How to enable restricted traffic between local networks?

Started by Taomyn, January 22, 2019, 09:44:14 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions
January 22, 2019, 09:44:14 AM

I have two separate local networks on my firewall, on different NICs each with it's own subnet. One is designated LAN (192.168.1.x) the other GUEST_LAN (192.168.100.x) and each has their own access point set up. This is all working well without issues except for one thing - I cannot manage the AP or any other resources on GUEST_LAN whilst connected to LAN. It's not the end of the world as I can jump onto another device on GUEST_LAN, but it's sometimes a little frustrating.


Is there a safe way to enable access for all devices on LAN to access all devices on GUEST_LAN but not the other way? I'm not sure what I need to configure to get this working or if it's actually possible or even advisable to do this.
January 22, 2019, 02:45:15 PM #1
This is pretty much a standard configuration. You can safely enable this by

Firewall: Rules: LAN
Source LAN Net; Destination Any ; Action Allow

Firewall: Rules: GUEST_LAN
Source GUEST_LAN net; Destination !LAN Net: Action Allow
DIY Tech >> www.zero-ping.blog
January 22, 2019, 04:10:05 PM #2
Quote from: ab5g on January 22, 2019, 02:45:15 PM
This is pretty much a standard configuration. You can safely enable this by

Firewall: Rules: LAN
Source LAN Net; Destination Any ; Action Allow

Firewall: Rules: GUEST_LAN
Source GUEST_LAN net; Destination !LAN Net: Action Allow


I already have rule on the LAN part of the firewall doing exactly that, yet I cannot contact anything of the other network from either network. It's the default rule.
January 23, 2019, 01:43:46 PM #3
Enable logging for certain rules and see if an earlier rule applies or if those rules apply at all.
January 23, 2019, 02:36:24 PM #4
Quote from: Nico on January 23, 2019, 01:43:46 PM
Enable logging for certain rules and see if an earlier rule applies or if those rules apply at all.


For LAN and GUEST_LAN I only have the default allow rules, all the other rules under "Floating" and "WAN" are for external networks.


I tried to add a source:"LAN net", destination "GUEST_LAN net" under "GUEST_LAN" but that made no difference.
January 23, 2019, 02:40:11 PM #5
Yet again: enable logging for those to see if they match or not.
January 23, 2019, 04:09:42 PM #6
I enabled logging and also the extra logging from the system settings, and the only hits for the IPs on GUEST_LAN were these
Print
Go Up Pages1
User actions