I have a Teltonika RUT950 running (a variant of) OpenWRT and one wired device that produces a lot of multicast traffic. This is fine for all of the other wired devices but completely clogs up the WiFi. I was hoping to find a way just to block the multicast traffic from the WiFi but it seems the only way it can be done is to create 2 separate VLANs with the WiFi on it's own VLAN (which i've done). However, i'm now struggling to figure out how to allow unicast routing between the 2 VLANs. Can anyone point me in the right direction please?
In OpenWrt when you create a new interface as you describe, there isn't much to do with routing. The router is the default gateway for both networks and has routes for both subnets as directly connected.
So the next thing you should do is allow on firewall the traffic. The easiest way is to assign the new interface in lan zone.
Thanks for the reply. I thought i had done that with these 2 rules in 'Traffic Rules'
(i wanted to get everything talking and then i would try and block out the multicast)
Am I close?
Not really, you seem to allow only tcp and udp. There are other protocols too.
Delete these, go to lan firewall zone, select Edit, and in Covered Networks add the second lan interface, save and apply.
I think my interface is slightly different as i dont have an option for 'Covered Networks' anywhere. Within the firewall i only have the following tabs Zone Forwarding; Port Forwarding; Traffic Rules; Custom Rules
I am able to include all protocols in the rules i showed before though
Zone forwarding would be more appropriate, but as you said it is different so whatever works in vanilla OpenWrt may not work there the same.
Probably, but I think you are looking in the wrong place too.
General settings tab, under
Zones, find the first item (LAN > WAN), click
Edit. You will find
Covered networks in the dialogue that will pop up.
The closest i have on the first page in General Settings. Is the following list referriing to destination zones
Should i be using the first item and adding both WAN and LAN2 to it?
This doesn't look right.
You want to allow from lan to wan and the other zones, not the opposite.
Also if you edit the lan zone, you should be able to add the lan2 interface in the zone.
I think he meant adding WAN and LAN2 to the destination, which would be normally right.
But since it appears there is OpenVPN used, it should be LAN > OpenVPN and LAN2.