Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Allow internet only on second wireless network

    Firewalling
    3
    6
    2.8k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      stormeporm
      last edited by

      Hello

      My current setup is  lan  ,wireless private and wireless public  I want one to give wireless public internet access only so they cant connect my servers and home computers
      I Know I kan make a rule like this:
          Action: Pass
          Disabled: unchecked
          Interface:  wireless public
          Protocol:  any
          Source: wireless public subnet
          Destination: not  LAN Subnet

      But then I only block traffic to the lan subnet and not to the wireless private network.
      Would it be enough to add an additional rule to block access to the wireless private network?
      And I've seen some tutorials where they make the above rule and then make an additional rule where the block acces to the lan.
      But then you are blocking the lan twice isn't it? Why would you do that?

      Why isnt it possible to make a rule like this to allow internet only.
          Action: Pass
          Disabled: unchecked
          Interface:  wireless public
          Protocol:  any
          Source:  wireless public subnet
          Destination: wan subnet
      with an extra rule for dns traffic.

      1 Reply Last reply Reply Quote 0
      • P
        podilarius
        last edited by

        Create an alias that has both the wireless private and LAN subnets. You can then modify the wireless public to use the destination of NOT <private_network_alias>.

        WAN subnet is not the entire internet, but only the small portion you are assigned. This is why it would not work.</private_network_alias>

        1 Reply Last reply Reply Quote 0
        • S
          stormeporm
          last edited by

          Greats thanks!
          Why didn't I think of an alias myself.
          And thanks for the explanation about the wan subnet.
          Another question about the destination type in the firewall rules, what is  wan address?
          I cant define a single address on the wan with it, but it wont work as all wan addresses. So what do you define with wan address?

          Thanks in advance

          1 Reply Last reply Reply Quote 0
          • P
            podilarius
            last edited by

            Generally, you can define incoming rules and NAT rules with the WAN address. Say if you wanted to expose a service running on the firewall itself. Like the webconfigurator (though it is not a very good idea to do that) on port 80 or 443. For NAT rules, you are just telling the FW to use the WAN address as the source translation.

            1 Reply Last reply Reply Quote 0
            • S
              stormeporm
              last edited by

              Aha now I get the wan adress type. I have been wondering for a long time what its for.

              thanks again

              1 Reply Last reply Reply Quote 0
              • E
                Efonnes
                last edited by

                WAN address would generally be your router's internet IP address.

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.