Ok , my setup is :
I removed the access point for clarity !
moden dsl lan:10.0.10.5--------wan mono1 (10.0.10.10) assigned by DHCP
dhcp (enable) 10.0.10.9 | (255.255.255.0)
10.0.10.10 |M GW:10.0.10.5
|O static route :192.168.2.0/24-- GW:192.168.2.96
|N Static route filtering (enable)
|O Ipsec (enable)
|1 Allow mobile clients--NAT-T (enable)
| |
Lan (192.168.1.1)-255.255.255.0 DHCP(enable) 192.168.1.100
| 192.168.1.120
| edit static maping: 192.168.1.98 mac:xx:x
| captive portal (enable) Allowed IP:192.168.1.98 and
| 192.169.1.96
|
|
| |--------Pc1 (192.168.1.98) mask 255.255.255.0 Gw: 192.168.1.1
switch |--------Pc2 ( 192.168.1.120
|--------wan mono2 (192.168.1.96)-255.255.255.0 (static IP)
|
|M
|O
static route mono2 : |N
|O
|2
|
Lan (192.168.2.1) 255.255.255.0 DHCP (enable)
| 192.168.2.100
| 192.168.2.120
|
switch|--------pc3 (192.168.2.100) 255.255.255.0 Gw.. .2.1
|--------pc4 (192.168.2.120)
|--------pc5 (192.168.2.102)
|--------pc6 (192.168.2.103)
Rule firewall for wan mono2 :
proto any, source wan Net, port any, PERMIT destination Lan NET , port any
Thank for help me !