2 WANs to different vlans
-
@sintei said in 2 WANs to different vlans:
LANGW LAN dynamic dynamic Interface lan Gateway
WEBSITESGW WEBSITES dynamic dynamic Interface lan GatewayWhat are these gateways for?
Cannot think of any reason to have a gateway on LAN in your setup. -
@viragomann I don't understand its configuration either, but if what you need is to access a host from the internet through your wan 2, why simply don't you configure a porfowaring? and in the wan rule 2 allows access!
-
@silence said in 2 WANs to different vlans:
and in the wan rule 2 allows access!
With this you don't have to create the rule yourself.
-
@silence said in 2 WANs to different vlans:
@viragomann I don't understand its configuration either, but if what you need is to access a host from the internet through your wan 2, why simply don't you configure a porfowaring? and in the wan rule 2 allows access!
What I'm trying to do is secure so that someone coming in via WAN2 only has access to my VLAN WEBSITES.
And that VLAN should be isolated from my LAN and other VLANs.
The VLAN WEBSITES is on the LAN NIC so it's somewhat tied?
Right now I can't block the VLAN WEBSITES from accessing LAN via rule as then the website looses connectivity to internet (for instance to check updates etc).
But I can access it FROM the internet.
Error in chrome says: gateway timed out when trying to update SEO, Themes etc . So that's why I'm investigating this direction.@viragomann said in 2 WANs to different vlans:
@sintei said in 2 WANs to different vlans:
LANGW LAN dynamic dynamic Interface lan Gateway
WEBSITESGW WEBSITES dynamic dynamic Interface lan GatewayWhat are these gateways for?
Cannot think of any reason to have a gateway on LAN in your setup.I think I created these to try to resolve the issue. Since you say they are not needed then I will delete them.
-
@silence
Just to clarify:
I can access my website via domain name in chrome.
It resolves and also is secured with lets encrypt certificate using HAproxy -
@sintei, Ok now we are understanding each other then the question is that your website needs to go online? to be able to update certain?
In this case you should check your nat rules
-
@silence said in 2 WANs to different vlans:
@sintei, Ok now we are understanding each other then the question is that your website needs to go online? to be able to update certain?
In this case you should check your nat rules
Yes, exactly. The website needs to online.
So I checked and created some rules in NAT (tried both 1:1 and outbound) but can't get it to work either way.
Surely, an outbound rule should suffice? -
@sintei, publish the nat rules of your firewall.
and your firewall records the moment it receives the error.
-
@sintei said in 2 WANs to different vlans:
Right now I can't block the VLAN WEBSITES from accessing LAN via rule as then the website looses connectivity to internet (for instance to check updates etc).
But I can access it FROM the internet.The only reason for this, I can think of is that on the web server you are using a DNS server in the LAN subnet.
If that's not the case enable logging in the block rule and check the firewall log to see, which access from the web server to LAN is blocked.
-
@viragomann said in 2 WANs to different vlans:
@sintei said in 2 WANs to different vlans:
Right now I can't block the VLAN WEBSITES from accessing LAN via rule as then the website looses connectivity to internet (for instance to check updates etc).
But I can access it FROM the internet.The only reason for this, I can think of is that on the web server you are using a DNS server in the LAN subnet.
If that's not the case enable logging in the block rule and check the firewall log to see, which access from the web server to LAN is blocked.
You my dear sir are correct!
I could find some DNS settings and changed them manually and it worked!
Thanks.Also, big thanks to @Silence for helping me troubleshooting this. Have a good night!