On Ether1 i have my office lan (servers and other computers that are connected to the wired network and also shared printers), this network is 100.0.0.0/8 (Dont ask me why is this public ips, its been like this since i started working here…)
On Ether2 i have a switch with 5 access points where clients connect their laptops and mobile phones (network 192.168.88.0/24)
On Ether5 i have a modem with a DHCP client activated and currently users from Ether2 go to internet trough here.
The point is that i want some users from Ether2 to have access to the office lan so they can print and access some servers and at the moment i dont know how to do this.
I’ve tried to just simply add the two gateways to the Route List but the lan one deactivates (turns blue and only shows D parameter) the moment I set it up…
As long as the RB has an address on ether1 in the 100.0.0.0/8 and an address on ether2 in the 192.168.88.0/24 then it will route between the 2 subnets.
This assumes that you don’t have a firewall filter rule in the forward chain blocking it, and also that you don’t have any NAT rules interfering with the IPs when talking between the 2 subnets.
AP Full 192.168.88.2-192.168.88.100
AP Restricted 192.168.88.101-192.168.88.200
Guests 192.168.88.201-192.168.88.210
Mangle Rules:
chain=prerouting action=mark-routing new-routing-mark=LAN passthrough=no src-address-list=AP Full dst-address-list=d1
chain=prerouting action=mark-routing new-routing-mark=LAN passthrough=no src-address-list=AP Full dst-address-list=d2
chain=prerouting action=mark-routing new-routing-mark=FULL passthrough=no src-address-list=Guests dst-address-list=!d1
chain=prerouting action=mark-routing new-routing-mark=FULL passthrough=no src-address-list=Guests dst-address-list=!d2
chain=prerouting action=mark-routing new-routing-mark=FULL passthrough=no src-address-list=AP Full dst-address-list=!d1
chain=prerouting action=mark-routing new-routing-mark=FULL passthrough=no src-address-list=AP Full dst-address-list=!d2
Routes:
# DST-ADDRESS PREF-SRC GATEWAY DISTANCE Routing Mark
1 A S 0.0.0.0/0 10.4.100.1 3 LAN
2 A S 0.0.0.0/0 190.101.44.193 2 FULL
3 A S 0.0.0.0/0 10.4.100.1 1
4 ADC 10.4.100.0/24 10.4.100.100 ether1-Wan1 0
5 ADC 190.101.xxx.xxx/xx 190.101.xxx.xxx ether5-Wan2 0
6 ADC 192.168.88.0/24 192.168.88.1 ether2-Lan 0
Firewall Filter:
;;; Allow Lan to AP Full
chain=forward action=accept dst-address=100.0.0.1-100.255.255.254
src-address-list=AP Full
;;; Drop Lan to AP Restricted
chain=forward action=drop dst-address=100.0.0.1-100.255.255.254
src-address-list=AP Restricted
;;; Drop Lan to Guests
chain=forward action=drop dst-address=100.0.0.1-100.255.255.254
src-address-list=Guests
This is making AP Full internet access through Wan2, AP restricted through Wan1 and Guests through Wan2.
All lan access is going through Wan1 as I wanted and the pools AP restricted and Guests have their access blocked to it by the firewall.
So everything I wanted is working as intended, I hope u guys can check it and tell me if my configuracion has flaws or errors that I need to work on.
Guys, i need some help, now i’ve implemented a hotspot so I can register all users that log on and to have a little more control over the network.
But i’m having a strange problem and I hope u can help me solve it…
DHCP server is giving out IPs in the range of the Restricted ones only, now, ive created 3 hotspot user profiles that assign IPs in the correct pool range.
This means that if I create a “user1” for example and give him the Full user profile, hotspot will assign an ip from the AP Full range, but it will not work unless I bypass the user in the IP bindings tab. (He will have permissions in the networks like he is in the AP Restricted pool)