Page 1 of 1

Cannot catch traffic

Posted: Wed Jan 06, 2021 7:04 pm
by kozubmat
Hi!
I have "problem" with config:

vlans:
30 - IOT
100 - WIFI for guests
20 - for all "known" devices like PC, NAS etc.
add address=172.16.30.0/24 list=vlan_30
add address=172.16.20.0/24 list=vlan_20
add address=172.16.100.0/24 list=vlan_100
Each vlan has its own bridge:
/interface bridge settings
set allow-fast-path=no use-ip-firewall=yes use-ip-firewall-for-vlan=yes
/interface bridge vlan
add bridge=vlan_iot comment="VLAN IOT" tagged=vlan_iot untagged=wlan5,wlan3 vlan-ids=30
add bridge=vlan_data comment="VLAN DATA" tagged=vlan_data untagged=wlan1,wlan2,ether1,ether2,ether3,ether4 vlan-ids=20
add bridge=vlan_guests comment="VLAN GUESTS" tagged=vlan_guests untagged=wlan4,wlan6 vlan-ids=100
I don't know what am I doing wrong, but I cannot:

1. disable intervlan routing - no packet are captured
add action=mark-connection chain=forward in-interface-list=VLAN_LIMITED_ACCESS log=yes log-prefix=prohibited new-connection-mark=prohibited out-interface-list=VLAN_FULL_ACCESS passthrough=yes
...
add comment="VLAN ioT" interface=vlan30 list=VLAN_LIMITED_ACCESS
add comment="VLAN DATA" interface=vlan20 list=VLAN_FULL_ACCESS
add comment="VLAN GUESTS" interface=vlan100 list=VLAN_LIMITED_ACCESS
2. restrict access ONLY in list VLAN_LIMITED_ACCESS to internet
add action=drop chain=forward in-interface-list=VLAN_LIMITED_ACCESS out-interface-list=!WAN
Counters on those rules won't increase :/