I have been using Truenas SCALE for a while now and everything is working great. Lately though I have been trying to lock down some of the communication between interfaces and I have been trying to redirect traffic between some of my vlan and bridge interfaces to hit my firewall instead of routing it locally on my Truenas server. By default, it seems that my bridge interfaces can all communicate with each other locally on Truenas without having to go to my firewall.
Is there any way to disable inter-vlan routing / connectivity between bridge interfaces on Truenas? Is this done by modifying IP tables or is there another way to do it? Thanks!!
Hey @Captain_Morgan . Here is a drawing of what my setup used to look like. Not super familiar with docker networking, I’ve mainly only configured routers, switches, firewalls, etc. Normally in my head I would expect that for one vlan to talk to another, it would have to go back to a L3 device to be routed. I’m guessing that there is some bridge or something with linux/docker networking that I’m not aware of that was allowing it to route locally between DMZ vlan 200 and managment vlan 599. I resolved this last night by configuring macvlan interfaces on my instance of traefik.
Traefik was setup a a custom docker app through dockge connected to the bridge interface binded to 10.10.10.10. the br200 interface itself on truenas was able to ping and traceroute to the 10.1.69.254 vlan599 interface with the destination being the only hop.
