Hi!

I am still rudimentary at best in my understanding of routing, so I have tried to read and see if there is something I am missing.
I recently realized my dst-nat rule did not work for
but after changing it to
It seems to work fine.
The VLAN list contains all VLAN interfaces, which are in the bridge interface.
Is there something which makes bridges unable to match dst-nat rules?


Cheers,

X

Bridges are not interfaces???

OP walked right into this one: viewtopic.php?t=173692&hilit=mysteries

There can only be one interface into the routing/firewall. vlan-filtering=yes is likely set, so from the Layer3/IPv4 POV, the interface is the VLAN and its IP – the bridge VLAN filtering just forwards it to the VLAN interface at Layer2/Ethernet.

I suspect that @OP also enabled some use-ip-firewall & co ... which might not be necessary if only firewalling between different subnets (carried over VLANs) is necessary. I suggest to read bridge settings section of bridge manual.