Guest WiFi network clients can access LAN devices

Hello,

Hopefully a kind person can assist?

I followed the guides to configure guest WiFi network which works fine, clients on this network are assigned to the new network 192.168.2.x fine.

Only issue is I thought this would stop them accessing my devices on my primary LAN 192.168.1.x but it appears they still can ?

Is this expected and if so what new rules do I need to implement?

This is the config:

config zone
	option name 'Guest'
	option output 'ACCEPT'
	option forward 'REJECT'
	list network 'Guest'
	option input 'REJECT'

config forwarding
	option src 'Guest'
	option dest 'wan'

config rule
	option name 'Guest DHCP'
	list proto 'udp'
	option src 'Guest'
	option target 'ACCEPT'
	option dest_port '67'

config rule
	option name 'Guest DNS'
	option src 'Guest'
	option target 'ACCEPT'
	option dest_port '53'
	list proto 'tcp'
	list proto 'udp'

config wifi-iface 'wifinet2'
	option device 'radio1'
	option mode 'ap'
	option ssid 'xxxxxxxxxxx'
	option encryption 'sae-mixed'
	option key 'xxxxxxxxxx'
	option network 'Guest'

config interface 'Guest'
	option proto 'static'
	option ipaddr '192.168.2.1'
	option netmask '255.255.255.0'
	option device 'br-lan'

not sure if this is also needed?:

config defaults
	option input 'ACCEPT'
	option output 'ACCEPT'
	option forward 'REJECT'
	option synflood_protect '1'
	option flow_offloading '1'

config zone
	option name 'lan'
	list network 'lan'
	option input 'ACCEPT'
	option output 'ACCEPT'
	option forward 'ACCEPT'

config zone
	option name 'wan'
	list network 'wan'
	list network 'wan6'
	option input 'REJECT'
	option output 'ACCEPT'
	option forward 'REJECT'
	option masq '1'
	option mtu_fix '1'

config forwarding
	option src 'lan'
	option dest 'wan'

Remove option device 'br-lan', restart the network service and check if the problem is solved.

Thanks for the reply, that fixed it thanks!

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.