I have 5 VLANs on my OpenWRT router, VLAN10 is my "secure" VLAN and all the rest are considered insecure. I have the following zone setups:
All VLANs are 10.0.x.x networks, VLAN10 is 10.0.10.1 and VLAN40 is 10.0.40.1 etc.
If you look at the forwarding on zone0_10 (VLAN10) you'll see it can access all the other VLANs, but none of the other VLANs can access VLAN10. There are also traffic rules for VLAN20-40 to enable DHCP and internet access.
It all works perfectly as intended, until I change the network in VLAN40 to 192.168.1.1 and then I can no longer access it from VLAN10. From VLAN10 I can ping the VLAN40 base address 192.168.1.1 but nothing else on the 192.168.1.1 network is accessible. Surely different VLANs can have different networks? How can reopen my VLAN10 (10.0.10.1) access to VLAN40 (192.168.1.1) one way only as it was originally?