I have a OpenWRT router and with my limitted knowledge I setup W-Lan, Lan, a seperate W-Lan for Smart-Home and a wireguard server. Now, after two years everything work.
The Problem is, that now everything is merged into one great network and everything could connect everything.
The next goal is to seperate for security reasons. Not all devices need Internet. Not all devices should comunicate with all others.
PC, Laptop, Mobile device for internal and for guests.
NAS with a HomeAssistant installation
SmartHome devices
Printer
Kodi mediacenter
Problem, I do not understand the deep working of Network. My experiments with VLAN, iptables, forwarding internet etc. not worked in a way I could use. Mostly I copied and paste lines of code I do not understand and I'm not able to from internet.
I'm looking for a Network configuration tool for Dump-users.
Any proposals to that way.
Based on your description, you're looking for a rather complex networking setup, with your own bespoke policies to be enforced - by the very definition of this, there is no ready-made one-fits-all solution for this. You probably will have to go through the wiki again and try to understand your current network configuration, define where you want to go and then work into that direction step by step. The crucial part is the understanding part, otherwise you'd be likely to cause more harm (and potentially wide open security issues) than good.
P.S.: I would suggest to start your venture by making sure that your configuration is upgrade safe, so you are both in a position to sysupgrade without having to think twice and have a known good backup tarball (away from thr router itself, bonus points for effective revision control) to restore if (when!) your experiments fail. As a side effect this also helps identifying and mapping out the status quo.
@slh I have to say, I gave it up to crawl wikis and play around.
I hope to find a way to simply create groups of devices and set them up like:
network: W-LAN, WG0, LAN
group: PC
device: {MAC-Address 1}, {MAC-Address 2}, etc
See: each other; SmartHomeNAS, NAS
has internet: true
network: WLAN[MyHome], LAN
group: SmartHome
device: {MAC-Adress 3}, {MAC-Address 4}, etc.
See: SmartHomeNAS
network: WLAN[MySmartHome]
group: SmartHomeNAS
device: {MAC-Adress 5}
See: SmartHome
has Internet: {whitlist, acces to Domain/IP X}
network: LAN
group: NAS
device: {MAC-Adress 5}
AllowedPort: SMB
network: LAN
group: multimedia
device: {MAC-Address 1}, {MAC-Address 8}
See: each other
network: LAN,WLAN[ * ]
group: guest
device: other
has internet: true
network: WLAN[GUESTACCESS]
I need a way to setup what I need.
After that I get automatically a working configuration and been adviced what IP, DNS, Gateway, W-Lan (with Password) I have to setup on which device.
If you tell me something like that do not exist, may I should add that as Feature Request somwhere?