Policy Based Routing rules matching NATed source address do not work
- Policy Based Routing rules matching NATed source address do not work when a routing decision is based on the regular routing table.
- Rulebase has a PBR rule matching on a translated source address:
set pbr rule priority X match from TRANSLATED_IP/MASK
- Source translation always takes place on the server side, and cannot change to altered to client side (like destination translation).
- The OS routing decision is taking place before the outbound chain. Therefore the PBR rules are being matched against the original source address.
- After the routing decision has been made, the packet enters the outbound chain, where it is getting translated.
The solution would be to use a rule that uses the original source address.
CLISH> set pbr rule priority X match from ORIGINAL_IP/MASK