I think this is one of those staring me in the face issues but i'm stumped.
We recently got a second internet connection into the building, which we are planning to use primarily for extra bandwidth as well as a failover. It is a dynamic IP vs our existing service with 5 static IPs. We host a couple of tools internally which we also access internally. I have the second ISP in as an interface, and a multipath rule for DNS and web surfing to be balanced by connection. The problem comes in when attempting to configure NAT rules. I probably have them overly complex, but for the internal tools I have DNAT rules for connections coming from the outside, and an SNAT rule from the internal service to make it go out via the correct static IP, and a catchall SNAT for any other traffic for one of the IPs. This works currently.
However when I'm trying to get the second link up and running i'm having trouble. I need to have a masquerade rule for Uplink interfaces but i also need to disable that catchall SNAT rule as well. If its disabled, the secondary connection is able to ping out successfully but I am not able to connect to certain tools internally anymore. I am guessing it has something to do with a loopback across the uplinks but not sure how to resolve. Any ideas?
This thread was automatically locked due to age.
