Routing Between VLANs with Different Networks

Installing and Using OpenWrt Network and Wireless Configuration
1

I have 5 VLANs on my OpenWRT router, VLAN10 is my "secure" VLAN and all the rest are considered insecure. I have the following zone setups:

Garble
Garble890×649 78.4 KB

All VLANs are 10.0.x.x networks, VLAN10 is 10.0.10.1 and VLAN40 is 10.0.40.1 etc.

If you look at the forwarding on zone0_10 (VLAN10) you'll see it can access all the other VLANs, but none of the other VLANs can access VLAN10. There are also traffic rules for VLAN20-40 to enable DHCP and internet access.

It all works perfectly as intended, until I change the network in VLAN40 to 192.168.1.1 and then I can no longer access it from VLAN10. From VLAN10 I can ping the VLAN40 base address 192.168.1.1 but nothing else on the 192.168.1.1 network is accessible. Surely different VLANs can have different networks? How can reopen my VLAN10 (10.0.10.1) access to VLAN40 (192.168.1.1) one way only as it was originally?

2

I'll answer my own question but leave the post up in case it helps someone someday. I simply created a traffic rule to forward everything from VLAN10 to VLAN40. Works fine, and VLAN40 is still isolated and restricted as before:

VLAN10-VLAN40 Rule
VLAN10-VLAN40 Rule784×510 35.3 KB

I still don't understand why my zone rules took care of this when both VLANs were in the 10.0.x.x network, but it required a traffic rule when I changed VLAN40 to 192.168.1.1. But I won't argue with success....

3

Check persistent and runtime firewall config:

uci show firewall; iptables-save