Hi all. I need to make some roules to do this.
I did two lists of local addresses (“internet1” , and “internet2”) and I placed some addresses that i want to have internet access. The “internet1” through the #1 gateway and the “internet2” through the #2 gateway. I did it with mangle prerouting connection and route mark and static routes to gateways.
After I did a list named “lan” and I placed all local addresses and I did a magnle rule connection mark and route mark and I make also a filter roule to accept all traffic sourced from “lan” and destinated to “lan”.
- I make mangle rule prerouting connection-mark and route-mark to “all”= 0.0.0.0/0 addresses and droped with a filter rule so anyone except internet1 and internet2 have access to Internet , but to stil have access over local lan.
All those working correct.( I thing so). The last that I need is to redirect “all” ,that the internet access droped , to my local ip of my web server . I made a rule (not tested yet)
ip firewall nat add chain=dstnat src-address-list=all protocol=tcp port=80 action=dst-nat to-addresses “local addr.” to-ports=80
Is that correct? I need something more?
Thanks you.
P.s and a last question. What is the order of the execution of rules in differents categories of Firewall? (for ex. filter rule , mangle, nat,…)