Device: Asus RT-AC68U
Firmware: Tomato Firmware 1.28.0000 -132 K26ARM USB AIO-64K (Shibby)
We share an office space with another group (We'll call them group#1), and they have a "requirement" that their devices be on the 192.168.1.0 subnet. Because our group (Group#2) needs remote VPN access, we cannot live on the 192.168.1.0 subnet due to potential (and realized) conflicting IP addressing. To mitigate this issue, I created a second subnet of 10.77.66.0 for Group#2 to live on.
|WAN||71.86.xxx.xxx / xx||vlan2|
|LAN (br0)||192.168.1.1 / 24||DHCP: 192.168.1.2 - 192.168.1.254||vlan1, port 4|
|LAN1 (br1)||10.77.66.1 / 24||DHCP: 10.77.66.2 - 10.77.66.100||vlan3, ports 1, 2, 3|
Then I set up VLANs to handle all the switching and separation (Also I'm not sure if I need tagging on, but it didn't seem to make a difference):
|VLAN||VID||Port 1||Tagged||Port 2||Tagged||Port 3||Tagged||Port 4||Tagged||WAN Port||Tagged||Default||Bridge|
My problems start when I try and implement a requirement from Group#1 that (2) ports be forwarded from our external address
-A wanin -d 192.168.1.100/32 -p tcp -m tcp --dport 4370 -j ACCEPT -A wanin -d 192.168.1.100/32 -p udp -m udp --dport 4370 -j ACCEPT -A wanin -d 192.168.1.99/32 -p tcp -m tcp --dport 4369 -j ACCEPT -A wanin -d 192.168.1.99/32 -p udp -m udp --dport 4369 -j ACCEPT
I first had these VLANs associated with two separate virtual wireless sites, and this set of port forwarding rules generated by the GUI functioned perfectly. As soon as I implemented the VLANs to the back physical ports, the forwarding rules stopped working. I can't find anyone else having a the same issue.
I'm not pretending to know what I'm talk about and honestly I'm just winging this stuff, but after spending a week trying to get this to work, I've tried just about everything I can think of. I'm at my wits end, what am I missing?