Reply To: VLAN to VLAN blocked routing not working (SOLVED)

Home Page Forums Network Management Networking VLAN to VLAN blocked routing not working (SOLVED) Reply To: VLAN to VLAN blocked routing not working (SOLVED)

#49557

wifiguy
Member

Alright. I think I am getting somewhere now. I really appreciate all your help in this configuration.

Here are our IPTABLES

root@fw root> iptables -L -v
Chain INPUT (policy ACCEPT 235 packets, 26925 bytes)
pkts bytes target prot opt in out source destination
7386 850K SYS_INPUT all — any any anywhere anywhere
0 0 SYS_HTTPS tcp — any any anywhere anywhere tcp dpt:http
6518 603K SYS_HTTPS tcp — any any anywhere anywhere tcp dpt:https
186 18552 SYS_SSH tcp — any any anywhere anywhere tcp dpt:ssh

Chain FORWARD (policy ACCEPT 4916 packets, 2452K bytes)
pkts bytes target prot opt in out source destination
0 0 DROP all — any any 10.0.0.0/8 172.30.0.0/16

Chain OUTPUT (policy ACCEPT 12202 packets, 1953K bytes)
pkts bytes target prot opt in out source destination
12694 1999K SYS_OUTPUT all — any any anywhere anywhere

Chain NetBalancer (0 references)
pkts bytes target prot opt in out source destination

Chain SYS_HTTPS (2 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all — lo any anywhere anywhere
6518 603K ACCEPT all — ETH01 any anywhere anywhere
0 0 DROP all — any any anywhere anywhere

Chain SYS_INPUT (1 references)
pkts bytes target prot opt in out source destination
139 21198 ACCEPT all — lo any anywhere anywhere
48 16050 ACCEPT udp — any any anywhere anywhere udp spt:domain state ESTABLISHED
144 156K ACCEPT tcp — any any anywhere anywhere tcp spt:http state ESTABLISHED
0 0 ACCEPT tcp — any any anywhere anywhere tcp spt:8245 state ESTABLISHED
116 8816 ACCEPT udp — any any anywhere anywhere udp spt:ntp state ESTABLISHED
6939 648K RETURN all — any any anywhere anywhere

Chain SYS_OUTPUT (1 references)
pkts bytes target prot opt in out source destination
139 21198 ACCEPT all — any lo anywhere anywhere
87 6234 ACCEPT udp — any any anywhere anywhere udp dpt:domain
150 9025 ACCEPT tcp — any any anywhere anywhere tcp dpt:http
0 0 ACCEPT tcp — any any anywhere anywhere tcp dpt:8245
116 8816 ACCEPT udp — any any anywhere anywhere udp dpt:ntp
12202 1953K RETURN all — any any anywhere anywhere

Chain SYS_SSH (1 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all — lo any anywhere anywhere
130 11116 ACCEPT all — any any 10.0.0.0/8 anywhere
0 0 ACCEPT all — ETH01 any anywhere anywhere
0 0 DROP all — any any anywhere anywhere

Now back to our main issue, we are still unable to block vlan to vlan traffic. For example, our native vlan, can still talk to vlan20, and 30.

Here is the rule I have set up. Thoughts?

DROP all opt — in * out * 10.0.0.0/8 -> 172.30.0.0/16

This by the way is currently the only firewall rule we have active….