Hi,
I have ordered an additional IP address which I can use via a GRE tunnel. My plan ist to tunnel only specific devices through this tunnel so that they reach out to servers on the internet via this IP address and are rechable through this IP adress. For example a VM or another device on my network.
That’s what I have achieved so far:
/etc/config/network
config interface 'tunnel1'
option proto 'gre'
option peeraddr '5.230.x.x'
config interface 'tunnel2'
option proto 'static'
option ipaddr '172.16.2.2'
option netmask '255.255.255.252'
option device '@tunnel1'
config interface 'tunnel3'
option device '@tunnel1'
option proto 'static'
option ipaddr '5.230.x.x'
option gateway '172.16.2.1'
option defaultroute '0'
/etc/config/firewall
config nat
option target 'SNAT'
option src 'tunnel2'
option name 'SNAT tunnel'
option snat_ip '5.230.x.x'
option enabled '1'
config zone
option input 'ACCEPT'
option name 'tunnel_gre'
option output 'ACCEPT'
list network 'tunnel1'
list network 'tunnel2'
list network 'tunnel3'
option masq '1'
option forward 'REJECT'
option family 'ipv4'
config forwarding
option dest 'wan'
option src 'tunnel_gre'
config forwarding
option dest 'tunnel_gre'
option src 'lan'
The tunnel itself works, I can ping my public tunnel IP from the outside and the internal gateway from my router.
What do I need to do, if I want to tunnel all traffic for a specific device, for example 192.168.100.100?