I have a Teltonika RUTXR1 router (which uses OpenWrt) and I'm having some difficulties configuring the firewall. My network is as follows:
- RUTXR1 router connected to WAN
- 1 x Physical LAN interface
- Various "internal" virtual Win servers and users on 1 subnet (eg. 192.168.1.x/24) via a "dumb" switch.
- 1 x "DMZ" virtual Win server on a different subnet (eg. 192.168.10.10)
- I've used aliases to put both the subnets on the same physical router port.
As these servers are all virtual (running on the same Hyper-V host) I can't use separate physical ports, but I need the firewall to block most (not all) traffic from the DMZ to the internal LAN.
I've managed to get everything "talking" at the moment but it appears ALL traffic from the DMZ is being allowed through to the LAN. I suspect this has something to do with both subnets being in the same Zone, but I can't find how to separate the DMZ subnet into it's own Zone on the same interface.
Shouldn't the firewall route based on the IP address, rather than the physical port?
Is this even possible without using VLANs?
Thanks in advance.