Interface Routing? (2xLAN 2xWAN)

  • My apologies, but I am not sure what the correct term is for what I am looking for:

    I am currently running 3 interfaces.  LAN and WAN plus OPT1 which is used for a private intranet.  I am using static routing to send traffic addressed to our remote subnets out the OPT1 interface.  Now I need to add a 4th interface to handle untrusted/guest wireless access.  I want to make sure that any traffic on that interface is forced out the WAN connection and does not get routed across the OPT1 private intranet…  I thought this would be policy based routing, but I cannot seem to get that to work.  Am I on the right track?  And if not, what should I be looking at to acomplish this?

    Thanks in advance!

  • Banned

    Use manual outbound nat and block access to the OPT1 interface.

  • I guess everything on LAN and across OPT1 is private intranet IPs, which you don't want GuestNet to reach. It seems that GuestNet can use the default routing to get to the real internet, so you won't need any policy-based routing rules.
    Make an alias for all your private intranet address space - name like PrivateInternal, then put a block rule on GuestNet for destination PrivateInternal.
    I think Automatic Outbound NAT will see that GuestNet is a "normal" LAN and add outbound NAT rules on WAN "underneath" for you.

  • Create a rule on OPT2:
    From: *
    To: Not OPT1 subnet
    Gateway: WAN gateway

    This should be the only rule that allows Internet access.

Log in to reply