Hi guys.
I am a newbi to XG (18.0.0 GA-Build379.HF051220.1) and need some advice/help with the following things:
We got multiple wifi networks:
- one with PSK for mobile devices that cannot use WPA2/Enterprise
- one guest wifi with a voucher-system
- one member wifi with WPA2/Enterprise authentication
Each wifi network got its own ip address space. We got two WAN links. Port2 with public IPv4/IPv6 and Port4 for web-surfing.
My config is:
- Port2 is directly connected to my ISP with public IP addresses: WAN <-> (publicIPv4/IPv6) <-> XG_prt2
- Port4 is connected through a Fritz Box that does IPv4-NAT: WAN <-> (publicIP) FritzBox (192.168.178.1) <-> (192.168.178.3) XG_prt4
- Wifi "guest" is zone "Wifi_gast" (DMZ), DHCP 10.225.0.0/24
- Wifi "psk" is zone "Wifi_psk", DHCP 10.228.0.0/24
- Wifi "wpa2ent" is zone "LAN", DHCP 10.227.0.0/24
Now I want to put a firewall- and NAT rule in place that sends all web traffic from wifi _and_ internal network (http+https) through Port4.
Stupid question: how can I do this?
Every time I try to do this, my traffic went over to Port2 and not Port4.
Additional:
- In the log viewer I can see traffic from in="vxlan3.102" out="Port 2". It should be out="Port 4".
The NAT rule is configured as following:
- Source = wifi_psk, translated source=MASQ, destination= any, service=http,https
- NOT working: interface matching: in=any, out=Port4
- Working: interface matching: in=any, out=any
This thread was automatically locked due to age.
