Hello,
Hopefully a kind person can assist?
I followed the guides to configure guest WiFi network which works fine, clients on this network are assigned to the new network 192.168.2.x fine.
Only issue is I thought this would stop them accessing my devices on my primary LAN 192.168.1.x but it appears they still can ?
Is this expected and if so what new rules do I need to implement?
This is the config:
config zone
option name 'Guest'
option output 'ACCEPT'
option forward 'REJECT'
list network 'Guest'
option input 'REJECT'
config forwarding
option src 'Guest'
option dest 'wan'
config rule
option name 'Guest DHCP'
list proto 'udp'
option src 'Guest'
option target 'ACCEPT'
option dest_port '67'
config rule
option name 'Guest DNS'
option src 'Guest'
option target 'ACCEPT'
option dest_port '53'
list proto 'tcp'
list proto 'udp'
config wifi-iface 'wifinet2'
option device 'radio1'
option mode 'ap'
option ssid 'xxxxxxxxxxx'
option encryption 'sae-mixed'
option key 'xxxxxxxxxx'
option network 'Guest'
config interface 'Guest'
option proto 'static'
option ipaddr '192.168.2.1'
option netmask '255.255.255.0'
option device 'br-lan'
not sure if this is also needed?:
config defaults
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'REJECT'
option synflood_protect '1'
option flow_offloading '1'
config zone
option name 'lan'
list network 'lan'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
config zone
option name 'wan'
list network 'wan'
list network 'wan6'
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
option masq '1'
option mtu_fix '1'
config forwarding
option src 'lan'
option dest 'wan'