Hi,
I have a hEX S running with a DGS-1100-08 (D-Link Smart Switch) and want reroute all of the port-isolated switch traffic through the router in order to apply firewall rules.
In detail:
The router runs several bridged VLANs (user, services, guest, etc). Separation of the VLANs is enforced by IP tables. Switches are connected to the router using the VLANs. Behind a switch I have several client PCs in the same user-VLAN and I want to prevent that PC1 may access PC2 directly without the traffic going through the router allowing me to apply the firewall rules. This works easily for devices in different VLANs as the traffic goes through the router, of course. I want it for devices in the same VLAN and on the same switch, too.
In order to do so I deployed port isolation (d-link calls it traffic segmentation). Right now I have the following switch setup:
gateway port 1, edge ports 2-8
Port 1 may access ports 2-8 but
ports 2-8 may only access port 1.
This works and runs smoothly with one exception which is the reason for this post:
When I try to access PC2 from PC1 I get a no route to host. This means that there is no routing between these ports thus I cannot apply IP tables from the router. I want to route the traffic from port 2 to port 3 through the router (IP tables) and decide on the router whether I allow the traffic or not.
How do I apply routing in this setup? What do I need?
I would be very happy about some advice.
Best regards
Solero