Firewall with multiple subnets on same interface
-
Hi guys
i have configuration
OPT2 interface with 10.20.0.254/24
(also i have OPT1, 3, 4, but it is unimportant for this problem)router 1 connected to OPT2 with
lan 10.20.240.1/24
wan 10.20.0.240/24 - gw 10.20.0.254router 2 connected to OPT2 with
lan 10.20.170.1/24
wan 10.20.0.170/24 gw 10.20.0.254and, firewall rule is only one, and it is set to pass all traffic * * * * *
also i have computers connected directly to OPT2 interface,
all static routes are added in all routers
all machines can ping each other, can access internet etc etc…
problem is that nothing else except ping does not pass to this subnets on OPT2.
That means, machine connected to opt interface OPT2, with 10.20.0.xy/24 cant access machine behind router1 or router2but it can ping :)
If i turn on rule "Bypass firewall rules for traffic on the same interface" under System -> Advanced functions
then everything works.Question is, is this suppose to be like that or is this bug? (i mean because in firewall it is set to pass all traffic)
because then if i want to block only subnets from router1 and router2 that machines cant communicate each other, what should i do to block them?Thanks
-
Which interface is that rule on? OPT2? Keep in mind that checkbox only applies to hairpin routing scenario. e.g. traffic enters on OPT2 and leaves right away on OPT2.
-
im talking about OPT2 dont i?
so firewall rule is set to allow all traffic!
so traffic is coming in to OPT2 and leaving to OPT2 again.
and without checked checkbox "Bypass firewall rules for traffic on the same interface" nothing works except ping.again is that suppose and programmed to be like that or is it bug?
-
Easy there
Go to System \ Advanced
Check Bypass Firewall rules for traffic on the same interface
Regards
Edited: Sorry i did not read your post untiln the end…
-
Easy there
Go to System \ Advanced
Check Bypass Firewall rules for traffic on the same interface
Regards
Edited: Sorry i did not read your post untiln the end…
oh god!
i did done that, if you read first post you will see…
what im asking is,
is that bug or not?
interface is suppose to pass all traffic if firewall rules are set to pass all traffic, but some reason firewall dont pass remote port, file print and sharing etc etc...thanks
-
it's not a bug
-
ok, thank you that is all i want to know,
it is suppose to work like that.
thank you