Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Policy routing with remote gateways

    Routing and Multi WAN
    1
    1
    243
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • senseivitaS
      senseivita
      last edited by

      This might involve a routing package. It does, but for the sake of routing; the route is already known to the firewall.

      Hi !

      I'll use this as reference:

      I have a couple of routes towards 0/0 obtained through OSPF on a remote router (WZ2, WZ3). For incoming traffic from the public network, things sort themselves out thanks to OSPF. There is no NAT internally, only on the public interfaces (symbolized by the little doors above.)

      My question is, [1] how can I use policy routing with the routes learned from a protocol? These gateways aren't available for policy routing.

      Currently what I do is manually add the gateway so it becomes selectable, otherwise I wouldn't know how. I think that protocol-learned gateways are considered ephemeral or something.

      The second aspect of this is remote multi-WAN, my current approach to that — or the most recent one since it's mostly hypothetical right now — is to use virtual IP addresses each mapped to a gateway or to an interface rather, since the gateway may be shared.

      Alternatively, use source-based policy routing on the remote router where the sources would be also virtual IP addresses but this time on the downstream routers and NAT to disguise the traffic. It works too but it's a lot less practical than VIPs on the upstream.

      [2] Is there a more straightforward to do PBR from an internal router?

      On second thought, I just remembered VIPs set on any router are passed around by OSPF, so I really just need the answer to 1, if there's one. 🤞

      If you have any extra tips/comments that welcome too!

      Missing something? Word endings, maybe? I included a free puzzle in this msg if you solv--okay, I'm lying. It's dyslexia, makes me do that, sorry! Just finish the word; they're rarely misspelled, just incomplete. Yeah-yeah-I know. Same thing.

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.