Vyatta masquerade out bridge interface
- by miquella
We have set up a Vyatta Core 6.1 gateway on our network with three interfaces:
eth0 - 1.1.1.1 - public gateway/router IP (to public upstream router)
eth1 - 2.2.2.1/24 - public subnet (connected to a second firewall 2.2.2.2)
eth2 - 10.10.0.1/24 - private subnet
Our ISP provided the 1.1.1.1 address for us to use as our gateway. The 2.2.2.1 address is so the other firewall (2.2.2.2) can communicate to this gateway which then routes the traffic out through the eth0 interface.
Here is our current configuration:
interfaces {
bridge br100 {
address 2.2.2.1/24
}
ethernet eth0 {
address 1.1.1.1/30
vif 100 {
bridge-group {
bridge br100
}
}
}
ethernet eth1 {
bridge-group {
bridge br100
}
}
ethernet eth2 {
address 10.10.0.1/24
}
loopback lo {
}
}
service {
nat {
rule 100 {
outbound-interface eth0
source {
address 10.10.0.1/24
}
type masquerade
}
}
}
With this configuration, it routes everything, but the source address after masquerading is 1.1.1.1, which is correct, because that's the interface it's bound to. But because of some of our requirements here, we need it to source from the 2.2.2.1 address instead (what's the point of paying for a class C public subnet if the only address we can send from is our gateway!?).
I've tried binding to br100 instead of eth0, but it doesn't seem to route anything if I do that.
I imagine I'm just missing something simple. Any thoughts?
