Firewall rules

Report wireless and/or network connectivity problems in this forum.

Moderator: Moderators

Post Reply
manierofx
Posts: 21
Joined: Sun Nov 25, 2012 8:32 am

Firewall rules

Post by manierofx »

Hello guys,
I have a problem with the firewall rules I shoud put into my routers to make them communicate each other.

This is the situation:
Image (click for a bigger image)

I have 3 problems to solve:
1) the guests wifi from gargoyle blocks the traffic to the LAN/wifi clients connected to the same router, but those clients can see the clients on the WAN side (eg: gargoyle guests wifi cannot see 192.168.2.0/24 but can see all 192.168.1.0/24 which is not good at all;
2) the password wifi on gargoyle router can see the wan side, but I cannot see from the wan side to the lan gargoyle (eg: 192.168.2.0/24 can see 192.168.1.0/24 but not viceversa);
3) 192.168.1.0/24 192.168.2.0/24 and 192.168.3.0/24 should see each other.

How to manage all of these rules?

Thank you very much!

manierofx
Posts: 21
Joined: Sun Nov 25, 2012 8:32 am

Re: Firewall rules

Post by manierofx »

Nothing? :-(

ispyisail
Moderator
Posts: 5180
Joined: Mon Apr 06, 2009 3:15 am
Location: New Zealand

Re: Firewall rules

Post by ispyisail »

I depends on what you are trying to achieve and why.

I would just have one subnet instead of three. management is so much easier.

I suspect you want a fancy setup but your doing it on the cheap?

unifi will do exactly what you want perfect but you have to spends the bucks.

Gargoyle lacks GUI VLANs and a few other things

manierofx
Posts: 21
Joined: Sun Nov 25, 2012 8:32 am

Re: Firewall rules

Post by manierofx »

ispyisail wrote:I depends on what you are trying to achieve and why.
to be able to use a guest wifi network and a wpa2 protected wifi in every router and be able to connect to any client in the lan/wifi.
I would just have one subnet instead of three. management is so much easier
I would love that too, but unfortunately with one subnet the guest wifi into gargoyle doesn't work because the clients cannot reach the dhcp (lan isolation)
I suspect you want a fancy setup but your doing it on the cheap?
I don't think so
unifi will do exactly what you want perfect but you have to spends the bucks
The problem is not the money, it MUST be easy: no extra hardware, no extra software.

Probably you didn't get the point, I am not goint to add any more complexity to my lan.
Gargoyle lacks GUI VLANs and a few other things
which can be solved with some firewall rules: the reason I opened the topic.

ispyisail
Moderator
Posts: 5180
Joined: Mon Apr 06, 2009 3:15 am
Location: New Zealand

Re: Firewall rules

Post by ispyisail »

Yep, many more things are possible via command line

Once you get into command line your starting to get outside Gargoyle support.

OpenWRT / LEDE is more suited to power users.

I have a network similar to the one you describe and I use unifi equipment.

Unifi auto configures

ispyisail
Moderator
Posts: 5180
Joined: Mon Apr 06, 2009 3:15 am
Location: New Zealand

Re: Firewall rules

Post by ispyisail »

having a closer look
1) the guests wifi from gargoyle blocks the traffic to the LAN/wifi clients connected to the same router, but those clients can see the clients on the WAN side (eg: gargoyle guests wifi cannot see 192.168.2.0/24 but can see all 192.168.1.0/24 which is not good at all;
can see all 192.168.1.0/24
This is expected, VLAN is a solution but you need VLAN compatible equipment (not usually found in consumer equipment)

Another method isolation is get another router
Image

ispyisail
Moderator
Posts: 5180
Joined: Mon Apr 06, 2009 3:15 am
Location: New Zealand

Re: Firewall rules

Post by ispyisail »

2) the password wifi on gargoyle router can see the wan side, but I cannot see from the wan side to the lan gargoyle (eg: 192.168.2.0/24 can see 192.168.1.0/24 but not viceversa);
This is expected

possible solutions

- Vlan
- Single Subnet
- OpenVPN connection
- Unifi equipment

This is what VLANS are designed for. But they are not simple to set up unless you use unifi equipment. (they have done the hard work for you)

manierofx
Posts: 21
Joined: Sun Nov 25, 2012 8:32 am

Re: Firewall rules

Post by manierofx »

I would love to use one subnet only, but then the guests wifi on gargoyle routers doesn't work because clients cannot reach the dhcp router. I didn't find a solution for it yet, the only way was to use other subnets

ispyisail
Moderator
Posts: 5180
Joined: Mon Apr 06, 2009 3:15 am
Location: New Zealand

Re: Firewall rules

Post by ispyisail »

3) 192.168.1.0/24 192.168.2.0/24 and 192.168.3.0/24 should see each other.
no

I have wished the same things many times

I use and OpenVPN solution to create one network. You can't subnet browse but IP address work.

e.g. say I want to remote desktop into another subnet I will use "192.168.3.12" instead of "PC office"

ispyisail
Moderator
Posts: 5180
Joined: Mon Apr 06, 2009 3:15 am
Location: New Zealand

Re: Firewall rules

Post by ispyisail »

There are many solutions but I not aware of a firewall rule solution?

If you find one i'd be interested in it.

Post Reply