How to create a new access point which only allows communication to LAN (local) devices

Installing and Using OpenWrt Network and Wireless Configuration
1

Hello,

I'm a total networking noob so I need help with creating a new wireless access point but it should only allow communication with local devices in the LAN, in other words it should block access to the Internet (WAN?)

I'm guessing I can follow the guide for setting up a guest network mostly and then make some modifications, but that's where I need help, I have no idea how to do it.

If anybody can give me some instructions then that would be great :slight_smile:

Thanks in advance!

2

Would this be a dedicated AP, only for devices with no internet access?

3

No, this would be my usual Wi-Fi router which serves internet to all devices in my home.

4

I think that you may get what you want by following the guest network guide, but in the firewall config

  • do not setup forwarding from guest zone into wan zone,
  • instead set forwarding from guest zone to lan zone.

I have not tried it, but that should enable the guest zone devices to communicate with devices in Lan but not be able to reach wan.

1 Like
5

Thanks, I tried it by creating a new "Jail" zone and set it up to be able to access LAN:

image
image695×69 5.09 KB

and also added some relevant traffic rules:

image
image825×303 31 KB

Unfortunately I cannot ping any of my devices connected to the normal LAN network :frowning:

6

FYI - the 3 rules you screenshoted are covered by the zone rules.

  • Allow-Jail-DNS and DHCP - covered by INPUT ACCEPT
  • Allow-Jail-LAN is covered by the zone rule allowing jail => lan itself
  • Then you may need to provide the guest/jail and LAN settings
  • You didn't setup both networks with the same IP range, correct?
1 Like
7

Sure, which settings should I provide?

Nope, I'm dumb not stupid :smile:

Both of them are on a different subnet (192.168.3.xxx)