On Fri, Apr 25, 2008 at 6:41 AM, Anders Dahl <[EMAIL PROTECTED]> wrote: > Hi Chris or anyone who will help me... > > I have followed the instructions and have partly succeded. > > This is my setup: > fxp1 = Lan (this is used for management only) > fxp0 holds the following: > vlan0 = Lan_1 > vlan1 = Lan_2 > vlan2 = Lan_3 > vlan3 = Wan > vlan4 = Wan_2 > vlan5 = Wan_3 > > All these interfaces are connected to one physical port on a switch. Here it > is supplied with the xDSL- and Lan-connections. > > I have made 1 rule for every LAN that will allow all traffic to leave > through its dedicated WAN (gateway). > > I have tried with different rules to prevent Lan_1 users from leaving > through Wan_2 and Wan_3, and the same for Lan_2 and Lan_3, but nothing seems > to work. > > If I for instance make these rules on the Lan_1 interface: > Lan_1 -> any destination -through- Wan_2 [BLOCK] > Lan_1 -> any destination -through- Wan_3 [BLOCK] > Lan_1 -> any destination -through- Wan [ALLOW] >
You don't want to use block with route-to rules like that. You just need the one allow rule, since it's a route-to rule none of your clients will be able to access any other internal networks. You can add block rules above the allow rule specifying the destination(s) of the other internal networks to really be sure, but that's not necessary since every passed packet will get routed to the chosen ISP even if it matches an internal network. It may be more human readable with those additional rules though the effect is no different. They also won't ever be able to access any of the other WANs since your only pass rule specifies only that one particular WAN. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
