Hi to all
I'm facing a strange problem regarding lan traffic. My setup is as follows:
lan0 - 192.168.182.0/26 (switch0)
lan1 - 192.168.182.64/26 (switch0.10)
lan2 - 192.168.182.128/26 (switch0.20)
Computers on lan1 can talk to computers on lan2 and vice versa. But communication between lan0 to lan1 (both directions) and lan0 to lan2 (both directions) is not possible.
How can I get it to work? Do I need an additional firewall rule?
Please see below my config:
firewall {
all-ping enable
broadcast-ping disable
group {
}
ipv6-receive-redirects disable
ipv6-src-route disable
ip-src-route disable
log-martians enable
name WAN_IN {
default-action drop
description "WAN to internal"
rule 10 {
action accept
description "Allow established/related"
state {
established enable
related enable
}
}
rule 20 {
action drop
description "Drop invalid state"
state {
invalid enable
}
}
}
name WAN_LOCAL {
default-action drop
description "WAN to router"
rule 10 {
action accept
description "Allow established/related"
state {
established enable
related enable
}
}
rule 20 {
action drop
description "Drop invalid state"
state {
invalid enable
}
}
}
receive-redirects disable
send-redirects enable
source-validation disable
syn-cookies enable
}
interfaces {
ethernet eth0 {
address dhcp
description Internet
duplex auto
firewall {
in {
name WAN_IN
}
local {
name WAN_LOCAL
}
}
speed auto
}
ethernet eth1 {
description Local
duplex auto
speed auto
}
ethernet eth2 {
description Local
duplex auto
speed auto
}
ethernet eth3 {
description Local
duplex auto
speed auto
}
ethernet eth4 {
description Local
duplex auto
poe {
output off
}
speed auto
}
ethernet eth5 {
duplex auto
speed auto
}
loopback lo {
}
switch switch0 {
address 192.168.182.1/26
description Local
firewall {
in {
}
}
mtu 1500
switch-port {
interface eth1 {
vlan {
vid 10
vid 20
}
}
interface eth2 {
vlan {
vid 10
vid 20
}
}
interface eth3 {
vlan {
vid 10
vid 20
}
}
interface eth4 {
vlan {
vid 10
vid 20
}
}
vlan-aware enable
}
vif 10 {
address 192.168.182.65/26
mtu 1500
}
vif 20 {
address 192.168.182.129/26
mtu 1500
}
}
}
protocols {
static {
}
}
service {
dhcp-server {
disabled false
hostfile-update disable
shared-network-name lan0 {
authoritative enable
subnet 192.168.182.0/26 {
default-router 192.168.182.1
dns-server 192.168.182.1
lease 86400
start 192.168.182.30 {
stop 192.168.182.62
}
static-mapping cisco-01 {
ip-address 192.168.182.5
mac-address xx:xx:xx:xx:xx:xx
}
static-mapping cp1525n {
ip-address 192.168.182.7
mac-address xx:xx:xx:xx:xx:xx
}
static-mapping gs105e {
ip-address 192.168.182.8
mac-address xx:xx:xx:xx:xx:xx
}
static-mapping nas {
ip-address 192.168.182.4
mac-address xx:xx:xx:xx:xx:xx
}
static-mapping qlproxy {
ip-address 192.168.182.2
mac-address xx:xx:xx:xx:xx:xx
}
static-mapping qlproxyP {
ip-address 192.168.182.15
mac-address xx:xx:xx:xx:xx:xx
}
static-mapping radio {
ip-address 192.168.182.6
mac-address xx:xx:xx:xx:xx:xx
}
static-mapping router {
ip-address 192.168.182.1
mac-address xx:xx:xx:xx:xx:xx
}
static-mapping uap {
ip-address 192.168.182.3
mac-address xx:xx:xx:xx:xx:xx
}
static-mapping vbox {
ip-address 192.168.182.9
mac-address xx:xx:xx:xx:xx:xx
}
}
}
shared-network-name lan1 {
authoritative enable
subnet 192.168.182.64/26 {
default-router 192.168.182.65
dns-server 192.168.182.65
lease 86400
start 192.168.182.80 {
stop 192.168.182.126
}
}
}
shared-network-name lan2 {
authoritative enable
subnet 192.168.182.128/26 {
default-router 192.168.182.129
dns-server 192.168.182.129
lease 86400
start 192.168.182.130 {
stop 192.168.182.149
}
}
}
use-dnsmasq enable
}
dns {
forwarding {
cache-size 400
listen-on switch0
listen-on switch0.10
listen-on switch0.20
options dhcp-boot=grubnetx64.efi,boothost,nas
options dhcp-option=252,http://qlproxy.hika1/proxy.pac
options cname=wpad.hika1,qlproxy.hika1
}
}
gui {
http-port 80
https-port 443
older-ciphers enable
}
nat {
rule 5010 {
description "masquerade for WAN"
outbound-interface eth0
type masquerade
}
}
ssh {
port 22
protocol-version v2
}
}
system {
domain-name hika1
host-name ubnt
login {
user admin {
authentication {
encrypted-password $6$BW13xixJ/Rd4$h79zitl0WkYz4Tvdr6rN81Kv6iHoRELdCzXeDisHrY4ug0Mylg/M8VNg1gV3g7czJ7jNqtBj9Le9UAgUpS9Md0
plaintext-password ""
}
level admin
}
}
ntp {
server 0.ubnt.pool.ntp.org {
}
server 1.ubnt.pool.ntp.org {
}
server 2.ubnt.pool.ntp.org {
}
server 3.ubnt.pool.ntp.org {
}
}
offload {
hwnat enable
}
syslog {
global {
facility all {
level notice
}
facility protocols {
level debug
}
}
}
time-zone Europe/Zurich
}
/* Warning: Do not remove the following line. */
/* === vyatta-config-version: "config-management@1:conntrack@1:cron@1:dhcp-relay@1:dhcp-server@4:firewall@5:ipsec@5:nat@3:qos@1:quagga@2:system@4:ubnt-pptp@1:ubnt-util@1:vrrp@1:webgui@1:webproxy@1:zone-policy@1" === */
/* Release version: v1.9.0.4901118.160804.1131 */Thanks for your help.
Best regards,
chgruem