Guest VLAN firewall rule
-
I am trying to configure my box with the following:
prod LAN = 192.168.1.0/24 on LAN
Guest VLAN = 192.168.2.0/24 on OPT1Everything was working, however guest VLAN machines could access production LAN. So I changed default firewall rule to specify the destination as "WAN net" instead of "*". However, now clients cannot even ping the default gateway 192.168.2.1, and I'm not sure DHCP is working on 192.168.2.0 with the rule change.
Thanks,
Mike -
I think I have it licked. I put a firewall rule to block from OPT1 to LAN.
-
I changed default firewall rule to specify the destination as "WAN net" instead of "*".
When you do that, you are only passing traffic that is going to the little subnet between your WAN interface and your ISP.
That is a fairly restricted subset of the actual public internet - probably not a lot of interesting sites to browse in there :P