multiple LAN ranges on same interface

Question

Hi there. Newbie here. I don't get it. 
 I have two ip ranges in my network 10.0.0.0/24 and 192.168.1.0/24 
 I've setup the XG210 with the 192.168.1.0 range as LAN and everything works fine except I can't reach the 10.0.0.0 range from 192.168.1.0 range. 
 How can I remedy this ? 
 Thanks, Marc

Marc Van der Smissen · Accepted Answer

It works now. Apparently you also need a MASQ rule. 
 
 So to recap. 
 To connect 2 LAN ranges you need to connect 2 cables to 2 different interface ports and set them up correspondingly. 
 Then you need a rule like so: 
 
 Accept any service going to "LAN" zone, when in "LAN" zone, and coming from "192.168.1.0 " and " 10.0.0.0" networks 
 Source: LAN 
 Source networks and devices : 192.168.1.0,10.0.0.0 
 Destination: LAN 
 Destination networks : 192.168.1.0,10.0.0.0 
 Services : Any 
 And you also need to add a linked NAT rule where the 
 Translated source (SNAT): MASQ 
 
 I hope this helps someone, sometime :-) 
 
 *********************************************************************************************************** 
 EDIT: Please read JasP's reply herunder. I configured my 10.0.0.0 interface wrong. The IP address I had to fill in should have been the gateway address. 
 Once I changed that, I could remove the MASQ rule 
 ***********************************************************************************************************

JasP · Answer

I'm glad you got it working but adding a MASQ rule should be unnecessary. There would normally be no need to NAT the traffic between the two interfaces, straight routing is all that should be required. 
 I don't like to post a definitive answer unless I'm 100% sure and there were a couple of things I was unsure about so I dug out the XG we use for lab work and set it up with a dumb switch and a couple of laptops on different subnets. I got everything working without having to NAT the traffic but confirmed you do have to setup a firewall rule to allow the traffic between the two XG network connections even though they are in the same zone. 
 I used Port 1 and 4 on the XG, IP 172.16.16.16 and 10.10.10.16. Subnet throughout this post is 255.255.255.0 
 
 The first laptop had IP of 172.16.16.100/24, gateway 172.16.16.16. Second laptop had IP of 10.10.10.100/24, gateway 10.10.10.16 
 Firewall rule: 
 
 Both the XG ports and the two laptops were all plugged into one (very dumb, very cheap) switch. 
 I disabled the firewalls on both the laptops just for the purposes of this test. 
 With this setup, it was possible to ping each laptop from the other laptop and remote desktop from each laptop to the other laptop (no NAT required). 
 @Marc Van der Smissen I suspect the reason you needed to MASQ NAT the traffic to get it to work is because you are missing a default gateway on one of the endpoint NICs or you have multiple NICs and more than one of them has a default gateway. The inability to route without a MASQed NAT looks like a gateway issue on one (or more) of the endpoints.

multiple LAN ranges on same interface

Top Replies