First of all, thank you very much for taking the necessary time.
(1) It is the residue of a previous configuration when changing the CAPS_MAN configuration to v7.13.
The intention is/was to configure a Vlan "vlan98_BASE" as the management network, changing all the elements of the network to this new vlan with id=98, and leaving the users in the "Bride_BASE" (vlan-id=1).
But given the advice, what is better? Leave the default vlan to the users and the vlan =XX to MNG or the other way around?
(2) Cleaned 4 Subnets = 4 Pools (vlan103 has been removed)
(3)![:D]( "Very Happy")
and the CAPS-MAN configuration is missing
(4) Actually the ether10 interface is not a TRUNK but since it has a Hap and with the new wifi 7.13 vlan configuration it has to work as such with the caps-man Vlans.
(5) no, pending how to act with (1)
(6) pending how to act with (1)
(7) It will be a mistake on my part because reading the help I understood that it will be necessary for them to be active to use the Firewall and Mangle rules on the VLANs
(9) Removed
(10) Would the correct one be to refer to DST-NAT?:
add action=drop chain=input comment="IN_DROP_ALL."
(11) The intention was to allow access to everything that was not connected to the router, that is, the Internet. Changed as you explain below.
(12) Made the modifications to the firewall according to the comments.
Currently all networks have access to the internet but I have created the Internet interface-list with its rule to use later.
Regarding pi-hole, Mangle rules are to capture all DNS requests from the network and NAT forward them to Pi-hole, I did not find an effective way to capture all DNS requests directly with NAT.
Again, thanks for the help.
When pi-hole does not work NETWATCH launches a script that deactivates the Mangle and Nat rules.
(1) It is the residue of a previous configuration when changing the CAPS_MAN configuration to v7.13.
The intention is/was to configure a Vlan "vlan98_BASE" as the management network, changing all the elements of the network to this new vlan with id=98, and leaving the users in the "Bride_BASE" (vlan-id=1).
But given the advice, what is better? Leave the default vlan to the users and the vlan =XX to MNG or the other way around?
(2) Cleaned 4 Subnets = 4 Pools (vlan103 has been removed)
(3)
and the CAPS-MAN configuration is missing(4) Actually the ether10 interface is not a TRUNK but since it has a Hap and with the new wifi 7.13 vlan configuration it has to work as such with the caps-man Vlans.
(5) no, pending how to act with (1)
(6) pending how to act with (1)
(7) It will be a mistake on my part because reading the help I understood that it will be necessary for them to be active to use the Firewall and Mangle rules on the VLANs
(8) Added vlans to list=Lan. What is the reason for removing the Bridge from the Lan list? security?use-ip-firewall-for-vlan (yes | no; Default: no)
Send bridged VLAN traffic to also be processed by IP/Firewall. This property only has effect when use-ip-firewall is set to yes. This property is required in case you want to assign Simple Queues or global Queue Tree to VLAN traffic in a bridge.
(9) Removed
(10) Would the correct one be to refer to DST-NAT?:
add action=drop chain=input comment="IN_DROP_ALL."
(11) The intention was to allow access to everything that was not connected to the router, that is, the Internet. Changed as you explain below.
(12) Made the modifications to the firewall according to the comments.
Currently all networks have access to the internet but I have created the Internet interface-list with its rule to use later.
Regarding pi-hole, Mangle rules are to capture all DNS requests from the network and NAT forward them to Pi-hole, I did not find an effective way to capture all DNS requests directly with NAT.
Again, thanks for the help.
When pi-hole does not work NETWATCH launches a script that deactivates the Mangle and Nat rules.
Statistics: Posted by Despra2 — Mon Jan 01, 2024 10:17 pm