- Sorry for the confusing topic name.
- I successfully create a "dump" Wifi Access-Point.
My question is:
WAN port the IP is assigned automatically from my "router
Router IP range: 192.168.18.1/24
WAN IP OpenWRT: 192.168.18.2
Guest IP range 192.168.110.1/24
If I connect to the Guest Wifi I get an IP e.g. 192.168.110.100
If I open any browser on a device in the Guest Wifi and enter 192.168.18.1 I can access to the router. is this behavior normal? I dont want to let clients access to my "private" network. The should only stay in the 192.168.110.1/24 network. btw. they can see each other. I dont care about this matter.
Thanks for help.
simply unplug the WAN cable ?
or is this device providing private wifi, and a guest wifi ?
Router: 192.168.18.1 connected by LAN Cable (Router LAN to OpenWRT WAN port)
OpenWRT WAN IP 192.168.18.2
If I unplug LAN cable the OpenWRT would be without connection to internet.
correct, you wrote ...
The should only stay in the 192.168.110.1/24 network.
unplugging the cable will solve this for you.
I want to let the guest access to the internet but not access to the private network.
disallow access to the 192.168.18 subnet in the guest wifi router's firewall.
you need to permit access to the 192.168.18's router IP though.
Disallow I understand. But what do you mean with permit access ? Could you explain this in detail?
if you block the whole upstream subnet, including the router's IP, you won't get an IP, DNS, and internet.
Write a traffic rule: source zone guest, Destination IP 192.168.18.0/24, action REJECT or DROP.
Actually you do not, unless guests are using it directly for DNS or another service (which they should not). A gateway IP is not part of the destination IP.
Guests running a
traceroute can discover that there is a router at 192.168.18.1, but the firewall rule disallowing 192.168.18.0 will prevent any attempt to log into it.