Hi rpottersr , how are u ? Hope fine !! btw , I haven’t clearly understood what’s the problem … an host attached to a switchport (eg. member of vlan 3) can surf the web but not pinging his def-gw ?
With the fw rule posted above ,only traffic from ETH00.2 direct to ETH00 should be denied , but all the rest of traffic should be allowed (since the default policy is accept.. or it was changed ??).
Did you make any change in the fw rules ? Could you briefly describe your topology , ip addresses, firewall rules, and the most important, the result that would obtain ?
Everything is good, thank you for asking.
The FW rules that are currently setup are as follows
Fw policy all default , only add , in forward chain ,
in ETH00.2 out ETH00 proto all s. ip 192.168.20.0/24 d. ip 192.168.194.0/24 action DROP
in ETH00.3 out ETH00 proto all s. ip 192.168.2.0/24 d. ip 192.168.194.0/24 action DROP
in ETH00.4 out ETH00 proto all s. ip 192.168.40.0/24 d. ip 192.168.194.0/24 action DROP
the three VLANs listed above can access the internet, but cannot access VLAN1. Plus each computer on the VLANs can talk to each other in their own segment without any issues.
I think what I want to do is be able to access a computer on one of the other VLANs from VLAN1. If this is possible??