I have a new installation on an RT-N16 using two extra vlans, vlan4 and 5. Only one is in use at the moment, this is vlan4 and is on 10.0.5.xx subnet. I have two devices, a laser printer/copier, and a Belkin Skype phone on it along with 6 desktop machines. All assigned static IP's via DHCP. Firmware is Teddy Bear's latest ext. release. The normal LAN subnet on br0 (192.168.1.xx) functions as normal and UPnP ports open correctly, all lists and QOS functioning properly. When I first set this up, for a very short time all desktops on vlan4 appeared in the device list in br0 (not vlan4) and at that time the machines were correctly shown in the QOS-Detailed and QOS graph classes. However, after a while they changed in the device list to be in vlan4, and after that they no longer appear correctly in the WOL list, QOS detailed list or the QOS graph display. They seem to show as external WAN connections to the router's WAN IP address and stop there. However each machine can surf the internet just fine. It also seems that they cannot open ports with UPnP either (some of them have Skype installed and UPnP is enabled by default). Now, here's a clue - the Skype phone and the Laser printer have ports forwarded to their admin interfaces on port 80. I can see them remotely from the WAN and once accessed, they show in the device list correctly and in the correct QOS classes. These devices therefore seem to have no problems. The obvious difference here is that the desktop machines don't have their ports forwarded. I'm assuming QOS should work on packets crossing into the WAN interface without caring where the packets originated. Something isn't quite right here, looks like some iptables scripting is missing or the firewall script needs work. I've searched for a full day and read dozens of articles, but while a few questions have been asked, there doesn't seem to be much information on this topic. Can anyone out there help? Anyone know how to fix it? The setup here is taken from various articles on the forum INIT sleep 10 nvram set vlan1ports="2 1 8*" nvram set vlan3hwname=et0 nvram set vlan3ports="4 8*" nvram set vlan4hwname=et0 nvram set vlan4ports="3 8*" nvram set manual_boot_nv=1 sleep 10 ifconfig vlan3 10.0.0.1 netmask 255.255.255.0 up; ifconfig vlan4 10.0.5.1 netmask 255.255.255.0 up; FIREWALL iptables -I INPUT -i vlan3 -j ACCEPT; iptables -I FORWARD -i vlan3 -o vlan2 -m state --state NEW -j ACCEPT; iptables -I FORWARD -i vlan3 -o ppp0 -m state --state NEW -j ACCEPT; iptables -I FORWARD -i br0 -o vlan3 -j DROP; iptables -I INPUT -i vlan4 -j ACCEPT; iptables -I FORWARD -i vlan4 -o vlan2 -m state --state NEW -j ACCEPT; iptables -I FORWARD -i vlan4 -o ppp0 -m state --state NEW -j ACCEPT; iptables -I FORWARD -i br0 -o vlan4 -j DROP; iptables -I FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu; DHCP/DNS Custom interface=vlan3 dhcp-range=net:vlan3,10.0.0.100,10.0.0.129,255.255.255.0,1440m dhcp-option=vlan3,3,10.0.0.1 dhcp-option=vlan3,6,10.0.0.1 interface=vlan4 dhcp-range=net:vlan4,10.0.5.100,10.0.5.129,255.255.255.0,1440m dhcp-option=vlan4,3,10.0.5.1 dhcp-option=vlan4,6,10.0.5.1 netstat -r Kernel IP routing table Destination Gateway Genmask Flags MSS Window irtt Iface 188.8.131.52 184.108.40.206.a 255.255.255.255 UGH 0 0 0 ppp0 220.127.116.11 * 255.255.255.255 UH 0 0 0 ppp0 18.104.22.168 22.214.171.124.a 255.255.255.255 UGH 0 0 0 ppp0 10.0.5.0 * 255.255.255.0 U 0 0 0 vlan4 10.0.0.0 * 255.255.255.0 U 0 0 0 vlan3 192.168.1.0 * 255.255.255.0 U 0 0 0 br0 127.0.0.0 * 255.0.0.0 U 0 0 0 lo default 126.96.36.199.a 0.0.0.0 UG 0 0 0 ppp0 Thanks for listening !