VLAN has no internet access

I have a NanoPi R2S,LAN port is connected to my ISP router using static IP 192.168.1.78 and router's IP 192.168.1.1 as gateway in VLAN1. r2s has internet and works very well in local LAN, all devices can access it's service.
Now I want to create VLAN2 with IP range 192.168.2.0/24 use WAN port for specific device, my target is that VLAN2 has DHCP and internet access, it should use 192.168.1.78 as gateway and DNS, but below settings cannot work, the device in VLAN2 can get DHCP IP and DNS services, but no internet access ,no local LAN access in VLAN1

config interface 'loopback'
        option device 'lo'
        option proto 'static'
        option ipaddr '127.0.0.1'
        option netmask '255.0.0.0'

config globals 'globals'

config device
        option name 'br-lan'
        option type 'bridge'
        option ipv6 '0'
        list ports 'eth0'
        list ports 'eth1'

config interface 'lan'
        option proto 'static'
        option netmask '255.255.255.0'
        option ip6assign '60'
        option ipv6 'off'
        option delegate '0'
        option force_link '0'
        option ipaddr '192.168.1.78'
        option gateway '192.168.1.1'
        list dns '223.5.5.5'
        list dns '223.6.6.6'
        option metric '10'
        option device 'br-lan.1'

config interface 'docker'
        option device 'docker0'
        option proto 'none'
        option auto '0'

config device
        option type 'bridge'
        option name 'docker0'

config bridge-vlan
        option device 'br-lan'
        option vlan '1'
        list ports 'eth1'

config interface 'GLAN'
        option proto 'static'
        option ipaddr '192.168.2.1'
        option netmask '255.255.255.0'
        option device 'br-lan.2'

config bridge-vlan
        option device 'br-lan'
        option vlan '2'
        list ports 'eth0'

config dnsmasq
        option domainneeded '1'
        option localise_queries '1'
        option rebind_protection '1'
        option rebind_localhost '1'
        option local '/lan/'
        option domain 'lan'
        option expandhosts '1'
        option authoritative '1'
        option readethers '1'
        option leasefile '/tmp/dhcp.leases'
        option resolvfile '/tmp/resolv.conf.d/resolv.conf.auto'
        option localservice '1'
        option ednspacket_max '1232'
        option confdir '/tmp/dnsmasq.d'
        list addnhosts '/root/hosts'

config dhcp 'lan'
        option interface 'lan'
        option start '100'
        option limit '150'
        option leasetime '12h'
        option dhcpv4 'server'
        option ignore '1'
        list ra_flags 'none'

config odhcpd 'odhcpd'
        option maindhcp '0'
        option leasefile '/tmp/hosts/odhcpd'
        option leasetrigger '/usr/sbin/odhcpd-update'
        option loglevel '4'

config dhcp 'GLAN'
        option interface 'GLAN'
        option start '100'
        option limit '150'
        option leasetime '12h'
        list dhcp_option '6,192.168.1.78'
        list ra_flags 'none'
config defaults
        option input 'ACCEPT'
        option output 'ACCEPT'
        option forward 'ACCEPT'

config zone
        option name 'lan'
        option input 'ACCEPT'
        option output 'ACCEPT'
        option forward 'ACCEPT'
        option mtu_fix '1'
        list network 'lan'

config include
        option path '/etc/firewall.user'

config include 'miniupnpd'
        option type 'script'
        option path '/usr/share/miniupnpd/firewall.include'
        option family 'any'
        option reload '1'

config zone 'docker'
        option input 'ACCEPT'
        option output 'ACCEPT'
        option forward 'ACCEPT'
        option name 'docker'
        list network 'docker'

config include 'vssr'
        option type 'script'
        option path '/var/etc/vssr.include'
        option reload '1'

config zone
        option name 'glan'
        option input 'ACCEPT'
        option output 'ACCEPT'
        option forward 'ACCEPT'
        list network 'GLAN'

config forwarding
        option src 'glan'
        option dest 'lan'

config forwarding
        option src 'lan'
        option dest 'glan'

You've got a bunch of stuff that might need to be checked, but I think the solution is simple.

Turn on masquerading on the lan firewall zone:

config zone
        option name 'lan'
        option input 'ACCEPT'
        option output 'ACCEPT'
        option forward 'ACCEPT'
        option mtu_fix '1'
        option masq '1'
        list network 'lan'
1 Like

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.