I have a vlan4 along with br0. I want to make a host having 192.168.0.50 ip, which exists on br0 192.168.0.0/16 network, accessible on vlan (10.0.1.0/24). One curious thing I noticed was the ip (192.168.0.1) of the router configuration GUI was accessible on vlan4 (which is 10.0.1.0/24 network). I was able to ssh into 192.168.0.1 even if I was on 10.0.1.0/24 network. So I entred this command on the router's shell:
ip route show table local
And it showed the local routing table which had the following line:
local 192.168.0.1 proto kernel scope host src 192.168.0.1
I entred this command in the router shell:
ip route add table local local 192.168.0.50 dev br0 proto kernel scope host src 192.168.0.50
So when I did "ip route show table local" again, I got this entry in the table:
local 192.168.0.50 proto kernel scope host src 192.168.0.50
I feel I'm on right track here. But becuase of some unrelated issues I wasn't able to test if 192.168.0.50 was accessible on 10.0.1.0/24.
I have these rules in the firewall script:
iptables -I INPUT -i vlan4 -j ACCEPT; iptables -I FORWARD -i vlan4 -o vlan2 -m state --state NEW -j ACCEPT; iptables -I FORWARD -s 192.168.0.50 -o vlan4 -j ACCEPT; iptables -I FORWARD -i br0 -o vlan4 -j DROP;
Am I miising out anything here? Or is there anything I can do which is easier than what I have mentioned?