Results 1 to 5 of 5
  1. #1
    Untangler
    Join Date
    Jan 2011
    Posts
    76

    Default Routing traffic between VLAN's (when they are NAT'ed)

    Hi,

    Simple question, how do I route specific traffic between VLAN's when they are NAT'ed ?

    I have 1 incoming WAN connection (not NAT'ed) and 4 VLANS (which are NAT'ed).

    This means that each VLAN is isolated from all the others, they cannot see each other, and no traffic can pass between them.

    OK, so now I'm playing around with a new WiFi Controller (TP-Link OC200) that controls 4 WiFi AP's around my house, and I want to use them to implement a guest WiFi portal with a voucher code system. This is very simple to setup. However..., the controller sits on my untagged VLAN and the Guest network is on a different VLAN. When attempting to sign into the network, the WiFi AP redirects the user to the portal login page on the OC200 which is on a different VLAN.., which it cannot see.

    So, my questions is how do I redirect the request from my guest VLAN to the OC200 device on my untagged VLAN ?

    (or is there a better way to do this all together...?)

    Thanks.
    Last edited by tescophil; 11-28-2020 at 05:35 AM.

  2. #2
    Untangler
    Join Date
    Jan 2011
    Posts
    76

    Default

    So, I'm going to answer the 'is there a better way to do this all together...?' part of my question.

    Changed my NAT setup so now the WAN interface is NAT'ed and the local internal interfaces are not.

    Setup a firewall rule to block any traffic with a source and destination interface of 'Any non-WAN', this maintains my network separation as before.(or does it ?, TCP and UDP I think...?)

    Added another firewall rule (above the 1st) to allow traffic from my guest network to the OC200 WiFi controller on the main network.

    Hey presto, everything works.

    So, is this an 'Acceptable' solution, or is there a better way to do it ?
    Last edited by tescophil; 11-28-2020 at 06:50 AM.

  3. #3
    Untangler jcoffin's Avatar
    Join Date
    Aug 2008
    Location
    Sunnyvale, CA
    Posts
    9,294

    Default

    Quote Originally Posted by tescophil View Post
    So, is this an 'Acceptable' solution, or is there a better way to do it ?
    This is the easiest solution. There are several ways to do this.
    Attention: Support and help on the Untangle Forums is provided by
    volunteers and community members like yourself.
    If you need Untangle support please call or email support@untangle.com

  4. #4
    Untangler
    Join Date
    Nov 2018
    Posts
    81

    Default

    I use Filter Rules for that because as far as I understood Firewall rule only manages TCP and UDP traffic which could be enough in some cases (or most of them).

  5. #5
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    25,464

    Default

    I'm not a huge fan of using NAT as a firewall... that's not its intended purpose and it tends to create difficult to troubleshoot issues down the road.

    I use Filter Rules to control protocols that aren't TCP and UDP, then use the firewall app to control TCP and UDP. That way I have the controls I need, but I also have logs.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2