Messages

[LAN2 - 1st rule:]

I think there is an issue with these settings, DNS is no working. I did enable LAN to this Firewall for LAN and it seems to fix problem with DNS, not sure if this is correct.

You do not need any rules on WAN.

LAN2 - 1st rule:

Source: LAN2 net
Destination LAN net
Direction: in
Action: deny

LAN2 - 2nd rule:

Source: LAN2 net
Destination: any
Direction: in
Action: allow
Gateway: WAN2 GW

LAN - 1st rule:

Source: LAN net
Destination LAN2 net
Direction: in
Action: deny

LAN - 2nd rule:

Source: LAN net
Destination: any
Direction: in
Action: allow
Gateway: WAN GW

"Out" rules are practically never used due to the stateful nature of the firewall. But this is how all firewalls have worked for ages, actually. When a client on LAN tries to reach "something" on the Internet, the initial packet is coming in the LAN interface. So "in" rule.

HTH,
Patrick

Oh, thanks, I will try that.

Thanks! It works!

My problem is that on LAN2 which suppose to route to WAN2 actually routes through WAN I tried blocking rule on LAN2 and LAN not to do cross traffic and it seems that it does not work.

PS I tried to get help on forum earlier but the only advice I got was disabling auto generated rules (and I don't know how to do that without hard resetting router).

Here are my settings for LAN/WAN and client from LAN2 gets external ip from WAN :(
My fw understanding is basic, probably I am doing something wrong?

I know it's old. May I disagree? If I need something like blocking inter-lan traffic I should not have to learn all the tricks. It would be nice to have ability to insert user rules before auto-generated. At this moment it's either completely disable autogenerated rules or start learning _all_ internals (which I don't want to spend time on because it's one time simple config which I am not allowed to do because of the auto generated rules).
All I need is to block traffic LAN/WAN <-> LAN2/WAN2 and  it seems to be really difficult to do even though just adding my own rule before any autogenerated rule would solve this.

> For me I want full control of my firewall rule.

You know this statement has two fundamental flaws?

1. You don't need a GUI for that.
2. You will likely create too broad exceptions for internal services like DNS or DHCP or IPv6, or not get it to work at all without knowing all of these by heart.


Cheers,
Franco

This works perfectly well if done correctly. Please show your configuration - just two sentences stating "it doesn't work" is too little information to help you.

Essentially you need to

- set up 2 WAN ports and gateways
- set up 2 LAN ports without gateways
- set NAT to manual
- create two outbound NAT rules - one for each WAN port with one of the LAN networks as source
- create two permit rules - one for each LAN ports, explicitly setting the desired WAN gateway

HTH,
Patrick

for >> - create two permit rules - one for each LAN ports, explicitly setting the desired WAN gateway

When I set Gateway in LAN rules (to WAN_DHCP in my case) it blocks traffic. Setting to '*' enables. I am at the dead end  :(

Gotta try after long weekend ;)

Thanks, I though about that, full manual, but I am not very confident in doing that :) Will the auto generated rules be preserved? Do I need to recreate bunch of all other autogenerated rules? I don't really understand many of them. Would be nice to have ability just to override them. I was suspicious that autogenerated rules are messing with me :)

I would like to implement two routers in one, ie I would like to have 2 WAN and 2LAN ports. Traffic should be isolated. I can't select ip4 gataway for LANs :(. pfSense allows this easily. Please, how can I do that? Default setting would just choose one upstream gateway and use it. I tried setting Firewall rules but they don't seem to work :((((