Hello. As i have a low spec device and i dont really use 2.4G because it is more impacted by performance loss i want to disable internet to it and use it as a local network. How can i do this? I need it to be accessible to all devices that have internet tho, as i would like to connect printers and smart home devices to it. I can remove interfaces and a fixed IP works but then Printer has no connection to PC.
Don't provide a gateway.
Theoretically skipping the DNSes would work too, but it'd still be able to communicate based on IPs.
Another option would be to block it in the firewall.
2 Likes
i am very interested in the firewall option. How do i do that?
Utilize firewall traffic filtering rules like this:
Custom iptables configuration in /etc/firewall.user - #4 by vgaetera
You can also set up a separate VLAN/SSID for different groups of wired/wireless clients.
I blocked in firewall everything from WAN going to the MAC of Acess Point but didnt work somehow. I wil ltry guest.
1 Like
That's the wrong direction.
You should block everything going out from the MAC to internet.
1 Like
AP operates transparently.
You should filter traffic from MACs behind the AP, or set up bridge firewall on the AP.
Or, convert AP to a router and filter specific subnets as mentioned above.
I installed everything for bridge firewall. Seems as best option to me. I already use firewall as a kill switch for vpn.
Here is my UCI from Network:
wireless.default_radio1=wifi-iface
wireless.default_radio1.device='radio1'
wireless.default_radio1.mode='ap'
wireless.default_radio1.wpa_disable_eapol_key_retries='1'
wireless.default_radio1.key=''
wireless.default_radio1.ssid=''
wireless.default_radio1.encryption='psk2'
wireless.default_radio1.network='lan'
What do i do next to set up bridge firewall? All packages ready for it, just need little help in configuring.
Disable the LAN-to-LAN forwarding.
Add custom traffic rules to allow forwarding only from/to specific source/destination subnets.
Like this? This btw has no effect on my network.
I also tried:
I also renamed all zones differently now, didnt work.
I tried this too:
I can set these settings to be valid for WLAN1 (the target AP). Thing is they dont do anything somehow.
My WAN and VPN rule tho work just fine, if VPN isnt connected, i have no internet.
Did following:
Ucoupled 2.4GHZ from bridge with Ethernet and WLAN5ghz
Made a new bridge on second subnet with Ethernet, WLAN5ghz and WLAN2ghz
Created a new firewall zone with forwarding of new bridge to old bridge
Edited old bridge to not include new bridge and forward to VPN
Edit: Printer gets recognized but my ethernet adapter connects to second subnet instead of first. My 5GHZ network connects properly to old subnet and has VPN access.
Tried static on pc, didnt work. It did work with DHCP for a while but then failed graciously.
How do i fix this without shutting DHCP down on the new interface? I want both DHCPs to work but old network for 5ghz and lan, and new dhcp for 2.4ghz.
Solved with traffic rules. No additional bridge was needed.
Solution:
Decouple the Wireless AP from the Bridge in Interfaces, define the same as default of the bridge.
In firewall make new entry and allow all traffic between LAN and new Interface from both sides.
Its important that the internet output device of other APs or Ethernet has outgoing towards the new interface. Dk why. For me it is VPN.
Add traffic rule to allow traffic between ports (both sides).
Voila.
This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.