I have some smart home devices (security cam etc), which opens a connection to a internet service for to access via app. So it is like an VPN into my network.
So I want to put them into the guestwifi of my main Router (Fritzbox cable).
But I want to access these devices from other software in my normal LAN network.
The main router does not allow to access the guestlan from the normal network.
So my idea was: to install openwrt on a raspberry pi. The openwrt has a LAN interface in my home network (Zone lan) and a wifi client interface to the guestWifi (Zone wifiguest).
For every device I want to access in the guestwifi I create an alias interface (lanX) with seperate IP on the home network interface.
So far it works....
I tried to create a route from interface lan1 (192.yyy.xxx.13) to the target IP of the security cam, but I could not access it.
I there anything else to do ? I only use the UI not the command lines or config files.
Here is a diagramm of my "solution idea" .
Even if you create a route, your computers have not been told to use it. You would need to add it on the DHCP server (not the device with the DHCP server) so it announces the new route to the clients, but I doubt an original firmware would do that.
Why not put everything you dont trust on the wifi shared by the Fritzbox, then everything else behind the 2nd firewall of the openwrt device?
Everything attached to the Fritz should still be accessible from behind the openwrt.
I want to connect to 192.yyy.xxx.13 (than it should route/nat ? ) to the 172.yyy.xxx.2... that is my idea
hm, because the Fritzbox has a lot features (strong wifi / nas etc) wich I want to use for my home net.
The openWRT is only a "raspberry pi 3"
Where did you create this route ?
In openwrt or on the fritz box ?
On the fritz box you can add additional routes. I have a fritz box as main router and openwrt Access points with guest network. I added these as routes to the fritz box, so I am able to access guest network devices from my normal lan.
I did it on the openwrt...
So you build up the guestWifi with the openwrt device, right ?
And how did you manage the routing from guestWifi over openwrt so that they cloud not access the local network ?
And by the way please do not sign your post or use greetings:
If you like a post, use the like button
but does this solution work if my homenet is LAN/WLAN of the Fritzbox and so it is not behind openwrt, so the openwrt is one client of the homenet (=wan interface)....!?
yes, it does. An access point is always behind a router and client of a router. And you connect the AP via lan, not via wan interface. The firewall rules of the AP prevent access to your normal lan, if it is set up correctly (as described in the above link).
Check out the firewall rules, there is a rule called "Block guest access to private network". This is the one you are explicitly asking for.
I will try It with the Raspberry PI, if it works i will exchange ist this an other hardware )openwrt compatible)
I work on the guide and it the GuestWifi works fine,
I also create an static route on the fritzbox to route the new subnets (guestWifi) to the openwrt.
But it stops at the openwrt.
My zones looks like this. But I think there is a rule missing from lan --> guest , right ?
AND i could access all devices in my homenet (lan) from GuestWifi.... not so good...
- Yes, you need a forward from lan to guest
- If your lan is accessible from your guest network, then you need the rule I was talking about before:
From guest to lan, reject forward for all ips in your lan:
These rules are listed under point 4 of the description. Whether you reject or just drop without notice is your choice, but you need those rules...
In the meanwhile I started from scratch and the second time I missed the Block "traffic rule" (the other two rules where there)...
Now It is safe.
And I add the forward rule....and now I could access my device at the GuestWifi.
Many Thanks for the help
This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.