i have an internal network 10.10.10.0/24 that i want to route to a second uplink 192.168.178.1 that routes packets to a network e.g. 22.214.171.124
But some target ip addresses like 126.96.36.199 and 188.8.131.52 from the target network should be routed through the default WAN interface and not the second uplink 192.168.178.1. Source is the given internal network 10.10.10.0.
I have especially a problem with the understanding of NAT in this case as the network 10.10.10.0/24 needs to be natted with one interface. Here i can choose of course my second interface uplink 192.168.178.1. In this case all traffic from the source network 10.10.10.0 would be leaded out through the second uplink. But what about the excluded target ips?
How would i achieve this task most suitable.
Based on the numbers given, it appears that both connections are private IP to public IP, without VPN tunnels. I think you have two options:
- Have a public IP for every device in the 10.x.x.x network, and use 1-to-1 SNAT rules to assign them public addresses.
- Have a masquerading rule for each interface, which can work with as little as one public IP address on each interface.
In either case, it may work to simply to define POLICY routes:
- for source a to destination b, a gateway rule routes to the desired interface address, or an interface rule routes to the designated interface object.
As JaDeep said, the most precise rule is prioritized first, then the broader rule is prioritized later. Prioritization is easier than creating mutually-exclusive rules.
JaDeep or Bob Alfson may be able to edit my suggestion. I am working from theory, as your problem is outside my direct experience.
So, here is a chart to the network map:
WebAdmin can't make the correct routes with overlapping subnets on two different interfaces - see #3.1 in Rulz (last updated 2019-04-17). Please show pictures of the Edits of the two Interface definitions. If you prefer, obfuscate IPs like 84.XX.YY.121, 10.X.Y.100, 192.168.X.200 and 172.2X.Y.51. That lets us see immediately which IPs are local and which are identical.
Cheers - Bob
Hey Balfson ,
thank you for your help. I appreciate. I 've just uploaded new pictures to the previous to get more precious. Second WAN interface is a dhcp interface where we get the ip adress from our local provider.
So, the second interface does not have IPs in 184.108.40.206/24 - that was just a shortcut you used in the graph? If it does, then copy the 'Routes Table' here from 'Support >> Advanced'.
Hi, unfortunately the upload with the correct diagram today did not succeeded. So here is the right one.
"Blue" means "internal ips" and green means "real external ips".
To answer your question:
Yes, the second interface does not have IPs in 220.127.116.11/24.
Why not select 'IPv4 Default Gateway' in the 'Second WAN' and then use Multipath rules?
Sorry, i just don't understand the sense in multipath rules as there i have only "source" + "service" + "destination" to define. I'm absolutely not aware of how to solve this.
You select "By interface" in a Multipath rule to have traffic use a specific interface.
Yeah, i see it. But i really don't know what to configure.