Options
PBR and nat on same device
I forget the order to do this in
Suppose I have a router with two external interface and one internal
the one ISP is sending traffic to interface A on the outside and I am Natting this to the 192.168.0.1/24 network inside.
I want traffic coming from 192.168.0.1 to be routed back out of interface A but I can tell where it is going to I can only do source based policy routing (traffic from 192.168.0.1 to anywhere send out interface A) traffic from any where else should go out via interface B
But policy based routing is applied on the incoming interface, so would normally be applied to the internal interface. but how does this play with NAT?
Suppose I have a router with two external interface and one internal
the one ISP is sending traffic to interface A on the outside and I am Natting this to the 192.168.0.1/24 network inside.
I want traffic coming from 192.168.0.1 to be routed back out of interface A but I can tell where it is going to I can only do source based policy routing (traffic from 192.168.0.1 to anywhere send out interface A) traffic from any where else should go out via interface B
But policy based routing is applied on the incoming interface, so would normally be applied to the internal interface. but how does this play with NAT?
- If you can't explain it simply, you don't understand it well enough. Albert Einstein
- An arrow can only be shot by pulling it backward. So when life is dragging you back with difficulties. It means that its going to launch you into something great. So just focus and keep aiming.
Linkin Profile - Blog: http://Devilwah.com
Comments
-
Options
jamthat
Member Posts: 304 ■■■□□□□□□□
I forget the order to do this in
Suppose I have a router with two external interface and one internal
the one ISP is sending traffic to interface A on the outside and I am Natting this to the 192.168.0.1/24 network inside.
I want traffic coming from 192.168.0.1 to be routed back out of interface A but I can tell where it is going to I can only do source based policy routing (traffic from 192.168.0.1 to anywhere send out interface A) traffic from any where else should go out via interface B
But policy based routing is applied on the incoming interface, so would normally be applied to the internal interface. but how does this play with NAT?
The PBR should be processed before NAT, so on your internal face you would just allow 192.168.0.1/24 out to interface A and everything else would go B. Am I missing something there??