Do not route IP subnet of main router to which GL-AX1800 is connected

Hello GL-iNet users,

I am wondering if it is possible to stop the subnet of the main router to which the GL-AX1800 is connected being routed.

The Setup:

Internet  (DSL)   <-> FRITZ!Box (Router) <-> GL-AX1800 (Router)
Public IP         <->      <->

The FRITZ!Box ( is providing internet access and also has a couple of clients directly connected. The GL-AX1800 (router mode, and for the guest network) is connected to the FRITZ!Box and should provide an isolated network for all clients connected to the GL-AX1800.

I would like to prevent any client behind the GL-AX1800 (on the regular and guest network) to be able to connect to any IP address provided by the FRITZ!Box.

In short all clients behind GL-AX1800 should not be able to access any address.

Is there a way to configure this?
(I can’t put the GL-AX1800 into a “guest network” provided by the FRITZ!Box because I can’t configure port forwads on the FRITZ!Box to devices which are in the “guest network”)


To answer my own question:
Create a “IPv4 Rule” on the incomming interfaces for the destination with the Rule type “prohibit” in the LuCI WebUI (under “Network” → “Routing”).

I hade to specify the “incomming interface” otherwise my OpenVPN client didn’t work…


1 Like

Something called outbound firewall.