Hi all,
Need help on how I configure RB750 to block comms between VLANs on internal IPs (10.x.0.0/16 subnets, 1 per VLAN) but allow DHCP (inc relay) and allow any traffic directed at public IPs which have NAT rules forwarding to a host on one of the VLANs.
Put a filter in the forwarding chain which drops everything (action=drop), then add filters above that one to permit (action=accept) each traffic type that you want to permit.
Edited:
I have this working now, except for one particular exception.
I have rules set as per below
Accept UDP 67-68 from 10.4.0.0/16 to 10.0.0.5
Drop all (other) from 10.4.0.0/16 to 10.0.0.0/8
I’m trying to add the following (above the drop rule), but it appears the below isn’t allowing traffic to flow as desired.
Accept any from 10.4.0.0/16 to 10.0.6.1-2
(I’ve also tried adding Accept any from 10.0.6.1-2 to 10.4.0.0/16 as well even though my drop rule isn’t configured to block this direction)
Any suggestions?
Resolved - devices I was creating an exception for had a mis-configured gateway!