PBR and nat on same device

I forget the order to do this in

Suppose I have a router with two external interface and one internal

the one ISP is sending traffic to interface A on the outside and I am Natting this to the 192.168.0.1/24 network inside.

I want traffic coming from 192.168.0.1 to be routed back out of interface A but I can tell where it is going to I can only do source based policy routing (traffic from 192.168.0.1 to anywhere send out interface A) traffic from any where else should go out via interface B

But policy based routing is applied on the incoming interface, so would normally be applied to the internal interface. but how does this play with NAT?

Find more posts tagged with

Save $250 on 2025 certification boot camps from Infosec!

Book now with code EOY2025

Button

Comments

jamthat

DevilWAH wrote: »

I forget the order to do this in

Suppose I have a router with two external interface and one internal

the one ISP is sending traffic to interface A on the outside and I am Natting this to the 192.168.0.1/24 network inside.

I want traffic coming from 192.168.0.1 to be routed back out of interface A but I can tell where it is going to I can only do source based policy routing (traffic from 192.168.0.1 to anywhere send out interface A) traffic from any where else should go out via interface B

But policy based routing is applied on the incoming interface, so would normally be applied to the internal interface. but how does this play with NAT?

The PBR should be processed before NAT, so on your internal face you would just allow 192.168.0.1/24 out to interface A and everything else would go B. Am I missing something there??