2 WAN AND 1 LAN WITHOUT BALANCING
-
Hi, I have 2 wan (wan1, wan2)interfaces and one Lan interface, I need divide the LAN into 2 groups,
the first group to the wan1 and the second group to the wan2.like this:
group 1
ip: 192.168.1.101,192.168.1.102,192.168.1.103,192.168.1.104 to WAN1group 2
ip: 192.168.1.111,192.168.1.112,192.168.1.113,192.168.1.114 to WAN2I need the rules or the steps to do it.
My server have 3 interfaces: wan1,wan2, lan.I have tried everything and No results.
Please help me.
Thanks in advance.
-
create aliasses (firewall –> aliases) and create your groups of hosts.
then create a rule on the lan-tab with source (alias_X) and choose Gateway_X, create a second rule with source (Alias_Y) and choose Gateway_Y
dont forget to remove/disable/override the default any-to-any rule ;)enjoy
-
create aliasses (firewall –> aliases) and create your groups of hosts.
then create a rule on the lan-tab with source (alias_X) and choose Gateway_X, create a second rule with source (Alias_Y) and choose Gateway_Y
dont forget to remove/disable/override the default any-to-any rule ;)enjoy
Thanks you are the best.
-
Sorry, i have another question…
Can i use squid (no transparent) to block/allow several sites with this configuration?
i have the 2 groups and work fine, but i need a proxy.
if all machines pass thru the proxy then the wan, the division is useless?example
proxy = 192.168.2.1
m1 = 192.168.2.20
wan = 100.120.20.35
wan2 = 100.200.15.32/->Wan1
m1 -> Proxy -|
->Wan2
is this correct? -
using a proxy would work to block certain sites (see squidguard).
But as you noted: running all through the proxy would render the firewall rules useless to devide the traffic over the WANS (for http/https traffic atleast. other protocols would still work)
-
using a proxy would work to block certain sites (see squidguard).
But as you noted: running all through the proxy would render the firewall rules useless to devide the traffic over the WANS (for http/https traffic atleast. other protocols would still work)
Thanks.
But i need the 2 groups for all protocols including http/https.
Thanks again.