Guest Wifi Firewall Rule Not Working

johneboy79 · February 10, 2023, 1:21pm

Hello. I am very new to OpenWRT and am using it with LUCI on a TPLINK RE450. I have been trying to follow this guide to setup a secure guest wifi.

It all works except for the blocking of devices on the guest wifi from seeing any other devices on my network. They can all see the devices on my main home network that has the IP address range 192.168.11.x. This would suggest the last firewall rule in the guide is incorrect.
How do I stop devices on the guest wifi from being able to see any other devices on the network and have only Internet access?

Thank you in advance.

frollic · February 10, 2023, 1:29pm

shouldn't destination zone be lan ?

or is the uplink port configured as wan, on the 450 ?

jc1685 · February 10, 2023, 1:50pm

Maybe also set Protocol to Any.

johneboy79 · February 10, 2023, 1:53pm

I have the 5ghz wifi interface connected to my wifi network to provide the connection to the internet. The 2.4ghz wifi interface is provding the guest wifi connection for devices. I hope that makes a bit more sense.

I don't want any devices on my network to be visible to those on the guest wifi.

johneboy79 · February 10, 2023, 5:35pm

I've given this a go. Sadly I can still access any device on my network with a 192.168.11.x IP address.

mk24 · February 10, 2023, 5:48pm

Set only these:

Source zone: guest
Protocol: check all of them. If you only block TCP and UDP, pings (ICMP) will still go through.
Destination IP: 192.168.11.0/24 or even 192.168.0.0/16
Destination zone: Any
Action: Drop or Reject

If you block all 192.168.0.0 IP, this rule needs to be lower in the list than the ones that allow DNS and DHCP.

johneboy79 · February 10, 2023, 11:27pm

Thank you. That appears to be working great!

system · February 20, 2023, 11:27pm

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.