Making lan computers not communicating with wan one's (GL-MT300N-V2 router)

User1 · 2019-04-07T10:45:22.791Z

Good morning,

I have installed my GL-MT300N-V2 as in the uploaded picture.
There is main router connected to the internet and GL-MT300N-V2 has the wan interface connected to the lan interface of the main router. In the default configuration a computer that is in the lan of the main router can’t communicate with a computer that is in the lan of GL-MT300N-V2, i would like to configure GL-MT300N-V2 so that every computer in GL-MT300N-V2 lan (in the picture LAN 192.168.12.0/24) can access to internet but can’t communicate with computers in the main router lan.
For instance PC A shouldn’t be able to communicate with PC1 but PC A must access to the internet.
Finally in this configuration, i’d like to access via VPN of the GL-MT300N-V2 only to the computers in LAN 192.168.12.0/24 and not to the ones in LAN 192.168.11.0/24
How can I obtain all that?
As a test, I tried to create a firewall rule to reject traffic from PC A to PC1 and put this rule in the 1st position of rules but i still can ping PC1 from PC A, so it seems I am not taking the right way.
Please help and thanks in advance
Kind regards!! Connections%20diagram1

kyson-lok · 2019-04-08T02:41:45.481Z

User1:

i would like to configure GL-MT300N-V2 so that every computer in GL-MT300N-V2 lan (in the picture LAN 192.168.12.0/24) can access to internet

You can add a such iptables rule on MT300N-V2.

iptables -I FORWARD -d 192.168.11.0/24 -j DROP

If you want to take it effect persistently.

echo "iptables -I FORWARD -d 192.168.11.0/24 -j DROP" >> /etc/firewall.user

User1:

i’d like to access via VPN of the GL-MT300N-V2 only to the computers in LAN 192.168.12.0/24 and not to the ones in LAN 192.168.11.0/24

A default situation is this case.

Entropy512 · 2019-04-08T15:03:40.562Z

You might want to set up some VLAN tagging such that one of the switch ports on the main router is a dedicated VLAN that allows outbound Internet access but can’t talk to the main VLAN. Then connect the MT300N to that dedicated VLAN and set it up as a dumb AP/switch.

User1 · 2019-04-08T20:12:18.756Z

Hello kyson-lok,
I did what you wrote about iptables and it works perfectly.
Thank you very much kyson-lok
I haven’t tried yet the part about VPN but I am sure it will be working as you stated, cause I think you are very expert!
Thank you again!

About the solution proposed by Entropy512 it surely works but i need GL-MT300N-V2 working as a router so I must use the solution of kyson-lok. Anyway thank you too Entropy512!
Kind regards to all