Adding an additional Subnet to LAN interface
-
Hi,
my setup currently :
external : WAN1 & WAN2
internal : LAN (192.168.1.0/24)Now, I would like to have an addional Subnet available in my network : 10.1.0.0/16
I would like to be able to reach computers from 192.168.1.0 from 10.1.0.0 and other way around. Also, my Gateway should be accessable and usable from both subnets.
What I did : I added a Virtual IP (10.1.100.1) on the LAN interface.
I am able to ping this IP, but thats all. What do I have to do route traffic between both subnets ?
regards Torsten
-
ok … finaly after thinking about whats really needed, its working now ... ::)
I did :
Virtual IP => create new : "Proxy ARP" for "LAN" for network "10.1.0.0/16"
Virtual IP => create new : "IP ALias" for "LAN" for network "10.1.100.1/16" ... whereby 10.1.100.1 should act as Gateway for network 10.1.0.0/16
Firewall Rules => create new : "LAN", "any" Protocol from Source network "10.1.0.0/16" to Destination network "192.168.1.0/24" (Gateway "default")
Firewall Rules => create new : "LAN", "any" Protocal from Source network "19.168.1.0/24" to Destination network "10.1.0.0/16" (Gateway "default")
Firewall NAT Outbound => switch to "Manual Outbound NAT rule generation" and "Save"
Firewall NAT Outbound => create new : "WAN1", "any" Protocol from Source network "10.1.0.0/16"
Firewall NAT Outbound => create new : "WAN2", "any" Protocol from Source network "10.1.0.0/16"This settings did the trick. Now, I am able to ping a ip from "10.1.0.0/16" into "192.168.1.0/24" and the other way around. Also the internet is reachable from both networks, "10.1.0.0/16" and "192.168.1.0/24"
I also have a LoadBalancing running on both WAN connections. Thats, why I had to configure WAN1 and WAN2.
regards Torsten
-
That all looks correct with the exception of the proxy ARP, you're causing the firewall to claim every single IP in 10.1.0.0/16 there, which is creating a huge mess of IP conflicts if you have anything other than the firewall on 10.1.0.0/16.