I want to setup an RB750 or RB450 for use as a small business router using masquerade or NAT for the corporate LAN and use 1 port for a separate hotspot network.
I use RB450s and RB750s for small business routers and wifi hotspot controllers, but have never setup both functions on the same router.
Now I am trying to setup an RB750 to handle both the corporate LAN using NAT and also use a separate interface for wifi hotspot.
I can setup hotspot just fine but as soon as I try to setup a separate interface (ether5) for the corporate LAN using masquerade I run into problems.
I have searched the forums but have not found anything that covers this.
Does anyone have a link to a setup for anything like this?
It should be easy but I think the hotspot NAT rules are causing problems for the LAN side masquerade srcnat rule.
My setup is as follows:
RB750
ether1 - Internet WAN using dhcp client
ether2-4 hotspot with standard 192.168.88.0/24.
ether5 LAN using 192.168.1.1/24.
Hotspot works fine and I can get the LAN (ether5) to work if I put in a NAT rule srcnat with src-address 192.168.1.0/24 masquerade.
But in testing the hotspot users can ping the LAN users so they do not appear to be separated at all.
So I must not be able to add just the simple srcnat rule with a src-address subnet.
If everything works the way you want, except you don’t want hotspot users accessing the LAN… then simply set some deny rules in the firewall in the forward chain.
Something similiar to
chain=forward interface-in=bridge interface-out=LAN action=deny