VLAN IPtables Question

Discussion in 'Networking' started by RAINMAN, Oct 18, 2017.

  1. RAINMAN

    RAINMAN New Member

    Joined:
    Mar 5, 2016
    Messages:
    17
    Likes Received:
    5
    I created 2 separate VLANs on my router. One for my trusted devices (192.168.254.x) and one for "things" (172.16.254.x) like smart switches and that sort of thing. I also was able to configure the router so that I have access from the 192 network to the 172 network but not vice versa. All works great so far.

    I have an active directory setup that controls the DNS on the 192 network.

    AD servers:
    192.168.254.30
    192.168.254.50

    In the router (Tomato) I have to disable it being local DNS so that it uses my AD servers as the DNS. Those DNS servers then forward to a Pihole for adblocking (or root servers if the pihole was unavailable for some reason) and the pihole forwards to outside DNS for its non-cached lookups.

    Pihole:
    192.168.254.55

    This all works great, the issue is with the new VLAN (172) I created. Since I have the router set to use the AD servers as DNS and the second VLAN cannot access the 192 network I cant resolve any DNS names. What I am looking for is what IPTABLES rule can I create so that I can allow traffic on port 53 (DNS) to get to 192.168.254.30 or 50 but nothing else.

    I'm not really good with IPTABLES and have struggled with this so far so hopefully some guru can spit this out easily. It seems like it should be easy... I hope...
     
    #1
Similar Threads: VLAN IPtables
Forum Title Date
Networking Aruba S2500, vlan and ACL Feb 13, 2020
Networking Aruba S3500 VLAN Configuration Feb 7, 2020
Networking Dell Powerconnect 7048p Bind MAC to VLAN Jan 26, 2020
Networking Noob question: VLANs? for Windows 2000/XP/7 isolation Jan 10, 2020
Networking Aruba VLAN/routing help! Nov 18, 2019

Share This Page