Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Inter VLAN Communication Blocked by Gateway

    Scheduled Pinned Locked Moved L2/Switching/VLANs
    3 Posts 2 Posters 414 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • C
      cmcphaerson
      last edited by

      I'm attempting to set up communications between multiple VLANs and would like to be able to communicate between 2 VLANs. I'm seeing odd behavior that is dependent on whether I have specified the Gateway in a given VLAN's firewall rules or left it to Default.

      For reference:

      VLAN 2 - Trusted Network
      VLAN 55 - IOT
      VLAN 56 - VPN (This VLAN uses a firewall rule tag to prevent traffic from dropping to the WAN gateway via a floating rule. VPN has it's own gateway and is working as expected)

      Goal is to bet able to talk between VLAN 2 & VLAN 55.

      I have a WAN gateway that is pointing to my ISP and a VPN gateway pointing to PIA. Firewall rules for VLAN 2 and VLAN 55 are open.

      VLAN 2
      Screen Shot 2021-03-16 at 12.36.27 PM.png

      VLAN 55
      Screen Shot 2021-03-16 at 12.36.15 PM.png

      Gateways
      Screen Shot 2021-03-16 at 12.41.55 PM.png

      When I have the Gateway specified on the VLAN 2 firewall rule, I'm able to access the internet on VLAN 2 but am unable to connect (SSH for example) from VLAN 2 to VLAN 55. If I change the Gateway to default on the VLAN 2 firewall rule, I can now connect from 2->55 but am unable to access the internet from 2. Any ideas?

      M 1 Reply Last reply Reply Quote 0
      • M
        mcury @cmcphaerson
        last edited by

        @cmcphaerson First, create a firewall rule in VLAN2, allowing VLAN2 to reach VLAN55, with gateway default, specify source VLAN2_NET and destination VLAN55_NET in this rule.
        Put this rule above the rule with gateway WAN_DHCP.

        Same for VLAN55.

        dead on arrival, nowhere to be found.

        C 1 Reply Last reply Reply Quote 1
        • C
          cmcphaerson @mcury
          last edited by

          @mcury Perfect, got it working as expected.

          Still curious about what causes the underlying issue wrt routing from the gateway but it's less of a concern since I can address the symptom.

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.