TomatoUSB

So I setup a VLAN, 3, and it's tied to LAN1(br1). 10.1.1.0/24. br0 is 192.168.1.0/24

Then i created a second wireless SSID that's bridged to LAN1(br1).

I'm using nocat on this second wireless SSID and limiting it to port 80/443 only.

I'm having trouble with keeping the VLAN1 and VLAN3 users apart.

Anyone on the guest SSID gets the nocat splash page but is also able to access devices in VLAN1.

I tried this

iptables -I FORWARD -i br0 -o vlan3 -j DROP;

but that didn't seem to do it.

Am i missing something?

do i need to use br1 instead of vlan3 above?

I can post my rules if that will help.

Thanks!