Hardware - Nighthawk R7000
Firmware: DD-WRT v3.0-r28000M kongac (10/24/15)
I'm having a problem connecting to machines that are on my 192.168.2.0 VLAN that I created. I believe the VLAN is setup correctly as I am able to ping the ip address of 192.168.2.1 from 192.168.3.100.
However, I can't ping any other machine on the VLAN subnet for example 192.168.2.11 from 192.168.3.100.
My ultimate goal is that I don't want the VLAN 192.168.2.0 subnet to be able to see anything on my 192.168.3.0 subnet but I do want my 192.168.3.0 subnet to be able to reach any machine on the 192.168.2.0 subnet. I want to run my webserver on the 192.168.2.0 subnet as well as a media server for the 192.168.3.0 subnet.
vlan1 = 192.168.2.0
vlan3 = 192.168.3.0
192.168.3.0 > 192.168.2.0 GOOD
192.168.2.0 > 192.168.3.0 BAD
I also have a thread poste on dd-wrt with some additional information and some info(https://www.dd-wrt.com/phpBB2/viewtopic.php?t=288589&sid=95226e2c76c94549c2fef4b9a46033a5).
I've had some limited success (meaning atleast I'm getting some log information) using the following firewall entry:
iptables -I FORWARD -i br0 -o vlan3 -m state --state NEW -j logaccept
iptables -I FORWARD -i vlan3 -o br0 -m state --state NEW -j logdrop
Any information or guiadance would greatly be appreciated.
VB,
Recent comments