.0.0.0/0 next-hop 10.110.100.1

That is correct if you want your traffic to go out through eth0.
To configure default gateway through eth3, you should:

#First delete gateway through eth0
del protocols static route 0.0.0.0/0 next-hop 10.110.100.1
# Configure gateway through eth3
set protocols static route 0.0.0.0/0 next-hop 192.168.110.3.1
#Commit changes
commit
# Save changes
save

e1ts · October 1, 2021, 2:40pm

The goal is for traffic from the local subnets to go out through different interfaces.
In my lab environment, eth0 and eth3 correspond to WAN interfaces with different ISPs.

Maybe it’s my default route that’s causing the problem or some other component of my lab environment.

        rule 100 {
            log
            outbound-interface eth0
            source {
                address 10.112.100.0/24
            }
            translation {
                address masquerade
            }
        }
        rule 110 {
            log
            outbound-interface eth3
            source {
                address 192.168.100.0/24
            }
            translation {
                address masquerade
            }
        }

n.fort · October 1, 2021, 2:54pm

If that is your goal, please refer to this docs:
WAN Load Balancing: WAN load balancing — VyOS 1.3.x (equuleus) documentation
Policy and multiple uplinks example: Policy — VyOS 1.3.x (equuleus) documentation

system · October 4, 2021, 6:41am

This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.