Can ping from one vlan can't ping from others

Hi, besides the default VLAN 1 i have made two other VLANS

  • IoT = VLAN 30 subnet 192.168.30.1/24
  • NoT = VLAN 40 192.168.40.1/24
  • lan - VLAN 1 192.168.1.1/24

I have a ubuntu vm docker host on ip 192.168.1.3, and i want to ping from both VLAN 30 and 40 to 192.168.1.3. for some reason it only works on VLAN 40 but not from VLAN 30 and i can't figure out why it's not working. All my switch, interface, dhcp and firewall rules identical for both VLAN's.

please does anyone have any suggestions where i should look to get ping working from both VLAN's to 192.168.1.3?

You would say that this rule should be enough.

config rule
	option dest 'lan'
	option src 'IoT'
	list dest_ip '192.168.1.3'
	option target 'ACCEPT'
	list proto 'all'

also see here my config files

cat /etc/config/network

config interface 'loopback'
	option ifname 'lo'
	option proto 'static'
	option ipaddr '127.0.0.1'
	option netmask '255.0.0.0'

config globals 'globals'
	option ula_prefix 'fd36:e403:1cf3::/48'

config interface 'lan'
	option type 'bridge'
	option ifname 'eth0.1'
	option proto 'static'
	option ipaddr '192.168.1.1'
	option netmask '255.255.255.0'

config interface 'wan'
	option ifname 'eth0.2'
	option proto 'dhcp'

config interface 'guest'
	option proto 'static'
	option ipaddr '192.168.20.1'
	option netmask '255.255.255.0'
	option type 'bridge'
	option ifname 'eth0.20'

config interface 'IoT'
	option proto 'static'
	option netmask '255.255.255.0'
	option type 'bridge'
	option ifname 'eth0.30'
    option ipaddr '192.168.30.1'
	option igmp_snooping '1'

config interface 'NoT'
	option proto 'static'
	option netmask '255.255.255.0'
	option type 'bridge'
	option ifname 'eth0.40'
	option ipaddr '192.168.40.1'
	option igmp_snooping '1'

config device 'lan_eth0_1_dev'
	option name 'eth0.1'
	option macaddr '18:e8:29:23:5d:f6'

config device 'wan_eth0_2_dev'
	option name 'eth0.2'
	option macaddr '18:e8:29:23:5d:f7'

config switch
	option name 'switch0'
	option reset '1'
	option enable_vlan '1'

config switch_vlan
	option device 'switch0'
	option vlan '1'
	option vid '1'
	option ports '6t 1'

config switch_vlan
	option device 'switch0'
	option vlan '2'
	option vid '2'
	option ports '6t 1t 0'

config switch_vlan
	option device 'switch0'
	option vlan '3'
	option vid '20'
	option ports '6t 1t'

config switch_vlan
	option device 'switch0'
	option vlan '4'
	option vid '40'
	option ports '6t 1t'

config switch_vlan
	option device 'switch0'
	option vlan '5'
	option vid '30'
	option ports '6t 1t'

cat /etc/config/dhcp

config dnsmasq
	option localise_queries '1'
	option rebind_protection '1'
	option rebind_localhost '1'
	option local '/lan/'
	option domain 'lan'
	option expandhosts '1'
	option authoritative '1'
	option readethers '1'
	option leasefile '/tmp/dhcp.leases'
	option resolvfile '/tmp/resolv.conf.auto'
	option localservice '0'

config odhcpd 'odhcpd'
	option maindhcp '0'
	option leasefile '/tmp/hosts/odhcpd'
	option leasetrigger '/usr/sbin/odhcpd-update'
	option loglevel '4'

config dhcp 'wan'
	option interface 'wan'
	option ignore '1'

config dhcp 'lan'
	option start '10'
	option limit '150'
	option interface 'lan'
	option leasetime '12h'
	list dhcp_option '6,192.168.1.3'

config dhcp 'guest'
	option start '100'
	option limit '150'
	option interface 'guest'
	option leasetime '1h'

config dhcp 'NoT'
	option start '100'
	option limit '150'
	option interface 'NoT'
	option leasetime '12h'

config dhcp 'IoT'
	option start '100'
	option limit '150'
	option interface 'IoT'
	option leasetime '12h'
cat /etc/config/firewall

config include
	option path '/etc/firewall.user'

config defaults
	option input 'ACCEPT'
	option output 'ACCEPT'
	option forward 'REJECT'
	option synflood_protect '1'

config zone
	option name 'wan'
	list network 'wan'
	option input 'REJECT'
	option output 'ACCEPT'
	option forward 'REJECT'
	option masq '1'
	option mtu_fix '1'

config zone
	option name 'lan'
	list network 'lan'
	option input 'ACCEPT'
	option output 'ACCEPT'
	option forward 'ACCEPT'

config zone
	option name 'guest'
	list network 'guest'
	option input 'REJECT'
	option output 'ACCEPT'
	option forward 'REJECT'

config zone
	option name 'IoT'
	list network 'IoT'
	option input 'REJECT'
	option output 'ACCEPT'
	option forward 'REJECT'

config zone
	option name 'NoT'
	list network 'NoT'
	option input 'REJECT'
	option output 'ACCEPT'
	option forward 'REJECT'
	option family 'ipv4'

config forwarding
	option src 'lan'
	option dest 'wan'

config forwarding
	option src 'lan'
	option dest 'IoT'

config forwarding
	option src 'lan'
	option dest 'NoT'

config forwarding
	option src 'guest'
	option dest 'wan'

config rule
	option name 'Allow-DHCP-Renew'
	option src 'wan'
	option proto 'udp'
	option dest_port '68'
	option target 'ACCEPT'
	option family 'ipv4'

