Configuring Masquerading in LUCI

I have three networks/firewall zones, WAN, LAN, and DMZ. LAN should access WAN and DMZ, DMZ should access WAN. Connections to WAN should be masqueraded, but vonnections from LAN to DMZ should not.
If I understand corrctly, checking Masquerading in the line with LAN in the first column in luci/admin/network/firewall would masquade all traffic from LAN, including that to DMZ. Checking the respective box for WAN would Masquerade in the wrong direction.

What is the intended way to only masquerade traffic TO WAN, but in no other combination?

Masquerading should only be set on the wan zone, this will masquerade all traffic leaving the wan interface outbound.


Set masquerade on the destination zone. This is a common misunderstanding.

1 Like

Thanks for clarifying this misunderstanding. It works.

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.