Do not route IP subnet of main router to which GL-AX1800 is connected

Hello GL-iNet users,

I am wondering if it is possible to stop the subnet of the main router to which the GL-AX1800 is connected being routed.

The Setup:

Internet  (DSL)   <-> FRITZ!Box (Router) <-> GL-AX1800 (Router)
Public IP         <-> 192.168.179.1      <-> 192.168.179.47

The FRITZ!Box (192.168.179.0/24) is providing internet access and also has a couple of clients directly connected. The GL-AX1800 (router mode, 192.168.95.0/24 and 192.168.96.0/24 for the guest network) is connected to the FRITZ!Box and should provide an isolated network for all clients connected to the GL-AX1800.

I would like to prevent any client behind the GL-AX1800 (on the regular and guest network) to be able to connect to any IP address provided by the FRITZ!Box.

In short all clients behind GL-AX1800 should not be able to access any 192.168.179.0/24 address.

Is there a way to configure this?
(I can’t put the GL-AX1800 into a “guest network” provided by the FRITZ!Box because I can’t configure port forwads on the FRITZ!Box to devices which are in the “guest network”)

Greetings,
Bjoern

To answer my own question:
Create a “IPv4 Rule” on the incomming interfaces for the destination 192.168.178.0/24 with the Rule type “prohibit” in the LuCI WebUI (under “Network” → “Routing”).

I hade to specify the “incomming interface” otherwise my OpenVPN client didn’t work…


Greetings,
Bjoern

1 Like

Something called outbound firewall.