Yes , I did same as he told to me, but when I ping 1.1.1.1 it tell me destination port unreachable
doesn't look like you've set up firewall zones for your VLAN interfaces at all - unless you did that after you posted your firewall config
Actually, it doesn't look like any of your interfaces are assigned to a firewall zone
your lan zone would need to look like
config zone
option name 'lan'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
list network 'lan'
list network 'VLAN2'
list network 'VLAN3'
Perhaps
Or perhaps you want a separate zone for each vlan - not sure how you want to go about it - that's up to you
gateway is not removed from VLAN3
There is no dhcp server running for interfaces VLAN2 and 3, only on lan (careful not to conflict with dhcp running on 192.168.100.1 router)
You haven't assigned any interface to any zone. Unless there is static routing in place on the upstream routers, the VLAN interfaces won't work. Typically the upstream interface is assigned to wan zone with masquerade enabled. Finally you only need to assign the dns server on the interface where it is reachable from, in your case the lan.
I removed the default gateways from vlan 2 and 3, and still I can't ping from one vlan to another.
What's the problem ?
The firewall is, as it will by default, blocking it. Either have the VLANs in question in the same firewall zone (and have forwarding enabled in that zone), or add forwarding rules between the zones.
2 Likes
The problem is, you're only reading half the advice given, ignoring any mention of the firewall
1 Like