Hi!
Running OpenWrt 21.02 at an Ubiquiti ER-X.
Targeted configuration:
- Port WAN is connected to the internet
- Port 1 on the ER-X is physically connected (cable) to an access point running stock firmware (not OpenWrt). This network is referred to as the "home network".
- Port 2 on the ER-X is physically connected to another access point running stock firmware (not OpenWrt). This network is referred to as the "guest network".
- The router should hand out IP-addresses over different subnets (i.e. 192.168.1.x and 192.168.2.x) to clients that connect wirelessly through respective access point.
- Both networks should be fully isolated from each other.
- Only the home network should be allowed to access the router's web UI.
Suggested configuration:
- Define two network bridges (br-lan & br-guest), and assign the relevant physical ports to each network
- Create two interfaces "lan" (probably already exists), and "guest"
- Assign static IP addresses in different subnets for each interface, and enable DHCP.
- Create a guest firewall zone which is similar to the "lan firewall zone" but is not allowed to access the router.
I guess VLANs could also be used to achieve isolation, but my mind is really struggling with understanding it, so if possible, I would prefer to avoid it.
I've watched the firewall config video here: How to configure OpenWrt as Firewall for your home network and Guest Wifi and IPTables explained - YouTube and think the configuration in the video is relevant for what I need to achieve.
Please share your thoughts about the proposed configuration
Kind regards, Erik