Hi. i thinking many days and don’t understand - it is posible or not.
Target - need to isolate wifi from local network. all are fine, bet problem starts with servers after firewall.
to public servers i have NAT
chain=dstnat action=dst-nat to-addresses=192.168.1.20 protocol=tcp dst-address=80.80.80.80 dst-port=80
i open ports to work, wihtout whis rule not working.
chain=WIFI_forward action=accept protocol=tcp dst-address=192.168.1.20 in-interface=wifivlan out-interface=LOCAL-port=80,81,443
example i request domain.com with address 80.80.80.80 and he want to comunicate with 192.168.1.20.
Result: it is posible to hide my local server address from wifi.i need to allow only 80.80.80.80. How about two extrenal ip address, then ?
Thanks, ask me if something need.
