Differences
This shows you the differences between two versions of the page.
| Next revision | Previous revision Next revisionBoth sides next revision | ||
| user:huj3r:separate_lan_using_wan_port [2022/05/21 19:32] – created huj3r | user:huj3r:separate_lan_using_wan_port [2023/04/13 05:49] – separate configuration for main/secondary routers huj3r | ||
|---|---|---|---|
| Line 13: | Line 13: | ||
| ====== Steps ====== | ====== Steps ====== | ||
| - | 0. setup the VLAN for the WAN ethernet port; make sure that you have a VLAN row (`2` for example) where one CPU core (`eth0` for example) is `tagged` and the `WAN` port is `untagged`; both must be `off` in any other VLAN row | + | This is the configuration to apply to the secondary router (the one where the separate LAN exists). |
| - | 1. under Network -> Interfaces, select Devices tab and click "Add device configuration" | + | |
| - | 2. select " | + | - setup the VLAN for the WAN ethernet port; make sure that you have a VLAN row (`2` for example) where one CPU core (`eth0` for example) is `tagged` and the `WAN` port is `untagged`; both must be `off` in any other VLAN row |
| - | 3. under bridge ports select `eth0.2` (or whichever is your WAN port); save | + | |
| - | 4. go to Network -> Interfaces and add a new interface (e.g. `LAN2`) using `br-lan2` | + | |
| - | 5. under Protocol specify " | + | |
| - | 6. select the Firewall Settings tab and create a new zone by typing there `LAN2`; save | + | |
| - | 7. configure DHCP for this new network | + | |
| - | 8. on the main router | + | |
| + | | ||
| + | |||
| + | Configuration for the main router: | ||
| + | - add a static route for `192.168.2.0/ | ||
| ====== Firewall configuration ====== | ====== Firewall configuration ====== | ||
| - | LAN -> LAN2: accept, accept, accept | ||
| LAN2 -> reject: accept, accept, reject | LAN2 -> reject: accept, accept, reject | ||
| + | |||
| + | LAN -> LAN2: accept, accept, accept | ||
| {{https:// | {{https:// | ||
| Line 32: | Line 37: | ||
| Add a forwarding rule to allow internet access: | Add a forwarding rule to allow internet access: | ||
| From LAN2 To Any zone, `!192.168.1.0/ | From LAN2 To Any zone, `!192.168.1.0/ | ||
| + | Make sure you select 'Any` for traffic. | ||
| {{https:// | {{https:// | ||