1 wan 2 lan
-
Delete your LAN2 rules and copy the rules from the LAN interface and change the interface to LAN2.
Does it then work ?
Are you using a PC to test, if so what does an ipconfig /all say ?
-
@nogbadthebad you my sir are my hero! really big thanks for clarifying and helping me :) i gotta read up abit more about networking... again. Thanks!
edit: copying the rules did the trick
-
Now just work on blocking access from LAN2 to LAN now you know it's working :)
-
@nogbadthebad yea... that will be interesting figuring out atleast internet is up now
-
@nogbadthebad shouldnt theese rules do the trick?
or do i missunderstand the invert option? -
@pellle87 said in 1 wan 2 lan:
I have setup a second lan on my install that im planning of plugging my AP into to separate the wlan from the rest of the lan.
LAN: 10.10.10.1 - 10.10.10.200 Gateway: 10.10.10.1
LAN2: 11.11.1 - 11.11.11.200 Gateway: 111.11.11.1
Any help is appriciated- 11.11.11.x does belong to the United States Department of Defense. (the DOD owns 11.0.0.0/8)
- 111.11.x.x is part of the Chinese firewall (this IP range seems to be used by China Mobile for PGW/Mobile phone gateway for internet, for the area surrounding Dezhou)
Well, trolling aside, these rules should normally do the trick.
If it doesn't, you could create a "block" rule specifically matching your LAN net above your two "allow" rules ? -
@free4 hahah :D the invert did not work atlest...
Tried also a rule like this above the 2 allow rules:
it dont seem to work..
-
People don’t tend to like the use of the invert.
Has to be said that I use it, on my guest network.
Does DHCP. DNS & NTP work with your rules, I bet it doesn’t.
Also you could delete the IPv6 rule and change the IPv4 rule to IPv4/IPv6.
If you don’t use IPv6 just delete the rule.
-
@nogbadthebad oh dear, now im confused :) the digging continues....
when i access a share from the blocked network to the lan1 network the "states" is increasing so i guess im somewhat right but not in some way
-
Change your rule to log, then look in the firewall logs to see what’s being blocked or just copy the rules in my screenshot.
-
Pass traffic on LAN2 for things they need (like DNS)
Reject traffic to things you want to keep them from accessing (LAN net, RFC1918, This firewall)
Pass any (the internet)That is the only correct way to do it.
Passing to
! LAN Netand expecting that to function as a block rule to LAN net is no way to roll.If you care about security, block the traffic you want to block and pass the rest.
