Hi David,
Apologies for the late reply. As it happens, source-based routing was not straightforward until recently. We'd be more than happy to give you a demo of the 6.0 beta (available in AWS and Azure) which makes this simple.
Feel free to open a support ticket any time. (Our forums are usually on the quiet side.)
Bob Smetana
Cohesive Networks
David Netten
First of all, I really like this product. It's stable and fast plus offers API functionalities.
Second:
I'm dealing with a complex situation in AWS and I cannot find out why it is failing. I have the following setup
I want instance 1 to route all traffic to the internet via instance 2 when the source IP matches a firewall rule (in this example 172.17.0.1).
My firewall rules are:
Instance 1:
PREROUTING_CUST -i eth0 -s 172.17.0.0/24 -j DNAT --to-destination 172.17.1.2
POSTROUTING_CUST -d 172.17.0.0/24 -j SNAT --to-source 172.17.1.1
MACRO_CUST -o eth0 -s 0.0.0.0/0 -j MASQUERADE
Instance 2:
MACRO_CUST -o eth0 -s 0.0.0.0/0 -j MASQUERADE
If I execute the Lamda, it times out, which indicates the traffic is dropped. I suspect I need to SNAT the request from instance 1, because otherwise instance 2 will route the traffic directly to the Lambda, instead of via instance 1. But I was kind of hoping that would be solved by the macro_cust rule.
I've disabled source check, and if I update the routing table in AWS to instance 2, the call s succesful. Any idea what is wrong?
Kind regards,
David