Hi,
I’m having trouble with allowing admin from one vlan to all other vlans. 10.0.0.254 > {all vlans}
have these fw rules cant find what i’m doing wrong.
Hope someone can help.
/ip firewall address-list
add address=10.0.0.0/24 comment=“VLAN: 10” list=ALL-VLAN
add address=192.168.85.0/24 comment=“VLAN: 20” list=ALL-VLAN
add address=192.168.87.0/24 comment=“VLAN: 30” list=ALL-VLAN
add address=192.168.88.0/24 comment=“VLAN: 99” list=ALL-VLAN
add address=192.168.88.0/24 comment=“VLAN: 99” list=MGT
add address=10.0.0.254/24 list=Admin
/ip firewall filter
add action=fasttrack-connection chain=forward comment=“defconf: fasttrack” connection-state=established,related
add action=accept chain=forward comment=“defconf: accept established,related, " connection-state=established,related
add action=drop chain=forward comment=“Drop invalid/malformed packets” connection-state=invalid
add action=accept chain=forward dst-address-list=MGT src-address-list=Admin
add action=accept chain=forward comment=“VLAN Internet Access only” connection-state=new in-interface-list=VLAN log=yes log-prefix=“vlan traffic” out-interface-list=WAN
add action=drop chain=forward comment=“DROP ALL other FORWARD traffic”
add action=accept chain=input comment=“Allow VLAN” in-interface-list=VLAN
add action=accept chain=input comment=“Allow Base_Vlan Full Access” in-interface=BASE_VLAN
add action=drop chain=input comment=Drop log=yes log-prefix=dropped
/ip firewall nat
add action=masquerade chain=srcnat comment=” Default masquerade" out-interface=ether1 out-interface-list=WAN