Two WANs on same subnet: assigning WAN based on LAN IP



  • I have an odd setup and I'm a little unfamiliar with firewall config. I am in the process of migrating a network from a router only network to a router + firewall network (scary, I know. I'm the first IT person they've ever had…)

    The basic problem is I need to route from the new network to the old network and assign WAN address based on LAN address.  Sounds simple right?

    Content filtering rule sets are defined based on IP address.
    Old setup: 172.16.0.0/23 network with a range of 128 IPs designated for "privileged" internet, the rest as "restricted" internet
    New network: 10.0.0.0/16 network with 10.0.4.0/24 designated for "privileged" internet, the rest as "restricted" internet

    Current firewall config:
    WAN IP:172.16.0.x where x is an address in the old "restricted" internet space
    WAN Gateway: 172.16.1.1  (yes it really is 1.1, not 0.1)
    WAN2 IP: 172.16.0.y where y is an address in the old "privileged" space.
    WAN Gateway: 172.16.1.1 (yes it really is 1.1, not 0.1)
    LAN network gateway: 10.0.0.1

    I followed the multi-wan routing FAQ and read the example of SMTP at the bottom.  The problem I'm running into is that because IP of both WAN gateways are the same, I can't designate the gateway properly. The Gateway drop down has three options: default, 172.16.1.1, 172.16.1.1.  I even checked the html source to see if I could figure out by the value field, but they are the same too.

    Any help?  the only solution I can think of it to put a router between WAN2 and the old network to get the gateway to be a different address (192.168.1.1).



  • You're right, this won't work if the two WAN gateways are the same. Your solution of adding a NAT gateway in between one of them works.


Log in to reply