Static IP and DHCP Client on Router problem?

I have a problem now between the two VLANs it passing traffic/pings.
from the router can ping 10.88.21.163 the IP of port and 10.88.21.161 remote device all good.
from the pc can ping the 10.88.21.163 but not the 10.88.21.161 not good.
Doing this from PC on vlan 1 (192.168.1.x) to vlan 21

config zone
        option name 'VLAN1'
        option input 'ACCEPT'
        option output 'ACCEPT'
        option forward 'ACCEPT'
        list network 'vlan1'

config zone
        option name 'VLAN21'
        option input 'ACCEPT'
        option output 'ACCEPT'
        option forward 'ACCEPT'
        list network 'vlan21'

config forwarding
        option src 'VLAN21'
        option dest 'VLAN1'

config forwarding
        option src 'VLAN1'
        option dest 'VLAN21'

Do I have to add a route or what do I need to change?

config device
        option name 'br-lan'
        option type 'bridge'
        list ports 'eth0'
        list ports 'lan1'
        list ports 'lan2'
        list ports 'lan3'
        list ports 'lan4'
        option bridge_empty '1'
        option ipv6 '0'

config bridge-vlan
        option device 'br-lan'
        option vlan '1'
        list ports 'eth0:t'
        list ports 'lan1:t'
        list ports 'lan2:u*'
        list ports 'lan3:u*'
        list ports 'lan4:t'

config bridge-vlan
        option device 'br-lan'
        option vlan '21'
        list ports 'eth0:t'
        list ports 'lan1:t*'
        list ports 'lan4:t*'

config interface 'vlan21'
        option proto 'static'
        option device 'br-lan.21'
        option ipaddr '10.88.21.163'
        option netmask '255.255.255.224'
        option delegate '0'
        option metric '0'

config interface 'vlan1'
        option proto 'static'
        option device 'br-lan.1'
        option ipaddr '192.168.1.1'
        option netmask '255.255.255.0'

config device
        option name 'br-lan.21'
        option type '8021q'
        option ifname 'br-lan'
        option vid '21'
        option ipv6 '0'

Check the host firewall of .161 dropping packets not from localnet.

1 Like

How does not show any logs, Have logging enabled on rules
Guess the answer is no ...

Kernel IP routing table

Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
default         x.x.x.x    0.0.0.0         UG    0      0        0 wan
10.88.21.160    *               255.255.255.224 U     0      0        0 br-lan.21
10.234.160.192  *               255.255.255.224 U     0      0        0 br-lan.160
x.x.x.x     *               255.255.255.0   U     0      0        0 wan
192.168.1.0     *               255.255.255.0   U     0      0        0 br-lan.1
192.168.2.0     *               255.255.255.0   U     0      0        0 br-lan.2
192.168.4.0     *               255.255.252.0   U     0      0        0 br-lan.4
192.168.10.0    *               255.255.255.0   U     0      0        0 br-lan.10

Does not look to be a firewall problem change the title.
Found that if the router gives IP VLANs works.
if Router gets DHCP from a client does not work
if the device (pc and router interface) has static does not work
.

Router is not supposed to be a dhcp client to a lan host, so no need to try that, as it will for sure have a messed up routing table.
If you use static IP addresses, make sure that the correct gateway is also used.
I was referring to the firewall of the lan host. Windows' firewall doesn't allow connections from IPs outside of its subnet for example.