dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
1118
share rss forum feed

Paz

join:2013-03-14
352 47

Lan2 to Wan1 Zyxel USG 200

Hi!
I have a Zyxel USG 200. Configured like this:
Wan1: Static - 152.x.182.x -255.255.255.0
Lan1: static - 152.x.x.254 – 255.255.255.0
Lan2: Static – 10.x.x.254 – 255.255.255.0

All the clients on Lan1 can communicate with internet and so on.
My problem is that my clients on Lan2 can’t communicate with internet and so on.
The clients on Lan2 can ping 10.x.x.254.
As I understand it I need to route the traffic from Lan2 to Wan1, but I can’t get this to work.
Clients on Lan2 are not allowed to communicate with clients on Lan1 and the other way around.
Is this possible to do? And how?
/Paz



superataru

join:2004-12-07
Kearny, NJ

1 edit

Hi.
Default settings stop not intra-zone traffic. This is the reason.
Work on firewall LAN2 to LAN1 zone.

Dunno about your configuration, anyway ... i see LAN1 has Ip addresses in violation of RFC1918, and as USG20/50/100/200 has not chances to move iface from internal to external, you should move those addresses to wan2 iface.

Then you got, at least, 2 chances:
a) use interfaces -> trunks (edit default, or add new ones)
and/or
b) use policy routes to let SNAT use WAN addresses



Hank
Searching for a new Frontier
Premium
join:2002-05-21
Burlington, WV
kudos:2

The address violation of RFC1918 may just be a typo.



superataru

join:2004-12-07
Kearny, NJ

said by Hank:

The address violation of RFC1918 may just be a typo.

Few elements, maybe too fake ... what can we do?
Then ...
UserGuide
-> LAN settings
-> WAN Settings
-> Trunk Settings
-> Policy Routes.

Paz

join:2013-03-14
352 47
reply to Paz

Sorry just saw some typos on the IP:s. this is the correct.

Wan1: Static - 152.x.182.253 -255.255.255.0
Lan1: static - 152.x.1.254 – 255.255.255.0
Lan2: Static - 10.x.10.254 – 255.255.255.0
Wan2 Static – 152.x.182.251 – 255.255.255.0

Ok I activated Wan2 and gave it IP 152.x.182.251 – 255.255.255.0
How do I get the traffic from Lan2 to go out on Wan2?



superataru

join:2004-12-07
Kearny, NJ

Just to have a test

1) add a firewall LAN2 to WAN rule, to allow any any (later you could customize, allowing just what is necessary. Ok?). If needed
2) network->interfaces -> trunks -> create a trunk W2A with just wan2 active
3) network->roouting policy -> from lan2 to any outgoing= trunk W2A

Let me know

Keep in mind that policy routes are applied at first match, same for the firewall rules. Then, less general rules must be saved at the top.