Open SSH port between Guest Network and Home Network (LAN) [Solved]

Hi,

I have created a Guest WiFi for my IoT things by following standard procedure outlined here: https://oldwiki.archive.openwrt.org/doc/recipes/guest-wlan-webinterface
It works fine and my dodgy Chinese stuff is not allowed to be near my internal network. I have one Raspberry Pi currently on Guest WiFi (192.168.3.100) that I would like to SSH to from my Home computer (192.168.0.100).

Basically, I want to route port 22 between Rpi@192.168.3.100 on Guest WiFi and computer@192.168.0.100 on my Home WiFi. Client isolation is turned on (if that makes any difference).

Is there anyone who can give me a hint on how to do this?

Thanks!

uci add firewall forwarding
uci set firewall.@forwarding[-1].src="lan"
uci set firewall.@forwarding[-1].dest="guest"
uci commit firewall
service firewall restart

Thanks, but this would basically bridge guest LAN to home LAN. There is no point of having Guest LAN if everything is open in-between. I only want to open port 22 between one IP on Guest and one IP in LAN.

No, direction (src/dest) matters.

OK, thanks. Does this mean that LAN can talk to Guest but not the other way around?
Is there a way to lock this route to one Guest IP and port 22 only?

Exactly.

uci add firewall rule
uci set firewall.@rule[-1].name="Allow-SSH-LAN-Guest-RPi"
uci set firewall.@rule[-1].src="lan"
uci set firewall.@rule[-1].dest="guest"
uci set firewall.@rule[-1].dest_ip="192.168.3.100"
uci set firewall.@rule[-1].dest_port="22"
uci set firewall.@rule[-1].proto="tcp"
uci set firewall.@rule[-1].target="ACCEPT"
uci commit firewall
service firewall restart
1 Like

Works like a charm! Many thanks! :smiley:

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.