I configure my router and vlan like this:
EXTERNAL 192.168.1.1 netmask 255.255.255.249
EXTERNAL gateway 192.168.1.2
INTERNAL.VLAN1 10.2.2.1 netmask 255.255.255.0
INTERNAL.VLAN2 10.3.3.1 netmask 255.255.255.0
In my 192.168.1.2 (EXTERNAL), I add
ip route add 10.2.2.1/24 via 192.168.1.1
ip route add 10.3.3.1/24 via 192.168.1.1
We run the test
IP in VLAN1 and VLAN2 can ping each others. The member of VLAN1 could ping the gateway, so is member of VLAN2, but not the gateway on EXTERNAL network to the member of VLAN1 or VLAN2
I trap the traffic on the router, and iptables -L FORWARD -nv show the traffic going to the VLAN1 member.
On the VLAN1 and VLAN2 member, each using INTERNAL.VLAN IP as its default gateway.
Both Router and gateway using this sysctl lines for this test:
net.ipv4.tcp_syncookies=1
net.ipv4.ip_forward=1
net.ipv4.conf.all.accept_redirects=1
net.ipv4.conf.all.accept_source_route=1
net.ipv4.conf.all.send_redirects=1
net.ipv4.conf.all.rp_filter=1
net.ipv4.conf.default.rp_filter=1
net.netfilter.nf_conntrack_acct=1
net.ipv4.conf.all.log_martians=0
What did miss?
Could you dump the iptables of the router ?
Also, can ping from gw to router ? from router to VLANs ? Propably if you monitor with wireshark you 'll see what is happening.