Firewall rules for 2 subnets on same Phy interface

I have a Teltonika RUTXR1 router (which uses OpenWrt) and I'm having some difficulties configuring the firewall. My network is as follows:

  • RUTXR1 router connected to WAN
  • 1 x Physical LAN interface
  • Various "internal" virtual Win servers and users on 1 subnet (eg. 192.168.1.x/24) via a "dumb" switch.
  • 1 x "DMZ" virtual Win server on a different subnet (eg. 192.168.10.10)
  • I've used aliases to put both the subnets on the same physical router port.

As these servers are all virtual (running on the same Hyper-V host) I can't use separate physical ports, but I need the firewall to block most (not all) traffic from the DMZ to the internal LAN.

I've managed to get everything "talking" at the moment but it appears ALL traffic from the DMZ is being allowed through to the LAN. I suspect this has something to do with both subnets being in the same Zone, but I can't find how to separate the DMZ subnet into it's own Zone on the same interface.

Shouldn't the firewall route based on the IP address, rather than the physical port?

Is this even possible without using VLANs?

Thanks in advance.

Your device is not supported at openwrt.org.
If it was Openwrt you could use vlans to separate traffic on same port.

1 Like

As I said in my original post, I don't want to/can't use VLANs.

And it is OpenWrt.

Besides, I think I have found a way to do it, so thanks for your (un)helpfull response.

No, its an OpenWrt-based operating system called RutOS; unless you downloaded and installed it from the OpenWrt website, you should contact the manufacturer and ask them for support.

Easiest way to help yourself is to find an officialy supported device and recreate problem on it, like x86 VM should do (or it will prove it is something RutOS ported wrong)

This topic was automatically closed after 2 days. New replies are no longer allowed.