ProtoRelay: repeater and visibility of devices behind it


I shall set up a wifi repeater for a friend, following the guide here:

I would need a slightly different configuration. Referring to the picture, I would need to have that the devices in the can't ping or see any of the devices in the and viceversa. There shall be only interned shared, no communication/ping/tracert in any way between the two subnets.
The aim is to have that the router with relayd act as separator for the 2 subnets, making them totally disconnected one to each other (aside for allowing Internet in the second subnet).

I guess it's a matter of changing the configuration.. but what shall be changed?

In that case relayd is not what you're looking for, but rather a variation of a "routed client" setup (with- or without (double-)NAT and with firewall routes preventing access to the private uplink LAN).

If you can (as in OpenWrt running on the upstream router), it would be more sensible to make the policy decisions there and to -ideally- use WDS/4addr.

1 Like

Thank you for the quick reply. The main router upstream is a normal router, I can't use OpenWRT there.
My understanding is that WDS, as repeater will allow visibility among all network devices of the entire network. How can with WDS avoiding that situation?