How do I setup 2 independant VLANS?



  • I currently have two VLAN's setup on the interface em1. each VLAN is configured with DHCP. VLAN2 192.168.1.1/25  VLAN3 192.168.1.128/25.

    Both VLANS's are working perfectly and am able to browse the Internet.

    From here I cannot figure out how to block VLAN3 access to VLAN2 and vice versa. Basically, what I want to have is two independant networks (VLANS) have access to the same Internet (WAN) but no access to each other.

    Any ideas on how I should approach this?



  • Firewall rules - you probably have "pass all" rules. Make those more restrictive, like:
    VLAN2: Pass source VLAN2net destination !VLAN3net
    VLAN3: Pass source VLAN3net destination !VLAN2net