I am trying something that seems really simple but for me as an uninitiated proves to be very hard indeed. Have been trying for more than one week now almost non stop.
content removed due to considerations
If I could just get them to talk to each other, or how to get packet forwarded is the correct term?
My general firewall settings are to allow input, output and forward.
btw, I have donated 50$ just now to the OpenWRT organization and will do so again once I finally reached my goal. I have spend countless of hours going no where. I even hired a local network engineering company at +125$ an hour and even that went no where!!!!
I have a network diagram but how to I post it? Or even how do I post my config backup tar? so that an expert can take a good look at it at this seemingly simple setup to work.
If you go to edit your reply, the comment box should have a small painting icon which on hover over says "Upload". Once you click on that you can select an image to upload from your device.
Or even how do I post my config backup tar?
I would recommend you just post the pertinent text from the various configuration files inside the backup tar. In the comment box you can click the </> icon to insert pre-formatted text like the kind OpenWRT uses for configuration. I'd say based on your question you should post the contents of:
Just make sure that what you post doesn't contain any sensitive information like public IP addresses, MAC addresses, passwords, crypto keys, etc.
Quick question: Are those separate subnets supposed to keep certain data or systems from being accessible to another subnet, with certain exceptions? Or do you just want to organize your network like .1.* for PCs, 2.* for printers, etc?
If the latter, you can simply bridge all those different interfaces that cover the various subnets. You can also add interfaces to firewall zones and then allow/deny forwarding based on firewall rules, etc. Plenty of options.
Yeah, you're right. Scratch that idea, it doesn't make sense. And once you go down the VLAN route it's a really dumb idea. So firewall zones, preferably one for each interface if security is needed with allow/deny rules controlling what traffic can cross between the zones?
Yes, I'd like to be in total control over what is able to talk to what and also keep a strcuture that is remember able by me. I have more than a few clients and things are getting hard without proper segmentation
Maybe use a host like imgur and post the link to the image here (just copy & paste it).
In your VLAN config I see you have two interfaces, eth.10 and eth.20 but VLAN ID entries for 1 & 2. Do they need to be added or modified?
I would personally hookup a switch to your tagged ports, configure the VLANs on the switch (designate trunk ports, ports for individual VLANs). Once that's done, connect with a cable and test out each individual VLAN if it can ping the router IP in that particular subnet. Just to get the basics out of the way.
One is by default reserved for the LAN interface, the other for WAN. You also have two firewall zones created for both of these with rules that allow LAN->WAN outbound traffic. You can modify those if you have your own separate uplink arrangement, but I'd stick with basics for now.
Why don't you just divide the the 256 IPs (well, 254) in some fashion?
You can use the image icon underneath the box where you type the message and browse for the file. Also if you have the image (the contents not the file path) in the clipboard you can paste here in the message box directly. Please make sure your image file size isn't too large to avoid consuming the resources of the forum.
I could, but before I do can you please motivate why that is better/easier/more sensible than my abc? I am here to learn and I am in no way suggesting that my abc is sensible from a networking engineering standpoint. It is only sensible in my mind