Community discussions

MUM Europe 2020
 
beginer0504
just joined
Topic Author
Posts: 18
Joined: Tue Jul 31, 2018 11:39 am

[SETUP FILTER RULES] VLAN

Wed Feb 12, 2020 10:03 am

Hi,

Diagram
111.PNG
I have 10 vlan, I want the vlan can not access together.
So I configured the firewall rules as follows:
"add action=drop chain=forward in-interface=all-vlan out-interface=all-vlan"

But I have difficulty as follows:
IP 192.168.10.10 VLAN10 need access IP range VLAN 20
IP range VLAN 10 need access IP 192.168.30.10 VLAN 30



Please help me

Tks,
You do not have the required permissions to view the files attached to this post.
Last edited by beginer0504 on Wed Feb 12, 2020 5:27 pm, edited 1 time in total.
 
savage
Forum Guru
Forum Guru
Posts: 1218
Joined: Mon Oct 18, 2004 12:07 am
Location: Cape Town, South Africa
Contact:

Re: [SETUP FILTER RULES] VLAN

Wed Feb 12, 2020 1:27 pm

Your rule allows for .30 to talk to .31. You don't have a rule to allow .31 to talk to .30
Regards,
Chris
 
mkx
Forum Guru
Forum Guru
Posts: 3745
Joined: Thu Mar 03, 2016 10:23 pm

Re: [SETUP FILTER RULES] VLAN

Wed Feb 12, 2020 2:57 pm

As always, when it comes to inventive router admins, I'm suggesting to start off with default firewall setup (available on SOHO drvices). One of rules, placed near the top of list, is this:
add action=accept chain=forward comment="defconf: accept established,related, untracked" connection-state=established,related,untracked

Which makes the rest of rules much simpler.
BR,
Metod
 
beginer0504
just joined
Topic Author
Posts: 18
Joined: Tue Jul 31, 2018 11:39 am

Re: [SETUP FILTER RULES] VLAN

Wed Feb 12, 2020 4:59 pm

As always, when it comes to inventive router admins, I'm suggesting to start off with default firewall setup (available on SOHO drvices). One of rules, placed near the top of list, is this:
add action=accept chain=forward comment="defconf: accept established,related, untracked" connection-state=established,related,untracked

Which makes the rest of rules much simpler.

Thank you for your help,

Can you give me more detailed instructions?

I have 10 vlan, I want the vlan can't communicate with each other.
but some IP ranges from one vlan may communicate with some IP ranges of another vlan.
 
beginer0504
just joined
Topic Author
Posts: 18
Joined: Tue Jul 31, 2018 11:39 am

Re: [SETUP FILTER RULES] VLAN

Wed Feb 12, 2020 5:29 pm

Please....help me
 
mkx
Forum Guru
Forum Guru
Posts: 3745
Joined: Thu Mar 03, 2016 10:23 pm

Re: [SETUP FILTER RULES] VLAN

Wed Feb 12, 2020 10:25 pm

I guess the project of yours includes 3 different aspects of networking: L2 subnetting (including VLANs), L3 interworking (IP routing) and firewalling. And I guess you're missing some knowledge in all three aspects. So you might want to either go back and try to learn (read some books or good online resources, but stay away from random youtube tutorials, most are crap) ... or hire a consultant.
BR,
Metod
 
beginer0504
just joined
Topic Author
Posts: 18
Joined: Tue Jul 31, 2018 11:39 am

Re: [SETUP FILTER RULES] VLAN

Thu Feb 13, 2020 3:15 am

I guess the project of yours includes 3 different aspects of networking: L2 subnetting (including VLANs), L3 interworking (IP routing) and firewalling. And I guess you're missing some knowledge in all three aspects. So you might want to either go back and try to learn (read some books or good online resources, but stay away from random youtube tutorials, most are crap) ... or hire a consultant.
Can you give me the name of the book? Tks 3000

Who is online

Users browsing this forum: No registered users and 56 guests