I have two network segments, one of them to IoT devices and wifi guests, with DHCP. The other segmet is to work, all devices use fixed IP addresses.
If I run a tracert (windows machines) from the vlan1 (192.168.13.2) to vlan2 (192.168.14.71) I get this:
1 <1 ms <1 ms <1 ms LEDE.xxxx.local [192.168.13.236]
2 94 ms 1 ms 1 ms device.xxxx.local [192.168.14.71]
So I think the traffic is passing by my router, am I correct?
So, is there a way to block traffic between two vlans?
Actually, I need all the traffic from vlan2 to vlan1 blocked and all traffic from vlan1 to vlan2 allowed.
Taken literally, that's not possible with TCP (it it, by definition, a two-way communication).
I think what you are looking for is that VLAN 1 hosts can establish a connection to hosts on VLAN 2, but not the reverse. You'll need to determine your needs and, preferably, which services you want to permit and which not. If you can narrow it down to specific services then allow the TCP "setup" from VLAN 1 to known ports on known hosts on VLAN 2, being careful with UDP (which most services don't need), and only allow "established" / "associated" packets back from the same known ports and hosts.