Firewall Rule for Guest WLAN and Chromecast

Installing and Using OpenWrt Network and Wireless Configuration
1

Hi
I have set up a guest wlan according to this guide: https://wiki.openwrt.org/doc/recipes/guest-wlan

Everything works. Now I wanted to create a firewall rule to allow guests to use my chromecast. Unfortunately, it doesn't work.
The rule looks like this:

config rule
	option target 'ACCEPT'
	option src 'guest'
	option dest 'lan'
	option name 'Allow Guest -> Chromecast'
	option dest_ip '192.168.0.207'

config rule
	option enabled '1'
	option target 'ACCEPT'
	option src 'lan'
	option dest 'guest'
	option name 'Allow Chromecast -> Guest'

To be honest, this is my first attempt to create a firewall rule. Can someone help me?

Edit:
Doesn't it work maybe because the guests have a different IP address range?
LAN: 192.168.0. x
Guest WLAN: 192.168.100. x

2

If you gave us a better overview of your network, it will be easier to help you.

3

Isn't easier to connect the Chromecast to the guest wlan when needed?

4

This is my dhcp and firewall config

https://pastebin.com/sfT8QJZP /etc/config/dhcp
https://pastebin.com/p55pLhJc /etc/config/firewall

5

and this my network and wireless config

https://pastebin.com/FRacyrE4 /etc/config/network
https://pastebin.com/r79X0Zb5 /etc/config/wireless

6

Then I have to connect to the guest wlan as well. It's no a good solution.

7

HI, have you found a solution?
I was thinking of nating chromecast to an IP on the guest network from your main one.
ex. you assign a static lease to your chromecast on your main network, say 192.168.0.100, and then nat it to, say 192.168.100.100 (must be out of the dhcp range but in the same subnet), on your guest network. This way it is reachable from both the networks.

8

I have the same problem and I'm struggling to find a working solution.

@artioni81 did you succeed with your proposed solution?
If so could' you share it?

9

If this is the case, it's only a limitation of the device's software.

  • To confirm, that is an IPv4-Any rule to 192.168.0.207, correct?
  • If not an Any rule, have you tested an ICMP Echo-Request rule to a device in 192.168.0.x?
  • If not an Any rule, have you opened forwarding to all ports needed?
  • Can you ping the Chromecast on the secure LAN from the Guest LAN?
10

I googled a bit :>

chromecast uses the following ports
udp 32768:61000
tcp 8008:8009

dlna broadcast
udp 1900 239.255.255.250

the dlna broadcasts needs to be routed between the networks,
i use smcroute for this.
The ttl of the broadcasts also must be increased by +1.

11

How do I put this data in OpenWRT?

12
  • What data?
  • Did you install smcroute if you're attempting to relay multicast?

(BTW, you have a similar post here.)

13

I have two subnets ("lan" and "guest") and I want the guests to be able to send content to the Chromecast that is connected to the "lan" network.

14

A user directed me to this topic.

15

I know I did, for one. And I also:

  • Asked did you install smcroute first?
  • I also reminded you that you had your original topic open. Simply pick one.
16

I did not realize it was you. I already installed the package. Now what do I do?

17

:confused:

You configure it.

https://manpages.debian.org/jessie/smcroute/smcroute.8.en.html

18

Could you give me some example command to be able to adapt to my network?

19

Honestly, I cannot. This is why I linked you this thread and provided the instructions. Perhaps @shm0 can elaborate, as he is the one who suggested this software:

20

Then I see how I configure it, without first having read the website.