Novice: how-to jail internet for IoT on dumb AP R7800?

yourmirror · January 5, 2021, 1:06pm

Hello,

As a relatively new OpenWRT user, I sometimes feel as dumb as my Dumb AP Netgear R7800 (running OpenWRT 19.07.5).

What I'd like to achieve is the following:
Use the 2.4GHz band on the R7800 in Dumb AP mode for all IoT devices (smart plugs, alarms and such), that I can reach while on LAN, but without them having access to the internet.

The R7800 is connected to a ADLS modem and currently only functions as access point.

I'm reading instructions on adding interfaces, wifi's, firewall zones etc., but I'm still unsure (too dumb) how to properly do that. Is there a clear step-by-step instruction for LUCI? What is the way to go? I hope you can help me out! Thanks in advance.

Sander

vgaetera · January 5, 2021, 1:13pm

yourmirror · January 5, 2021, 1:46pm

Thanks, that seems like a good starting point. However, as I want to provide LAN access but not internet access (the opposite of a guest network, I guess), should I just replace "LAN" with "WAN" in the INPUT/OUTPUT/FORWARD step for Firewall Zone Settings?

vgaetera · January 5, 2021, 2:26pm

Disable traffic forwarding to LAN and create a rule to allow forwarding from IoT to LAN with the destination IP range matching your LAN subnet.