Been trying to segregate two separate LANs in my house, but am still getting pings across subnets.
I have an ER-X, with eth0 as the WAN, eth1 as the owner IP (192.168.2.1), and eth2 as the tenant IP (192.168.3.1)
I cannot get the ER-X to block pinging or HTTP connections between them even though I've set out 'out' rules on both interfaces that should block connections between them.
I'm running 1.9
Is there something that I'm doing wrong?
firewall {
all-ping enable
broadcast-ping disable
ipv6-receive-redirects disable
ipv6-src-route disable
ip-src-route disable
log-martians enable
name keep_owners_out {
default-action accept
description "Keep owners out of tenant areas"
enable-default-log
rule 1 {
action drop
description block_connections_to_tenants
destination {
address 192.168.3.1/24
}
log enable
p2p {
all
}
protocol all
source {
address 192.168.2.1/24
}
state {
established enable
invalid enable
new enable
related enable
}
}
}
name keep_tenants_out {
default-action accept
description "Keep tenants out of our area"
rule 1 {
action drop
description block_tenant_traffic
destination {
address 192.168.2.1/24
group {
}
}
log enable
p2p {
all
}
protocol all
source {
address 192.168.3.1/24
}
state {
established enable
invalid enable
new enable
related enable
}
}
}
....
ethernet eth1 {
address 192.168.2.1/24
description OwnerNet
duplex auto
firewall {
out {
name keep_owners_out
}
}
speed auto
}
ethernet eth2 {
address 192.168.3.1/24
description TenantNet
duplex auto
firewall {
out {
name keep_tenants_out
}
}
speed auto
}