VLAN routing across networks

[klingon888]

AC68U running latest Merlin with AB-Solution and OpenVPN. No other customization.

I managed to set up VLAN using this guide from user schmerg and its working fine. My main LAN is at 192.168.1.0/24 and VLAN10 is at 192.168.10/24. As this setup is for my IoT devices, I need to be able to access all devices connected to the VLAN from my main LAN. I've configured the following iptables rules and added the last line but it does not seem to work. I cannot ping 192.168.10.10 from my main LAN. Due to the start up delay issue mentioned by schmerg, I moved this part of the rules to firewall-start instead of keeping it in nat-start and it seems to be working fine except for not being able to access devices on VLAN10. Appreciate any guidance as my knowledge with iptables is fairly limited!

iptables -I FORWARD -i vlan10 -m state --state NEW -j ACCEPT
iptables -I FORWARD -i vlan10 -o br0 -m state --state NEW -j DROP
iptables -I INPUT -i vlan10 -m state --state NEW -j DROP
iptables -I INPUT -i vlan10 -p tcp --dport 53 -j ACCEPT
iptables -I INPUT -i vlan10 -p udp -m multiport --dport 53,67 -j ACCEPT
iptables -I FORWARD -i br0 -o vlan10 -d 192.168.10.0/24 -j ACCEPT

 

[sfx2000]

VLAN10

I would recommend that VLAN tags start above VLAN100...

 

[klingon888]

Thanks for the suggestion. Its finally working the way I want it. I connected another laptop to the VLAN and pings went thru. Not sure why I could not ping the first laptop when it was on VLAN. When I connected it back to the main LAN, no problem pinging it, so its not a firewall on the laptop.

Moved all my IoT devices over to the new VLAN and they're all playing nicely. I was surprised my Echo and GoogleHome worked on a different IP net from my phone and casting from my main LAN to Chromecast works too.