Hi! I have a Zyxel USG 200. Configured like this: Wan1: Static - 152.x.182.x -255.255.255.0 Lan1: static - 152.x.x.254 255.255.255.0 Lan2: Static 10.x.x.254 255.255.255.0
All the clients on Lan1 can communicate with internet and so on. My problem is that my clients on Lan2 cant communicate with internet and so on. The clients on Lan2 can ping 10.x.x.254. As I understand it I need to route the traffic from Lan2 to Wan1, but I cant get this to work. Clients on Lan2 are not allowed to communicate with clients on Lan1 and the other way around. Is this possible to do? And how? /Paz
Hi. Default settings stop not intra-zone traffic. This is the reason. Work on firewall LAN2 to LAN1 zone.
Dunno about your configuration, anyway ... i see LAN1 has Ip addresses in violation of RFC1918, and as USG20/50/100/200 has not chances to move iface from internal to external, you should move those addresses to wan2 iface.
Then you got, at least, 2 chances: a) use interfaces -> trunks (edit default, or add new ones) and/or b) use policy routes to let SNAT use WAN addresses
1) add a firewall LAN2 to WAN rule, to allow any any (later you could customize, allowing just what is necessary. Ok?). If needed 2) network->interfaces -> trunks -> create a trunk W2A with just wan2 active 3) network->roouting policy -> from lan2 to any outgoing= trunk W2A
Let me know
Keep in mind that policy routes are applied at first match, same for the firewall rules. Then, less general rules must be saved at the top.