OPT1 as second LAN

horace

Hello to everybody! First of all
I want to turn the OPT1 interface into a second LAN. This is my settings:
WAN: public ip
LAN: 172.31.255.0/28
OPT1: 192.168.10.0/24

i have added this rules to the firewall setting OPT1 page:
Proto  Source  Port  Destination  Port  Gateway  Schedule  Description
*          OPT1 net  *  *                    *      *                     Default OPT1 -> any

so i can surf the web. The problem is i cannot ping the machines in OPT1 from LAN (OPT1->LAN is ok). So i added this rule
*          LAN net  *  OPT1 net            *      *              LAN -> OPT1

but i can't still ping the machines in the OPT1 subnet. Please, can you tell me my mistake?

GruensFroeschli

Your second rule is reduntant.
The default rule already includes this case.

Did you make sure on the machine you're trying to ping, you have the firewall disabled/allow pings ?

horace

ok, you can kill me beacuse windows firewall turn himself on without notice, but i still stucked in this scenario.

LAN -> OPT1 ok
OPT1 -> LAN no ping and i have to add this rule

*  OPT1 net  *  LAN net  *  *      OPT1 -> LAN

plus, i can't surf the web anymore from OPT1 subnet

GruensFroeschli

Yes you can no longer go to the internet, because your rule doesnt allow access to "any".
Just have a rule on OPT1 similar to the rule on LAN:

*      OPT1 net      *      *      *      *            OPT1 -> any

Have you tried to look at the firewall log to see if something gets blocked?

horace

Thanks, now it works!