Making lan computers not communicating with wan one's (GL-MT300N-V2 router)

Technical Support for Routers
1

Good morning,

I have installed my GL-MT300N-V2 as in the uploaded picture.
There is main router connected to the internet and GL-MT300N-V2 has the wan interface connected to the lan interface of the main router. In the default configuration a computer that is in the lan of the main router can’t communicate with a computer that is in the lan of GL-MT300N-V2, i would like to configure GL-MT300N-V2 so that every computer in GL-MT300N-V2 lan (in the picture LAN 192.168.12.0/24) can access to internet but can’t communicate with computers in the main router lan.
For instance PC A shouldn’t be able to communicate with PC1 but PC A must access to the internet.
Finally in this configuration, i’d like to access via VPN of the GL-MT300N-V2 only to the computers in LAN 192.168.12.0/24 and not to the ones in LAN 192.168.11.0/24
How can I obtain all that?
As a test, I tried to create a firewall rule to reject traffic from PC A to PC1 and put this rule in the 1st position of rules but i still can ping PC1 from PC A, so it seems I am not taking the right way.
Please help and thanks in advance :slight_smile:
Kind regards!!Connections%20diagram1

2

You can add a such iptables rule on MT300N-V2.

iptables -I FORWARD -d 192.168.11.0/24 -j DROP

If you want to take it effect persistently.

echo "iptables -I FORWARD -d 192.168.11.0/24 -j DROP" >> /etc/firewall.user

A default situation is this case.

1 Like
3

You might want to set up some VLAN tagging such that one of the switch ports on the main router is a dedicated VLAN that allows outbound Internet access but can’t talk to the main VLAN. Then connect the MT300N to that dedicated VLAN and set it up as a dumb AP/switch.

4

Hello kyson-lok,
I did what you wrote about iptables and it works perfectly.
Thank you very much kyson-lok :blush:
I haven’t tried yet the part about VPN but I am sure it will be working as you stated, cause I think you are very expert!:sunglasses:
Thank you again!

About the solution proposed by Entropy512 it surely works but i need GL-MT300N-V2 working as a router so I must use the solution of kyson-lok. Anyway thank you too Entropy512!
Kind regards to all