Hey all, There are 3 routers (Primary, Guest, Public) setup as pictured in diagram: Background: I wanted to have the ability to access clients connected to the Guest Network from the Primary network. My understanding is that the difference between Gateway / Router mode is that Router mode disables NAT and allows clients behind the router to be visible with their LAN IP's to clients on the other side of the routers WAN port. So, I setup a static route on the Primary router then switched the Guest router to Router mode and added the following to the Firewall tab under [Administration -> Scripts] Code: # Allow traffic from primary router iptables -I INPUT -s 10.10.10.0/24 -j ACCEPT After this, I was successfully able to access client shares on the Guest network from the Primary network but then two other problems cropped up. Problem: After switching the Guest router to Router mode [Advanced -> Routing -> Miscellaneous -> Mode]: Clients connected to VLAN (br1) 192.168.50.0/24 on the Guest router are unable to access internet. Also, the IP Traffic Monitor on the Guest router stops working (i.e. not reporting anything) Note: Both, the VLAN internet connection and IP Traffic Monitor start working again once the Guest router is put back in Gateway mode. Troubleshooting: After comparing firewall rules on the Guest router for both Gateway and Router modes, several rules were missing in Router mode which is likely causing the problems. I've posted output for the following commands from both Gateway / Router modes: Code: iptables -vnL --line-numbers iptables -vnL --line-numbers --table nat Goal: So it's understandable that the nat rules would be gone but is it a bug that there are other chains and rules missing such as the monitor chain and FORWARD chain rules? Or is this working as designed? If someone knows better please enlighten me but my guess is I need one of the following solutions: In Router mode: How to replace the missing rules to make the IP Traffic Monitor work and enable internet on the VLAN. - OR -In Gateway mode: How to modify the firewall rules so that clients on the guest network can be accessed from the Primary network.