Hi guys. I have the lab topology above that I am having issues with when it comes to routing. Routes to/from VyOS router A to VyOS router B (and devices behind each) work fine but I cannot reach the internet from either A or B or devices behind them. On the VyOS ISP router I have added a route that says all traffic to 0.0.0.0/0 go to my physical router which I know is incorrect but I’m not sure how to forward traffic from A to B to the internet via the ‘ISP’ vyOS router. Any better alternative? TIA
Router ISP should have SNAT
Or router A/B should have own NAT rules to hide 10.x.x.x /172.x.x.x networks
It depends where you use external routable address space
Hi @Viacheslav thanks very much for the suggestion. I have now implemented SNAT rules on the ISP router. The devices on the 10.x.x.x and 172.x.x.x networks are NATing to the IP of the interface bridged to my physical network but I still cannot get out to the internet. What’s the best way to configure the ISP router to say ‘for all internet traffic, go via 192.168.1.254’?
EDIT - I’ve just added a route pointing 0.0.0.0/0 to 192.168.1.254 and it’s working.
Ok, you need to do several things. Let’s start with the ISP router. You’re going to need 3 static routes on the ISP router. A default route of 0.0.0.0/0 with a next-hop of 192.168.1.254. The ISP router should also have another static of 10.10.10.0/24 with a next-hop of 3.3.3.2. And the 3rd and final static route on the ISP router should be 172.16.10.0/24 with a next-hop of 4.4.4.2. Router A only needs a default route, 0.0.0.0/0 with a next-hop of 3.3.3.1. And router B only needs a default route, 0.0.0.0/0 with a next-hop of 4.4.4.1. That should get you pinging from router A to router B (and vice versa). And router A & B should be able to reach the Internet.
Switch ISP ought to have SNAT
Or on the other hand switch A/B ought to have own NAT rules to stow away 10.x.x.x/172.x.x.x organizations,
It depends where you utilize outer routable location space