I'm testing, just for learning a vlan in openwrt forum. I have created a virtual machine (Slackware 15.0) connected to another virtual machine with openwrt, my idea is create a vlan (eth1-1) which can be get access from wan, but cannot ping lan.
On Slackware machine
eth0 has ip 10.9.1.3 is connected via virtual-switch to eth1 of openwrt vm
On Openwrt machine
eth0 has ip 192.168.201.4 is connected via virtual-switch to wlan0 of host
eth1 had ip 10.9.1.2 is connected via virtual-switch to eth0 of slackware vm
If I don't use a vlan the machines can ping (one can ping other and vice-versa)
this is the configuration of network without vlan
config interface 'lan'
option device 'br-lan'
option proto 'static'
option ipaddr '192.168.201.4'
option netmask '255.255.255.0'
option ip6assign '60'
config interface 'wan'
option device 'eth1'
option proto 'dhcp'
config interface 'wan6'
option device 'eth1'
option proto 'dhcpv6'
config device
option name 'eth1'
config interface 'dmz'
option proto 'static'
option device 'eth1'
option ipaddr '10.9.1.2'
option netmask '255.255.255.0'
this is firewall, without vlan
config zone
option name 'dmz'
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
list device 'eth1'
config forwarding
option src 'lan'
option dest 'dmz'
config forwarding
option src 'dmz'
option dest 'wan'
if I configure a vlan, the machines cannot ping each other, why?
This is the network and firewall configuration using vlan
config device
option name 'eth1'
config device
option type '8021q'
option ifname 'eth1'
option vid '1'
option name 'eth1.1'
config interface 'dmz'
option proto 'static'
option device 'eth1.1'
option ipaddr '10.9.1.2'
option netmask '255.255.255.0'
config zone
option name 'dmz'
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
list device 'eth1.1'
config forwarding
option src 'lan'
option dest 'dmz'
config forwarding
option src 'dmz'
option dest 'wan'
What I miss?