2 weeks ago
I have a native VLAN on 192.168.0.1/24, which has a DNS server at 192.168.0.200
I also have a VLAN on the 192.168.20.1/24 range.
I have a firewall rule that blocks all inter-vlan traffic.
Question is how do i set an exception in the firewall that will allow the second VLAN to pass DNS requests to the server on the first VLAN? i.e so if a client at 192.168.20.5 sets their DNS server to 192.168.0.200 they will be able to get DNS.
I thought i could do this with port groups (allowing port 53) but no luck.
I can see in the case of Guest networks there is a firewall created on 'GUEST IN' but as you cannot press edit to see the contents i cannot copy it!
a week ago
I was always under the assumption that port forwarding was for forwarding external wan requests to internal lan ports but maybe that's incorrect?
Here's how i got my situation to work in the end:
Before Predefined Rules
IPv4 Protocol: All
Network: 192.168.20.1/24 VLAN / IPv4 Subnet
Destination: Address/Port Group
IPv4 Address Group: Group containing 192.168.0.200 (my DNS server address)
Port Group: DNS Group (53)
And then of course in the Networks settings for the 192.168.20.1/24 network, setting the DNS servers to 192.168.0.200