Adding an additional Subnet to LAN interface



  • Hi,

    my setup currently :
    external : WAN1 & WAN2
    internal : LAN (192.168.1.0/24)

    Now, I would like to have an addional Subnet available in my network : 10.1.0.0/16

    I would like to be able to reach computers from 192.168.1.0 from 10.1.0.0 and other way around. Also, my Gateway should be accessable and usable from both subnets.

    What I did : I added a Virtual IP (10.1.100.1) on the LAN interface.

    I am able to ping this IP, but thats all. What do I have to do route traffic between both subnets ?

    regards Torsten



  • ok … finaly after thinking about whats really needed, its working now ...  ::)

    I did :
    Virtual IP => create new : "Proxy ARP" for "LAN" for network "10.1.0.0/16"
    Virtual IP => create new : "IP ALias" for "LAN" for network "10.1.100.1/16" ... whereby 10.1.100.1 should act as Gateway for network 10.1.0.0/16
    Firewall Rules => create new : "LAN", "any" Protocol from Source network "10.1.0.0/16" to Destination network "192.168.1.0/24" (Gateway "default")
    Firewall Rules => create new : "LAN", "any" Protocal from Source network "19.168.1.0/24" to Destination network "10.1.0.0/16" (Gateway "default")
    Firewall NAT Outbound => switch to "Manual Outbound NAT rule generation" and "Save"
    Firewall NAT Outbound => create new : "WAN1", "any" Protocol from Source network "10.1.0.0/16"
    Firewall NAT Outbound => create new : "WAN2", "any" Protocol from Source network "10.1.0.0/16"

    This settings did the trick. Now, I am able to ping a ip from "10.1.0.0/16" into "192.168.1.0/24" and the other way around. Also the internet is reachable from both networks, "10.1.0.0/16" and "192.168.1.0/24"

    I also have a LoadBalancing running on both WAN connections. Thats, why I had to configure WAN1 and WAN2.

    regards Torsten



  • That all looks correct with the exception of the proxy ARP, you're causing the firewall to claim every single IP in 10.1.0.0/16 there, which is creating a huge mess of IP conflicts if you have anything other than the firewall on 10.1.0.0/16.


Locked