Hi,
i want to use WAN Load-Balancing. All looks fine both Interfaces are shown as up and i can ping external ips. But my local containers on vyos does not have access to the internet. The firewall rules allow the acces, i think the problem is the wan load-balancing.
Is there something i need to do?
I’m not sure if this will work.
Can you paste config? I guess that inbound-interface in this setup should be interface created for the container
Thats my load-balancing config, i already have tested with inbound-interface=any
set load-balancing wan disable-source-nat
set load-balancing wan enable-local-traffic
set load-balancing wan sticky-connections inbound
set load-balancing wan flush-connections
set load-balancing wan interface-health pppoe0 failure-count 5
set load-balancing wan interface-health pppoe0 success-count 3
set load-balancing wan interface-health pppoe0 nexthop 'dhcp'
set load-balancing wan interface-health pppoe0 test 100 type ping
set load-balancing wan interface-health pppoe0 test 100 target 8.8.8.8
set load-balancing wan interface-health bond0.103 failure-count 5
set load-balancing wan interface-health bond0.103 success-count 3
set load-balancing wan interface-health bond0.103 nexthop 'dhcp'
set load-balancing wan interface-health bond0.103 test 100 type ping
set load-balancing wan interface-health bond0.103 test 100 target 8.8.4.4
set load-balancing wan rule 10 exclude
set load-balancing wan rule 10 inbound-interface 'bond+'
set load-balancing wan rule 10 destination address 192.168.0.0/16
set load-balancing wan rule 100 failover
set load-balancing wan rule 100 inbound-interface 'bond+'
set load-balancing wan rule 100 interface pppoe0 weight 100
set load-balancing wan rule 100 interface bond0.103 weight 10
set load-balancing wan rule 100 protocol 'all'
Could you show your source nat rules?
I have set a network for the containers.
set container network containers description 'Network for VyOS containers'
set container network containers prefix '192.168.5.0/24'
And then set for the containers the specific address. Thats my only nat rules.
set nat source rule 100 description 'LAN -> Modem'
set nat source rule 100 destination address '192.168.107.0/24'
set nat source rule 100 outbound-interface name 'bond0.107'
set nat source rule 100 translation address 'masquerade'
set nat source rule 200 description 'LAN -> VPN'
set nat source rule 200 outbound-interface name 'wg02'
set nat source rule 200 translation address 'masquerade'
set nat source rule 300 description 'LAN -> WAN'
set nat source rule 300 outbound-interface name 'pppoe0'
set nat source rule 300 translation address 'masquerade'
set nat source rule 400 description 'Block -> WAN_5g'
set nat source rule 400 exclude
set nat source rule 400 source group address-group wan_no_5g
set nat source rule 410 description 'LAN -> WAN_5G'
set nat source rule 410 outbound-interface name 'bond0.103'
set nat source rule 410 translation address 'masquerade'