Hello,
how is it possible to provide the ip range 10.10.10.0/24 with internet and the other ip 10.20.20.0/24 without internet and only give him access to to a certain server and automatically link this user to this server whenever he tries to access any website,… .
I’m grateful for any advice you have for me.
I will post a picture to help you understand my point.
best regards
tezjababes
Yes.
This can be done through NAT, use source NAT for your 10.10.10.0/24 range and masquerade it out of the WAN. Use DST-NAT for the 10.20.20.0/24 range and push it to the IP you have chosen.
Hello
Thx for Request not working. any ide?
Your SRCnat rules don’t change from the typical default:
chain=srcnat out-interface=ether1 action=masquerade
(assuming that ether1 is the WAN interface)
You then make some filter rules to block the 10.20.20.0/24 network from accessing the Internet:
(assumes ether2 = 10.10.10.0/24, ether3 is 10.20.20.0/24, and ether4 is the 172.16.240.x interface)
chain=forward in-interface=ether3 out-interface=!ether4 action=drop
(place this after the typical allow established/related rule but before any rule which would allow the 10.20.20.x clients out interface ether1)
Finally, to redirect the web traffic, you make a dstnat rule:
chain=dstnat in-interface=ether3 protocol=tcp dst-ports=80,443 action=dst-nat to-address=172.16.240.100
This should do what you want.