static routing question

Hello- very stupid question, I’m sure… but my google-fu is failing me.

First time VyOS user, trying to use it as a gateway/bridge between two networks.

Setup:

eth0 - subnet 1, 10.5.1.5/24
eth1 - subnet 2, 192.168.1.5/24

Subnet 1 is a part of an IPSEC vpn, connected to many other subnets within 10.0.0.0/8.

What I’m trying to do:

Hosts within subnet 1 use VyOS as a gateway, VyOS forwards all traffic destined for 10.0.0.0/8 to it’s upstream, 10.5.1.1. All traffic destined for IPs outside of that /8 should route through subnet 2- both private and public, giving local (non-vpn) access to the internet via 192.168.1.1 and hosts within 192.168.1.0/24. VyOS will not be running any other operations, aside from some light firewall duties.

Any help is appreciated!

It seems to that you’re trying to do some NATting.

Basically you set on NAT rule that will ‘exclude’ any trafic going to the /8 from being NATed, and then for everything else, you can create a NAT masguerade rule. Basically your commands will be similar to this:

1. Create the exclude NAT rule:

set nat source rule 5 destination address ‘10.0.0.0/8’
set nat source rule 5 ‘exclude’
set nat source rule 5 outbound-interface ‘eth1’

2. Create your NAT masquerade to give /8 hosts access to the internet through subnet 2:

set nat source rule 20 outbound-interface ‘eth1’
set nat source rule 20 source address ‘10.0.0.0/8’
set nat source rule 20 translation address ‘masquerade’

That worked… thank you!