This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Static Routing to different gateways with excluded IP addresses from a network

Hi there,

i have an internal network 10.10.10.0/24 that i want to route to a second uplink 192.168.178.1 that routes packets to a network e.g. 98.106.77.0

But some target ip addresses like 98.106.77.10 and 98.106.77.20 from the target network should be routed through the default WAN interface and not the second uplink 192.168.178.1. Source is the given internal network 10.10.10.0.

I have especially a problem with the understanding of NAT in this case as the network 10.10.10.0/24 needs to be natted with one interface. Here i can choose of course my second interface uplink 192.168.178.1. In this case all traffic from the source network 10.10.10.0 would be leaded out through the second uplink. But what about the excluded target ips?

How would i achieve this task most suitable.



This thread was automatically locked due to age.
Parents
  • Based on the numbers given, it appears that both connections are private IP to public IP, without VPN tunnels.   I think you have two options:

    - Have a public IP for every device in the 10.x.x.x network, and use 1-to-1 SNAT rules to assign them public addresses.

    - Have a masquerading rule for each interface, which can work with as little as one public IP address on each interface.

     

    In either case, it may work to simply to define POLICY routes:

    - for source a to destination b, a gateway rule routes to the desired interface address, or an interface rule routes to the designated interface object.  

     

    As JaDeep said, the most precise rule is prioritized first, then the broader rule is prioritized later.  Prioritization is easier than creating mutually-exclusive rules.

     

    JaDeep or Bob Alfson may be able to edit my suggestion.  I am working from theory, as your problem is outside my direct experience.

Reply
  • Based on the numbers given, it appears that both connections are private IP to public IP, without VPN tunnels.   I think you have two options:

    - Have a public IP for every device in the 10.x.x.x network, and use 1-to-1 SNAT rules to assign them public addresses.

    - Have a masquerading rule for each interface, which can work with as little as one public IP address on each interface.

     

    In either case, it may work to simply to define POLICY routes:

    - for source a to destination b, a gateway rule routes to the desired interface address, or an interface rule routes to the designated interface object.  

     

    As JaDeep said, the most precise rule is prioritized first, then the broader rule is prioritized later.  Prioritization is easier than creating mutually-exclusive rules.

     

    JaDeep or Bob Alfson may be able to edit my suggestion.  I am working from theory, as your problem is outside my direct experience.

Children