How to setup VLAN Isolation with Internal DNS server Allow Rules

My Network consists of Several VLANs, THey are all currently part of the LAN Firewall Zone. I have attempted to create Unique Firewall Zones for each VLAN but when I added the VLANs to their unique Firewall zones they were unable to Get DHCP Leases or access the Internet when configuring static IP on the device. What I'm wanting to do is to allow them DHCP and Internet access and also to allow them access to the 2 DNS servers residing within VLAN 1 at IP addresses 192.168.0.8 and 192.168.0.9.

VLAN 1 - Private
VLAN 10 - Stephen
VLAN 20 - TrentGeneva
VLAN 30 - Joshua
VLAN 100 - Guests

I am using SQM to limit Bandwith on a Per VLAN Basis, I'm not sure if that might effect things. I also have the ClamAV engine installed and active on the network.

I'm not certain as to why when I apply the Frewall Zones to the VLANS they no longer get DHCP or internet access.

I have all the Zones configured as follows

Zone ⇒ Forwardings Input Output Forward Masquerading
LAN -> WAN accept accept accept no
WAN -> REJECT reject accept reject Yes
Stephen -> WAN accept accept accept no
TrentGeneva -> WAN accept accept accept no
Joshua -> WAN accept accept accept no
Guests -> WAN accept accept accept no

If that is really the case, the firewall would work for basic straight usage.

So did you config the dhcp server to give IP addresses to all these interfaces?
And make sure to use different subnets on the different interfaces.

But once the basic routing stuff is done you will have to set up firewall rules to allow this interzone access.

Looks like The Firewall isolation is working properly now.

Now How would I go about allowing access to the DNS Servers?

Pretty much a simple firewall rule for each zone where you allow traffic from the zones to the zone and ip address and port to your dns server is located.

1 Like

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.