Tested on VyOS 1.4-rolling-202201100317
Commands for Wan Load Balancing:
# Load balancing config set load-balancing wan interface-health eth0 nexthop '10.0.0.1' set load-balancing wan interface-health eth1 nexthop '10.1.1.1' set load-balancing wan rule 10 inbound-interface 'eth3.100' set load-balancing wan rule 10 interface eth0 set load-balancing wan rule 10 interface eth1
This results on next nat rules:
vyos@vyos# sudo nft list table ip nat table ip nat { chain PREROUTING { type nat hook prerouting priority dstnat; policy accept; counter packets 215 bytes 18124 jump VYOS_PRE_DNAT_HOOK } chain POSTROUTING { type nat hook postrouting priority srcnat; policy accept; counter packets 273 bytes 21364 jump VYOS_PRE_SNAT_HOOK } chain VYOS_PRE_DNAT_HOOK { return } chain VYOS_PRE_SNAT_HOOK { return } chain WANLOADBALANCE { ct mark 0xc9 counter packets 0 bytes 0 snat to 10.0.0.2 ct mark 0xca counter packets 0 bytes 0 snat to 10.1.1.2 } }
There's a missing rule in chain VYOS_PRE_SNAT_HOOK that jumps to WANLOADBALANCE. So, no source nat occurs at all.
Same config con VyOS 1.3, give us next nat rules:
vyos@Customer:~$ sudo nft list table ip nat table ip nat { chain PREROUTING { type nat hook prerouting priority dstnat; policy accept; counter packets 32 bytes 2784 jump VYATTA_PRE_DNAT_HOOK } chain INPUT { type nat hook input priority 100; policy accept; } chain POSTROUTING { type nat hook postrouting priority srcnat; policy accept; counter packets 23 bytes 1956 jump VYATTA_PRE_SNAT_HOOK } chain OUTPUT { type nat hook output priority -100; policy accept; } chain VYATTA_PRE_DNAT_HOOK { counter packets 32 bytes 2784 return } chain VYATTA_PRE_SNAT_HOOK { counter packets 23 bytes 1956 jump WANLOADBALANCE counter packets 0 bytes 0 return } chain WANLOADBALANCE { ct mark 0xc9 counter packets 14 bytes 1192 snat to 10.0.0.2 ct mark 0xca counter packets 9 bytes 764 snat to 10.1.1.2 } }