I have a guest network made of 2access points (5ports, 2 wireless n and ac) + 2 wireless of the router.
All switches' ports and wireless interfaces use its own Vlan so that to avoid client to client communication (at switch level)
All the above Vlan are bridged together so that to use the same DHCP server
At the end I install the kmod-br-netfilter package to avoid forward client to client communication at the bridge level using the following config in the /etc/sysctl.conf
net.bridge.bridge-nf-call-arptables = 1 net.bridge.bridge-nf-call-ip6tables = 1 net.bridge.bridge-nf-call-iptables = 1
All of the above works fine, any client device connected to the guest network can access to the internet and none of them can communicate to each other.
But I want my mobile phone to send pictures or videos to my chromecast (TV)
I've tried to setup a firewall traffic rule allowing forward in the guest zone from the phone to the chromecast and vice versa without success.
Can anyone tell me how to properly define this rule?