FOR TIPS, gUIDES & TUTORIALS

subscribe to our Youtube

GO TO YOUTUBE

14455 questions

17168 answers

28195 comments

0 members

We are migrating to our new platform at https://community.teltonika.lt. Moving forward, you can continue discussions on this new platform. This current platform will be temporarily maintained for reference purposes.
0 votes
2,615 views 4 comments
by anonymous
Hello,

I have set up three LAN networks on a RUT950 with latest firmware installed (RUT9XX_R_00.06.00.4):

LAN1: 192.168.130.xxx/24 with DHCP enabled

LAN2: 192.168.150.xxx/24 with DHCP enabled

LAN3: 192.168.170.xxx/24 with DHCP enabled

I've assigned each network to it's own port based VLAN:

LAN1 - Port1

LAN2 - Port2

LAN3 - Port3

However when I connect a PC to any of these LAN ports I can ping IP addresess on the other LAN networks.

Is this correct? I was expecting each LAN network, within its own VLAN, to be unable to communicate with devices on the other LAN networks.

Is there any way I can ensure that devices cannot communicate between LANs.

Thanks in advance for any responses.

2 Answers

+1 vote
by anonymous

Hi,

You can set up zone forwarding rules that will drop packets sent between your networks. You can conifgure this via the Network  Firewall → General Settings  Zone Forwarding page. You'll find the documentation for that page here

Best answer
by anonymous

Hi, thanks for the response.

I have configured Zone Forwarding as follows but can still ping IP addresses on the other VLAN ports.

Currently the router is out of the system and I'm testing this by pinging the default gateway for each LAN.

Am I still missing something?

by anonymous
Thanks Dziugas, your solution solved the problem (see comments in the second answer).
by anonymous
Glad to hear it. I was going to test it to see why it might not have worked, but I haven't really had the chance to do so the past day. Anyway, I'm glad everything worked out. Good luck using the router!
0 votes
by anonymous

Hi,

To block communication between gateways try something like this (Network -> Firewall -> Custom Rules):

iptables -A INPUT -s 192.168.130.1/24 -d 192.168.150.1/24 -j DROP

iptables -A INPUT -d 192.168.130.1/24 -s 192.168.150.1/24 -j DROP

iptables -A INPUT -s 192.168.130.1/24 -d 192.168.170.1/24 -j DROP

iptables -A INPUT -d 192.168.130.1/24 -s 192.168.170.1/24 -j DROP

iptables -A INPUT -s 192.168.150.1/24 -d 192.168.170.1/24 -j DROP

iptables -A INPUT -d 192.168.150.1/24 -s 192.168.170.1/24 -j DROP

by anonymous
Thanks, when I added these rules this seemed to work and I couldn't ping the other default gateways. However when the RUT950 was power cycled it seemed as if these rules were being ignored.

However I don't think this matters because even though its possible to ping remote gateways from another VLAN, Dziugas answer above solved the problem of being able to ping across VLANs from physical controllers etc.