Hi, first time posting on the forums, unsure if its been answered or not, hopefully someone will be able to help out. Got the following setup, one RB2011UAS-RM, a switch connected to ether2 for lan access.
ether1-gateway - pppoe client for adsl service
ether2 - connects to LAN
ether3 - inactive
ether4 - inactive
ether5-dmz - /29 network
ether6-master - 100MB port for /29 network
ether7-10 - slaves for ether6
ether2 - 192.168.10.1
ether5 - 111.222.111.111, network 111.222.111.110
pppoe server setup to dish out 3 addresses
.114 - .116
.112 - local mail and web server
.113 - unused so far
Can get a pppoe client to route to internet, but cannot get firewall rule to block traffic from pppoe client to lan
routes
192.168.10.0/24 - pppoe-out1 nat connection for internal lan
111.222.111.110/29 - ether5-dmz 9
111.222.111.110 - ether-dmz (added automatically as soon as i add the address to the nic)
Basically i want to allow traffic from my lan to the dmz, but the dmz should not be able to access the lan unless initiated from the lan
Its not a true dmz, im just using that as an example
DMZ wireless clients need to pppoe into the network and get internet access, which i can get. just cant stop them getting to my lan
cheers in advance