Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Static Routing

    Scheduled Pinned Locked Moved Routing and Multi WAN
    1 Posts 1 Posters 560 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • A
      albevierhelixit.net
      last edited by

      I want to direct specific traffic from LAN0 to LAN1 to the internet.

      QUESTION:
      When traffic not destined for the LAN behind the router hits the router's WAN port, what directs traffic first:

      • the gateway defined on the WAN port, (in this case the traffic would be rejected because there would be no IP behind the router to direct the traffic toward)
      • a static route defined in the router, (which is what I hope is the case because then I can route the traffic "through" the router and out another gatewan)
      • a firewall rule allowing or disallowing traffic with a specific destination?

      That's the gist of the question and if it is possible to answer just the above, that would be very very helpful. Below is just a rephrasing of the above in several different ways and the best I can do to describe the specific scenario.

      Here's what I've go going:

      A router with dual WAN ports labeled WAN0 and WAN1. Only WAN1 has a gateway to the Internet. I wish to redirect incoming WAN0 traffic destined for a specific Internet destination to the WAN1 gateway.

      The WAN0 gateway IS NOT pointed to WAN1 (duh). So….

      • I created a firewall rule allowing WAN0 to accept the specific traffic I wish to redirect.
      • I created a static route that routes the specific traffic to the WAN1 gateway.

      No love.

      So...here's more detail

      • the "specific traffic" is that traffic destined to a public IP network -- the example below uses a fake public IP network of 288.333.111.0

      • LAN0 and LAN1 each with their own router/firewall.

      • Router1 services LAN1

      • Router1 has two WAN ports -- WAN0 and WAN1

      • Router1 WAN0 faces LAN0 and WAN1 faces the Internet

      • Router0 services LAN0

      • Router0 has only one WAN port which faces the Internet

      • Both LANs use the Internet connection on Router0 which is to say, by default, all Internet destined traffic from both LAN0 and LAN1 use the WAN connection on Router0

      And here's an attempt to diagram the setup as I would like to see it work.

      All traffic to
      Internet from
      both LAN0 and LAN1
      Except 288.333.111.0
        |
        |
      WAN0 on Router0       
      192.168.0.1/24  <------> LAN0 192.168.0.0/24
        |                    (traffic to 288.333.111.0 originates here)
        |                    (traffic to LAN1 is blocked by the Router1 firewall)
      Static Route
      On Router0 sends   
      288.333.111.0 
      Traffic to
      WAN0 on Router1
        |                 
        |
      WAN0 on Router1                 
      192.168.0.3/24  <-------> LAN1 192.168.1.0/24
      GW:192.168.0.1            (traffic to 288.333.111.0 originates here too)
      NOTE: A firewall rule    (traffic is expected to flow LAN0 to access LAN0 hosts)
      on WAN0 allows all
      traffic destined to 288.333.111.0
        |
        |           
      Static route
      on Router1 sends                 
      288.333.111.0                   
      Traffic to
      WAN1 on Router1
        |                      (NOTE: This rule works for all traffic originating from LAN1)     
        |                     
      WAN1 on
      Router1
        |
        |
      Only Internet Traffic
      to 288.333.111.0

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.