Hi Thank you.
i just tried the firewall rules. it dosnt work. anyway how can it word i thought mqtt send on TCP you allowed only UDP ?
great... seems like you are getting the hang of things... ( edited examples for future readers )
yup explained that already... change the IOT<=>lan FORWARD policy to ACCEPT in this case... the rule you added will REJECT everything not mqqt... ( and tcp... you'd best just add a failsafe additional REJECT after that in case you ever stuff up your rules ...)
but honestly the ideal setup based on your earlier comments is to leave the FORWARD policy as REJECT... then make the MQQT rules ACCEPT...
Ye, i just saw it , while you eddited your answer 
looks like it works now. i test couple of stuff. answer soon.
1 Like
I got it.
after i understood the reverse way with allow all and disable except the 1883 port. i changed it back to the way: block all and just allow specified port. i optimised a bit. my device can connect now.
if iam in the iot_offline WLAN i can connect all the webclients and stuff of this devices but i cant connect the router or any other device from other networks.
and iot_offline has no internet access.
Solution:
next is it possible to block the communication between the device?
or maybe its just a bit to crazy "secure" 
Thank you @anon50098793
1 Like
you can enable client isolation on the wifi segment ( within access point logical radio propertied )... and in general it is probably a wise 'stance' for any semi untrusted segment...
realistically... they wont be trying to access one another... but if they are ever compromised or provide backdoors into the network via alternate links... then this is a great way to detect such activity...
so probably a wise move...
(note: may break any 'peering' / multicast behavior if needed by the devices<->devices )
1 Like
This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.