I have tried to find some answer but without luck.
What I would like to achieve:
I have RUT240.
I have eth0 as LAN (default) and eth1, which is the WAN port used as interface LAN1.
WAN and WAN6 - disabled of course. No other changes on those interfaces.
IP network of LAN = 192.168.1.0/24 and IP network of LAN1 = 192.168.15.0/10
I want to have devices in LAN1 with specific IPs (A,B,C) that should only communicate with specific devices (that have static IPs too - X,Y,Z) in LAN.
I have tried to assign each interface (LAN, LAN1) to separate Firewall zones. That means interface LAN belongs to fw zone "lan". And interface LAN1 belongs to fw zone "LANz".
I have set firewall traffic rules. Basically 3 traffic rules for IPv4 tcp/udp source zone "lan" to destination zone "LANz", source IP X, destination IP A, accept forward. (the other 2 rules are for Y to B, and Z to C)
Then another 3 rules for IPv4 tcp/udp source zone "LANz" to destination zone "lan", source IP A, destination IP X, accept forward. (the other 2 rules are for B to Y, and C to Z)
Then another 2 rules for IPv4 ICMP source zone "LANz" to destination zone "lan", source IP (A,B,C + notebook IP) to destination IP (X,Y,Z) - and vice versa - this is to test if it works or not.
The general fw settings are = reject, accept, reject
The 2 zones (lan and LANz) - are accept, accept, reject (or accept - I have tried both) - I have added the opposite destination zone for interzone forwarding.
The problem is that this doesn´t really work. If I set the zone forward settings on both zones to accept - it works, if I set it to reject it doesn´t work (ping). The traffic rules doesn´t seem to do anything.
Am I doing something wrong or missing something?