Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Interface Routing? (2xLAN 2xWAN)

    Routing and Multi WAN
    4
    4
    1204
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • W
      WooPigStewie last edited by

      My apologies, but I am not sure what the correct term is for what I am looking for:

      I am currently running 3 interfaces.  LAN and WAN plus OPT1 which is used for a private intranet.  I am using static routing to send traffic addressed to our remote subnets out the OPT1 interface.  Now I need to add a 4th interface to handle untrusted/guest wireless access.  I want to make sure that any traffic on that interface is forced out the WAN connection and does not get routed across the OPT1 private intranet…  I thought this would be policy based routing, but I cannot seem to get that to work.  Am I on the right track?  And if not, what should I be looking at to acomplish this?

      Thanks in advance!

      1 Reply Last reply Reply Quote 0
      • S
        Supermule Banned last edited by

        Use manual outbound nat and block access to the OPT1 interface.

        1 Reply Last reply Reply Quote 0
        • P
          phil.davis last edited by

          I guess everything on LAN and across OPT1 is private intranet IPs, which you don't want GuestNet to reach. It seems that GuestNet can use the default routing to get to the real internet, so you won't need any policy-based routing rules.
          Make an alias for all your private intranet address space - name like PrivateInternal, then put a block rule on GuestNet for destination PrivateInternal.
          I think Automatic Outbound NAT will see that GuestNet is a "normal" LAN and add outbound NAT rules on WAN "underneath" for you.

          As the Greek philosopher Isosceles used to say, "There are 3 sides to every triangle."
          If I helped you, then help someone else - buy someone a gift from the INF catalog http://secure.inf.org/gifts/usd/

          1 Reply Last reply Reply Quote 0
          • K
            kathampy last edited by

            Create a rule on OPT2:
            From: *
            To: Not OPT1 subnet
            Gateway: WAN gateway

            This should be the only rule that allows Internet access.

            1 Reply Last reply Reply Quote 0
            • First post
              Last post