In my network, I have a couple of VLANs, but there seem to be some issues with communication between the different VLANs. For context:
- VLAN parents are all LAN. I'll be focusing mostly on TRUSTED (192.168.10.X) and CAMERA (192.168.30.X) VLANs
- TRUSTED has these firewall rules. The important one is the one that is connecting to CAMERA's net.trusted.png
- CAMERA has these firewall rules.
camera.png
Note that once I figure out everything, I will be removing access to internet and other rules. These extra rules are merely for debugging purposes. Also note the rule that connects to the TRUSTED net. - From a computer in the TRUSTED VLAN, I am able to ping the CAMERA interface itself (192.168.30.1), but no computer that is connected to the CAMERA VLAN. camera to trusted.png
- Interestingly enough, from a computer in the CAMERA VLAN, I am able to ping a computer in the TRUSTED VLAN despite the firewall rules simply being mirrors of each other.
trusted to camera.png
I have looked into the actual interfaces themselves (CAMERA vs TRUSTED), but don't see anything different with the setup. Any ideas on why this is happening? My end goal is simply to allow TRUSTED to view CAMERA devices when I eventually install some security cameras.
I normally skip posts that don't have a salutation first and go straight to the question. But welcome to the forum.
Very nicely composed first post, clearly you spent time crafting it. You will have more chance of getting faster help if instead of links to images hosting sites, you add them to the post. A lot of folk here we don't click on those links.
Hi, thanks for the tip! I think I missed something very stupid as I believe there is some extra setup needed for pings to go through to Windows machines. When I booted up Linux on the machine in the CAMERA VLAN, I was able to ping it from the TRUSTED VLAN:
(https://i.imgur.com/J7yKVZF.png)
Please attach images to your posts and DO NOT USE IMGUR. At all. These "free image hosting sites" are a privacy nightmare. By just opening your post you now forced my browser to send all my private information to them.
About time I finally create that block list ...
Quote from: libri on April 11, 2025, 07:16:58 PMHi, thanks for the tip! I think I missed something very stupid as I believe there is some extra setup needed for pings to go through to Windows machines. When I booted up Linux on the machine in the CAMERA VLAN, I was able to ping it from the TRUSTED VLAN:
I'm glad you got it diagnosed. Maybe the windows machine needs to re-initialise its networking settings, or even has its own software firewall.
If I read it correctly, the networking problem is only OS dependent, right?
Correct, the problem was with the machine connected to the VLAN rather than the VLAN or router setup. I guess the giveaway was that I was able to connect to the interface itself which should not be possible if the path was actually blocked by firewall rules.