Page 1 of 1

Block comms between VLANs except DHCP & Public IPs

Posted: Mon Apr 01, 2013 3:06 pm
by sjoram
Hi all,

Need help on how I configure RB750 to block comms between VLANs on internal IPs (10.x.0.0/16 subnets, 1 per VLAN) but allow DHCP (inc relay) and allow any traffic directed at public IPs which have NAT rules forwarding to a host on one of the VLANs.

Re: Block comms between VLANs except DHCP & Public IPs

Posted: Mon Apr 01, 2013 4:46 pm
by CelticComms
Put a filter in the forwarding chain which drops everything (action=drop), then add filters above that one to permit (action=accept) each traffic type that you want to permit.

Re: Block comms between VLANs except DHCP & Public IPs

Posted: Tue Dec 24, 2013 9:03 pm
by sjoram
Edited:

I have this working now, except for one particular exception.

I have rules set as per below

Accept UDP 67-68 from 10.4.0.0/16 to 10.0.0.5
Drop all (other) from 10.4.0.0/16 to 10.0.0.0/8

I'm trying to add the following (above the drop rule), but it appears the below isn't allowing traffic to flow as desired.

Accept any from 10.4.0.0/16 to 10.0.6.1-2
(I've also tried adding Accept any from 10.0.6.1-2 to 10.4.0.0/16 as well even though my drop rule isn't configured to block this direction)

Any suggestions?

Re: Block comms between VLANs except DHCP & Public IPs

Posted: Sun Dec 29, 2013 11:15 am
by sjoram
Resolved - devices I was creating an exception for had a mis-configured gateway!