Pretty quick question



  • Hello there,
      Let me start off by saying thank you for taking the time to read this real quick.  I was once an IT specialist in the military, but that was years ago and I feel I may have jumped far into the deep end without my floaties.  I thought this would be a pretty simple task, but after spending all gosh darn day on this issue.  I am wondering if the box I have even has the capabilities to do what I am wanting.  Now to the setup. 
    I recently purchased an old watchguard XTM 525 router.  this router has 7 ports.  I setup the initial configuration with em0 being the WAN, em1 being LAN and then I added OPT 1 as a LAN 2.  em1 was configured as 192.168.1.1, and em2 192.168.2.1.  I have a linksys EA9300 which I was attempting to use on the OPT 1 em2 port as my wifi access and it has a couple storage USB ports I wanted to use.  I was able to get everything installed, I could ping all over from network 1 to network 2.  However, I could NEVER get network to to the internet.  I am very terrible at explaining, but em0 went to my modem, em1 went to a cisco 24 port switch, then em2 went to the linksys router.  when I ignored em2, and hooked my linksys to the switch on em1, it would get to the internet, but I was unable to do anything cross network.  I feel like I am missing something super simple here.  The goal here was to separate all of my Alexa enabled devices from my general usage network, while still being able to access these devices.  Ultimately, I am just wondering if this is even possible I suppose.  I apologize if this sounds just like a bunch of rambling at this point.


  • Netgate

    Firewall rules on OPT1 need to pass the necessary traffic probably.



  • I mimiced the rules that were there for LAN.  both for IPv4 and IPv6.




  • I've made this rough image to show the topography.  I also changed em2 to 192.168.5.1 and removed the linksys for the time being, untill I can get connectivity to em2.



  • Netgate

    Assuming the WAN is working you need three things for something on em2 (LAN2) to access the internet:

    1. A proper address and gateway on the host (DHCP, static, whatever)

    2. Firewall rules on LAN2 passing the desired traffic (Firewall > Rules, LAN2)

    3. Outbound NAT on WAN for that source network (Automatic or Hybrid would do this automatically) (Firewall > NAT, Outbound)



  • based on what Im seeing, it appears all of this has been set.  And if by WAN working, you mean I can connect to the internet, LAN1 can. the image up a couple posts shows the rules set.  This image shows the outbound NAT.  or would there be a manual setting I'd have to input?  Thank you for replying btw.  I appreciate it.




  • OMG, I am a friggin idiot.  when I copied the rules LAN 1 had, I copied them to the T.  I just needed to change the source from LAN net, to LAN2 net.  im such a moron hah.  Everything is working golden now.