Using internet from WiFi in seperate subnet

So I searched for this in forum but I could not find anything.

I want to take internet from school wifi and bridge it to lan. But the wifi gives ip in 10.1.1x.xx form. What I want is using school net in my small 192.168.1.xx form network. So I basicly need some setup that bridges these two interfaces but with a different DHCP server in lan side.

I don't want them to be isolated so for example with ip my laptop must be able to reach in school network.

How can I do this?

Thank you..

You cannot have 2 DHCP servers on the same broadcast doman. Please explain more clearly what you mean.

If you connect via a router, you won't be isolated, the network is upstream.

If your device is capable, you can:

  • make an SSID that connects to your school AP
  • Bridge it to LAN
  • Disable DHCP on LAN
  • Done!

When you connect to your LAN SSID, you should get IPs from the upstream device.

One caveat: you must ensure your LAN IP is with the range in order to be able to reach the device.

connecting two different subnets is called routing, you connect wan of router to school net and lan of router to your personal net. all done. should work out of box

1 Like

I tried this but couldn't make it work. I set wifi to client mode and created interface wwan for it and associated the interface with wan firewall zone. So wwan normally takes ip from school networks dhcp server. I don't want lan to take ip from school network. Instead I want lan to use its own dhcp server in order to create a local environment which is in 192.168.1.x form. But also has internet connection through wwan (school network).

I hope I can describe myself now.

Make sure to check IT policy at your school and get permission from network administrator before you connect a router to the network!

I'm managing the school network :smiley:

We have no it in school and before me there were no wifi in school. I encouraged school administration to make a deal with zyxel and now we have 1gbps wifi everywhere.

So I got permission from myself :smiley:

Are you sure you want a separate subnet with a firewall and everything? Or do you just want to extend your network more?

1 Like

I just want to route the internet connection of wwan (school network with ip structure like 10.1.12.x) ( also in wan firewall) to lan clients (which have ip in form of 192.168.1.x and in lan firewall) and also I want to prevent from double-NAT because school network has its own NAT and lan interface also has NAT in it.

All of the firewall settings in default. And lan interface has static ip ( and DHCP enabled. I'm communicating with device via lan interface.

It's not clear what's not working. Here's what you should have:

start with a factory reset.

create WWAN in client mode: with ip in 10.x.x.x range

create separate WLAN SSID bridged to wired lan: with ip in 192.168.x.x range

done. it should just work.

However, it will inevitably have NAT. The only way to avoid that is to add routes to the main router to tell it to route 192.168.x.x to your device. If you do that, you can turn off masquerade on your device.

I think my problem was with masquerade in firewall. It was on while I'm trying everything.

Actual problem was routing between wwan and lan interfaces and I was also thinking it is a firewall problem because wan in itself was able to connect internet and also lan were working fine except for internet access.

I will try your solution and report here in 1h.

if you have set up a route on the main router to send 192.168.x.x to your device, then you can turn off masquerade. Also you can put the WWAN interface into the LAN firewall zone, then you will have no issue forwarding between WWAN and LAN, but you will also have no firewall (or rather, your main router will be the only firewall). If you want a firewall between your 10.x.x.x and your 192.168.x.x you should keep the WWAN in the WAN firewall zone and then set up the firewall to do the filtering you require (by default, all incoming stuff is firewalled entirely).

I want firewall because I will use UDP under lan therefore I want to restrict any UDP session coming from WWAN.

Main router of school already has bunch of vlan and subnets on it and this setup will be temporary so I don't want to mess with main router.

Thank you for your effort I will report any updates.

For minimal interaction with the upstream network you should use masquerade (NAT). This will have your router act like a user on one IP address (usually obtained by DHCP) on the school network. Internet requests from the LAN of your router will be routed out to the school. Incoming connections from the school to your router will be blocked by the firewall.

This is basically the same as the default configuration. There's no need to create a 'wwan' network just detach the Ethernet port from 'wan' and use a wifi client instead.

I created wwan because I'm also using one of the two ports of the router as a wifi to ethernet adapter which uses school network directly.

And you know what you are doing?

Something wasn't working with wan to lan routing so I opened thread for this. Rest was ok.

by default the firewall completely blocks wan to lan routing (only allowing related traffic responding to connections initiated from the LAN) this may be your main issue? If you want full routing between the two, place the WWAN into the LAN firewall zone.