I need some help.
I am trying to isolate a port on my router using a VLAN except for ssh to it and accessing a server on it from the other VLAN's. All VLAN's/ports are to be able to access the internet.
I have succeeded in isolating the VLAN/port and making the net accessible to devices on it.
I can ssh to the devices on the isolated VLAN from the router.
I cannot ssh or ping the server on the isolated VLAN, neither can I access a web server on it via a browser on other VLAN's.
I thought the firewall zone forwarding would allow me. It didn't and neither did adding the traffic rule (see below).
What setting am I missing here, or have I misunderstood the way of setting up VLAN's and their purposes completely?
My current settings are;
On the switch:
Port CPU(eth0) CPU(eth1) LAN1 LAN2 LAN3 LAN4 WAN
Status
1 tagged off untag untag untag off off
4 tagged off off off off untag off
10 off tagged off off off off untag
Interfaces
LAN1
ipv4 192.168.1.1
Force link
Bridge interfaces eth0.1
firewall zone: lan:lan
DHCP Server: Dynamic DHCP
LAN4
ipv4 10.4.4.1
Force link
Bridge Interfaces eth0.1 eth0.4
firwall zone: lan4:LAN4
DHCP Server: Dynamic DHCP
Firewall Zones->forwarding
lan -> wan accept accept accept
lan4
wan -> REJECT reject reject reject
lan4 -> wan accept accept accept
Traffic Rules
Forwarded IPv4
From lan 192.168.1.111
To lan4 10.4.4.112
accept forward
enabled
Thanks for any help.