Net isolation

Post new topic   Reply to topic    DD-WRT Forum Index -> Advanced Networking
Author Message
Frakko
DD-WRT Guru


Joined: 06 May 2016
Posts: 518

PostPosted: Sun Dec 20, 2020 18:09    Post subject: Net isolation Reply with quote
Good morning,
I have a netgear 7000. I proceeded to create a vlan for each of the eth ports. The first three are in "net isolation" the fourth is not. On the fourth I have a small nas server to distribute and collect my files and share them with other stations and watch videos.
Initially the configuration, thus set, allowed me to obtain the desired result. Each subnet saw only the nas and is isolated from the others. Unfortunately, the nas server on the fourth network has not been reachable for a few days. I tried on another router and the nas works fine. Was the result just random or is there something I can change to restore the situation illustrated?
Sponsor
foz111
DD-WRT Guru


Joined: 01 Oct 2017
Posts: 704
Location: Earth

PostPosted: Mon Dec 21, 2020 11:12    Post subject: Re: Net isolation Reply with quote
Frakko wrote:
Good morning,
I have a netgear 7000. I proceeded to create a vlan for each of the eth ports. The first three are in "net isolation" the fourth is not. On the fourth I have a small nas server to distribute and collect my files and share them with other stations and watch videos.
Initially the configuration, thus set, allowed me to obtain the desired result. Each subnet saw only the nas and is isolated from the others. Unfortunately, the nas server on the fourth network has not been reachable for a few days. I tried on another router and the nas works fine. Was the result just random or is there something I can change to restore the situation illustrated?


Not sure if qnap problem or settings issue as you have not posted any settings but you must allow ip range on qnap nas:
Go to Control Panel > System > Security > Allow/Deny List and add VPN/VAP/Vlan IP range.
SurprisedItWorks
DD-WRT Guru


Joined: 04 Aug 2018
Posts: 1446
Location: Appalachian mountains, USA

PostPosted: Mon Dec 21, 2020 16:48    Post subject: Reply with quote
Double check that the devices on the first three vlans cannot see each other, because unless something has changed in recent builds after years of this problem, "net isolation" only isolates a subnet from br0. They are not isolated from each other. To get the latter isolation requires custom iptables commands. The easiest way to check this out is to look carefully through the output of iptables -vnL FORWARD to find and examine the net-isolation rules.
_________________
2x Netgear XR500 and 3x Linksys WRT1900ACSv2 on 53544: VLANs, VAPs, NAS, station mode, OpenVPN client (AirVPN), wireguard server (AirVPN port forward) and clients (AzireVPN, AirVPN, private), 3 DNSCrypt providers via VPN.
Frakko
DD-WRT Guru


Joined: 06 May 2016
Posts: 518

PostPosted: Fri Dec 25, 2020 9:50    Post subject: Reply with quote
The NAS server has started working regularly again being reachable from the various LANs. I did some tests. The various Vlan, without modification, seem isolated from each other. Smile I did the tests with the Firmware version: DD-WRT v3.0-r45073 std (12/21/20). In practice, as the problem had arisen, it has now disappeared. Better that way.
Display posts from previous:    Page 1 of 1
Post new topic   Reply to topic    DD-WRT Forum Index -> Advanced Networking All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum