Hello Forum, I’m a novice with LEDE, so I’m hoping maybe one of the more skilled members could lend their expertise here.
I have setup a single Linksys 1900acs with each port on it’s own vlan. So I have the primary lan,(which i’ll call lan1) and 3 other vlans (lan2,lan3,lan4) for the remaining ports. I’m trying to keep each vlan from being able to access the others. I also have 2 guest wireless networks that I want to keep from accessing any of the vlans, or each other.
The vlans and the guest wireless networks “almost work”.
Each vlan and Guest wireless are unable to access the other, and each hands out addresses from it’s own dhcp scope.
NOTE: Actually, lan1 can access all the others. I use this port only for router configuration.
The guest wireless networks can be seen and connected to via a laptop...So far so good.
The problem I have is that the vlans (except for lan1 port) and the wireless can not access the internet.
I can get them to work, if I change the firewalls for each vlan network to “In>ACCEPT Out>ACCEPT Forward>REJECT.”
I currently have them set as follows:
LAN1= In>ACCEPT Out>ACCEPT Forward>REJECT
LAN2= In>REJECT Out>ACCEPT Forward>REJECT
LAN3= In>REJECT Out>ACCEPT Forward>REJECT
LAN4= In>REJECT Out>ACCEPT Forward>REJECT
GUEST WIFI 1 = In>REJECT Out>ACCEPT Forward>REJECT
GUEST WIFI 2 = In> REJECT Out>ACCEPT Forward>REJECT
DNS is currently coming from ISP , and rules are set to allow dhcp and dns traffic on each interface.
Is there a way to keep the vlans and wireless from accessing one another, and still get internet access?
Everything i’ve searched on guest wireless networks recommend that firewall be set
as above, but as I mentioned, this seems to result in no internet access.
Again, this is also how I have set up lan2,lan3,lan4 firewalls. Please forgive the long, convoluted post. If this makes any sense at all, your suggestions would be greatly appreciated?
Thank you very much..