Hello!
I currently have three primary VLANs and interfaces, Lan, IOT, Guest:
- LAN- Common standard LAN; mostly unrestricted WAN access; for trusted home users and devices.
- IOT- Devices that I don't have complete control over; things like smart outlets, google home, smart TV, PS4, etc. Has restricted HTTP access to only WAN.
- Guest- For guests, restricted direct WAN access, no access to anything internal including smart devices
I would like devices on the LAN VLAN to be able to use Airplay and Google's Cast to devices on the IOT VLAN. I have a smart TV which uses Airplay and a Google home on IOT.
I've (unsuccessfully) attempted to use avahi and umdns for reflection across the networks as I am under the understanding that broadcasts will not forward across VLANs.
I was wondering if anyone else has successfully overcome this usability issue and could point me in the right direction! Thanks in advanced for your help!
Configs:
/etc/config/network
config interface 'lan'
option type 'bridge'
option ifname 'eth0.1'
option proto 'static'
option ipaddr '192.168.1.1'
option netmask '255.255.255.0'
option ip6assign '60'
config interface 'IOT_Seg'
option proto 'static'
list ipaddr '192.168.5.1/24'
list dns '192.168.1.1'
option ip6assign '64'
option type 'bridge'
option ifname 'eth0.3'
/etc/config/firewall:
config zone
option name 'lan'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
option network 'lan'
config zone
option name 'wan'
option output 'ACCEPT'
option masq '1'
option mtu_fix '1'
option network 'wan wan6'
option input 'DROP'
option forward 'DROP'
config zone
option network 'IOT_Seg'
option input 'DROP'
option forward 'DROP'
option name 'IOT_Seg'
option output 'ACCEPT'
config rule
option dest_port '67-68'
option src 'IOT_Seg'
option name 'IOT Allow DHCP'
option target 'ACCEPT'
list proto 'udp'
config rule
option dest_port '53'
option src 'IOT_Seg'
option target 'ACCEPT'
list proto 'tcp'
list proto 'udp'
option name 'IOT allow DNS'
config forwarding
option dest 'wan'
option src 'IOT_Seg'
