I know very basic networking only.

Lets assume:
1) using tomato firmware with Asus router.
2) WAN port connect to internet
3) router has no DHCP running
4) 1 LAN port connect to machine ip 10.0.0.1, there are other 10.0.0.x machines
5) 1 LAN port connect to machine ip 192.168.0.1, there are other 192.168.0.x machines

How do i configure in the router to allow
1) only 192.168.0.1 machine to access 10.0.0.1 machine, but all other 192.168.0.x machine cant?
2) all 192.168.0.x machines can access 10.0.0.1 machine only but cant access other 10.0.0.x machines
3) all 192.168.0.x machines can access all 10.0.0.x machines ?

This is a sample image i get from the internet, i dont know how to read them


Thanks.

guna firewall/iptables la kawan. routing table dont ask source network, they only bother with destination network and which interface that will help to route the traffic.you cant tell router to not using any routing table entry for specific source IPs.
https://openwrt.org/docs/guide-user/firewal...tfilter_openwrt
you dont want, you can create more subnets.
with GUI,probably misleading but what the hell
1.

2.

3. dont set firewall rule

This post has been edited by zerorating: Jun 8 2023, 03:08 AM

route command

No need to mess with route and its a wrong way of doing it.
You should use firewall for that.

if asus router, why not just use merlin firmware if it's supported? can use gui if just need something to work or ssh into the router to tinker with it

Assuming routing between the different segments/vlan is already there....layer 3 vlan .
apply ACL on the interface, in or out. Permit this permit that, lastly last line deny everything else.