|
||||||||
I have a soekris net4511 setup as a wireless access point (LAN -> wi0: 192.168.89.1) and wired to another router as the WAN (WAN -> sis0: 192.168.1.67). I am not using the eth1 port. When I connected wirelessly and was given a 192.168.89.x address, I was able to browse the Local area lan in the 192.168.1.x subnet. I need to have wireless clients only be able to get to the internet (e.g., 192.168.89.x -> 192.168.89.1 -> 192.168.1.1 -> Internet) and not be able to see any other machines or addresses on the 192.168.1.x subnet. What firewall rule would I use to stop clients on the LAN (192.168.89.x) subnet from seeing machines on the WAN subnet (192.168.1.x) but still be able to get routed out to the Inet? Is this what the "block private ip" setting is for? Thanks, John |