config rule
	option name 'Allow-Ping'
	option src 'wan'
	option proto 'icmp'
	option icmp_type 'echo-request'
	option family 'ipv4'
	option target 'ACCEPT'

config rule
	option name 'Allow-IGMP'
	option src 'wan'
	option proto 'igmp'
	option family 'ipv4'
	option target 'ACCEPT'

config rule
	option name 'Allow-DHCPv6'
	option src 'wan'
	option proto 'udp'
	option src_ip 'fc00::/6'
	option dest_ip 'fc00::/6'
	option dest_port '546'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-MLD'
	option src 'wan'
	option proto 'icmp'
	option src_ip 'fe80::/10'
	list icmp_type '130/0'
	list icmp_type '131/0'
	list icmp_type '132/0'
	list icmp_type '143/0'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-ICMPv6-Input'
	option src 'wan'
	option proto 'icmp'
	list icmp_type 'echo-request'
	list icmp_type 'echo-reply'
	list icmp_type 'destination-unreachable'
	list icmp_type 'packet-too-big'
	list icmp_type 'time-exceeded'
	list icmp_type 'bad-header'
	list icmp_type 'unknown-header-type'
	list icmp_type 'router-solicitation'
	list icmp_type 'neighbour-solicitation'
	list icmp_type 'router-advertisement'
	list icmp_type 'neighbour-advertisement'
	option limit '1000/sec'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-ICMPv6-Forward'
	option src 'wan'
	option dest '*'
	option proto 'icmp'
	list icmp_type 'echo-request'
	list icmp_type 'echo-reply'
	list icmp_type 'destination-unreachable'
	list icmp_type 'packet-too-big'
	list icmp_type 'time-exceeded'
	list icmp_type 'bad-header'
	list icmp_type 'unknown-header-type'
	option limit '1000/sec'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-IPSec-ESP'
	option src 'wan'
	option dest 'lan'
	option proto 'esp'
	option target 'ACCEPT'

config rule
	option name 'Allow-ISAKMP'
	option src 'wan'
	option dest 'lan'
	option dest_port '500'
	option proto 'udp'
	option target 'ACCEPT'

config redirect
	option dest_port '80'
	option src 'wan'
	option name 'NGINX'
	option src_dport '80'
	option target 'DNAT'
	option dest_ip '192.168.1.3'
	option dest 'lan'

config redirect
	option dest_port '443'
	option src 'wan'
	option name 'NGINX'
	option src_dport '443'
	option target 'DNAT'
	option dest_ip '192.168.1.3'
	option dest 'lan'

config redirect
	option dest_port '500'
	option src 'wan'
	option name 'VPN'
	option src_dport '500'
	option target 'DNAT'
	option dest_ip '192.168.1.3'
	option dest 'lan'
	list proto 'udp'

config redirect
	option dest_port '4500'
	option src 'wan'
	option name 'VPN'
	option src_dport '4500'
	option target 'DNAT'
	option dest_ip '192.168.1.3'
	option dest 'lan'
	list proto 'udp'

config rule
	option dest_port '67-68'
	option src 'guest'
	option target 'ACCEPT'
	option family 'ipv4'
	option name 'Allow-DHCP'
	option src_port '67-68'

config rule
	option dest_port '53'
	option src 'guest'
	option target 'ACCEPT'
	option family 'ipv4'
	option name 'Allow-DNS'

config rule
	option target 'ACCEPT'
	option src 'NoT'
	option src_port '67-68'
	option dest_port '67-68'
	option family 'ipv4'
	option name 'Allow-DHCP'

config rule
	option dest_port '53'
	option src 'NoT'
	option target 'ACCEPT'
	option family 'ipv4'
	option name 'Allow-DNS'

config rule
	option src_port '5353'
	option src 'NoT'
	option name 'Allow-mDNS'
	option target 'ACCEPT'
	list dest_ip '224.0.0.251'
	option dest_port '5353'
	list proto 'udp'
	option family 'ipv4'

config rule
	option src_port '6053'
	option src 'NoT'
	option target 'ACCEPT'
	list dest_ip '192.168.1.3'
	option dest_port '6053'
	list proto 'tcp'
	option name 'Allow-EspHome-API'
	option dest 'lan'
	option family 'ipv4'

config rule
	option src_port '5683'
	option src 'NoT'
	option name 'Allow-CoIoT'
	option dest 'lan'
	list dest_ip '192.168.1.3'
	option target 'ACCEPT'
	option dest_port '5683'
	option family 'ipv4'

config rule
	option name 'Allow-NTP'
	option src 'NoT'
	option target 'ACCEPT'
	option family 'ipv4'
	list dest_ip '192.168.1.3'
	option dest_port '123'
	option dest 'lan'
	list proto 'udp'
	option enabled '0'

config rule
	option dest_port '123'
	option name 'Allow-NTP'
	option target 'ACCEPT'
	option family 'ipv4'
	list dest_ip '192.168.1.3'
	option dest 'lan'
	list proto 'udp'
	option src '*'

config rule
	option dest_port '67 68'
	option src 'IoT'
	option name ' Allow-DHCP-IoT'
	option target 'ACCEPT'
	option src_port '67 68'

config rule
	option dest_port '53'
	option src 'IoT'
	option name 'Allow-DNS-IoT'
	option target 'ACCEPT'

config rule
	option dest 'lan'
	option src 'IoT'
	list dest_ip '192.168.1.3'
	option target 'ACCEPT'
	list proto 'all'

config rule
	option dest 'lan'
	option src 'IoT'
	list dest_ip '192.168.1.3'
	option target 'ACCEPT'
	list proto 'all'