Access control between wireless & LAN devices

I need to perform access control between the wireless and LAN devices. To do so, I disabled "Bridge interfaces" for the LAN interface, and it is left with eth0.1.

I also created a new Interface "WiFi" for wlan0 with static IP address


Then, I created a zone "wifi" to allow forwardings from WiFi to LAN.

Finally, I created a firewall rule to forward all traffic from WiFi to LAN.


My wireless devices are able to receive DHCP addresses. Before I begin to apply access control, I noticed wireless devices cannot even reach the WiFi interface - they cannot ping They also cannot ping

What did I do wrong? :anguished:

Thanks for helping!

LAN interface is not part of lan zone in firewall anymore, hence the grey color.

not needed, there is a forwarding there already.

1 Like

Thanks for chipping in! I will delete the unecessary firewall rule. But how do I fix the issue? Should I configure the LAN interface? For LAN, should I select eth0 (Ethernet Switch) instead of eth0.1 (Switch VLAN)?

Also, I am wondering if mistakes to my LAN interface configuration will prevent my wireless clients from reaching the wireless interface (ping

If you unbridge lan and wifi, you must assign IP addresses from separate subnets.
Refer to the Routed AP wiki article.


Nope. As @mpa noticed, you need to fix the IP addresses, because right now they are conflicting. You can have lan and wifi
Then add the lan interface into lan firewall zone as I mentioned before.

1 Like

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.