Help with Inter VLAN Connectivity

Started by libri, April 11, 2025, 09:46:08 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions
April 11, 2025, 09:46:08 AM Last Edit: April 11, 2025, 11:05:47 PM by libri
In my network, I have a couple of VLANs, but there seem to be some issues with communication between the different VLANs. For context:

  • VLAN parents are all LAN. I'll be focusing mostly on TRUSTED (192.168.10.X) and CAMERA (192.168.30.X) VLANs
  • TRUSTED has these firewall rules. The important one is the one that is connecting to CAMERA's net.You cannot view this attachment.
  • CAMERA has these firewall rules.
    You cannot view this attachment.
    Note that once I figure out everything, I will be removing access to internet and other rules. These extra rules are merely for debugging purposes. Also note the rule that connects to the TRUSTED net.
  • From a computer in the TRUSTED VLAN, I am able to ping the CAMERA interface itself (192.168.30.1), but no computer that is connected to the CAMERA VLAN. You cannot view this attachment.
  • Interestingly enough, from a computer in the CAMERA VLAN, I am able to ping a computer in the TRUSTED VLAN despite the firewall rules simply being mirrors of each other.
    You cannot view this attachment.

I have looked into the actual interfaces themselves (CAMERA vs TRUSTED), but don't see anything different with the setup. Any ideas on why this is happening? My end goal is simply to allow TRUSTED to view CAMERA devices when I eventually install some security cameras.
April 11, 2025, 10:26:31 AM #1
I normally skip posts that don't have a salutation first and go straight to the question. But welcome to the forum.
Very nicely composed first post, clearly you spent time crafting it. You will have more chance of getting faster help if instead of links to images hosting sites, you add them to the post. A lot of folk here we don't click on those links.
April 11, 2025, 07:16:58 PM #2
Hi, thanks for the tip! I think I missed something very stupid as I believe there is some extra setup needed for pings to go through to Windows machines. When I booted up Linux on the machine in the CAMERA VLAN, I was able to ping it from the TRUSTED VLAN:

April 11, 2025, 07:24:44 PM #3
Please attach images to your posts and DO NOT USE IMGUR. At all. These "free image hosting sites" are a privacy nightmare. By just opening your post you now forced my browser to send all my private information to them.

About time I finally create that block list ...
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do. (Isaac Asimov)
April 11, 2025, 11:50:31 PM #4
Quote from: libri on April 11, 2025, 07:16:58 PMHi, thanks for the tip! I think I missed something very stupid as I believe there is some extra setup needed for pings to go through to Windows machines. When I booted up Linux on the machine in the CAMERA VLAN, I was able to ping it from the TRUSTED VLAN:
I'm glad you got it diagnosed. Maybe the windows machine needs to re-initialise its networking settings, or even has its own software firewall.
If I read it correctly, the networking problem is only OS dependent, right?
April 12, 2025, 02:04:56 AM #5
Correct, the problem was with the machine connected to the VLAN rather than the VLAN or router setup. I guess the giveaway was that I was able to connect to the interface itself which should not be possible if the path was actually blocked by firewall rules.
Print
Go Up Pages1
User actions