Hello Forum, I’m a novice with LEDE, so I’m hoping maybe one of the more skilled members could lend their expertise here.
I have setup a single Linksys 1900acs with each port on it’s own vlan. So I have the primary lan,(which i’ll call lan1) and 3 other vlans (lan2,lan3,lan4) for the remaining ports. I’m trying to keep each vlan from being able to access the others. I also have 2 guest wireless networks that I want to keep from accessing any of the vlans, or each other.
The vlans and the guest wireless networks “almost work”.
Each vlan and Guest wireless are unable to access the other, and each hands out addresses from it’s own dhcp scope.
NOTE: Actually, lan1 can access all the others. I use this port only for router configuration.
The guest wireless networks can be seen and connected to via a laptop...So far so good.
The problem I have is that the vlans (except for lan1 port) and the wireless can not access the internet.
I can get them to work, if I change the firewalls for each vlan network to “In>ACCEPT Out>ACCEPT Forward>REJECT.”
I currently have them set as follows:
LAN1= In>ACCEPT Out>ACCEPT Forward>REJECT
LAN2= In>REJECT Out>ACCEPT Forward>REJECT
LAN3= In>REJECT Out>ACCEPT Forward>REJECT
LAN4= In>REJECT Out>ACCEPT Forward>REJECT
GUEST WIFI 1 = In>REJECT Out>ACCEPT Forward>REJECT
GUEST WIFI 2 = In> REJECT Out>ACCEPT Forward>REJECT
DNS is currently coming from ISP , and rules are set to allow dhcp and dns traffic on each interface.
Is there a way to keep the vlans and wireless from accessing one another, and still get internet access?
Everything i’ve searched on guest wireless networks recommend that firewall be set
as above, but as I mentioned, this seems to result in no internet access.
Again, this is also how I have set up lan2,lan3,lan4 firewalls. Please forgive the long, convoluted post. If this makes any sense at all, your suggestions would be greatly appreciated?
Thanks @lleachii again for taking time here...I havent done anything with the WAN. I have only created the vlans and guest wifi and tried to configure them the best i could..Obviously im missing something or doing something wrong...
If you created a VLAN2, you did mess with the WAN. WAN is VLAN 2 on your OpenWrt device by default. Also, something seems quite odd regarding your ability to access the other LANs.
Please paste your /etc/config/network and /etc/config/firewall (please use the code bracket "</>" above.
You must create configs in the following locations:
Interfaces to make a new physical VLANs
Switch to add them to the physical LAN ports
Firewall to config INPUT, OUTPUT and FORWARD rules
You will have to forgive my ignorance, but how to i use the code bracket "</>" to paste the config files. Im sorry i dont know the correct procedure for pasting files to the post..Im just a dummy.
Again my apologies..I am new to this..including the forum..I dont want to go against normal procedures...or irritate anyone. Thanks for the tip.
As far as eth1.2, that is the WAN interface. eth0.1,eth0.3, eth0.4 and eth0.5 are the vlan interfaces
I mostly use the Web GUI, but will occasionally make a manual modification. I was able to access the internet from wlan2, but i did have to change the firewall to accept incoming traffic..By the way credit where credit is do. It appears someone named @tmomas fixed my messed up paste job.