Hi,
I got this working and so i thought I'd share my exact use case and config so it could hopefully help someone in a similar dilemma.
First off, I have 2 chromecasts at home. One in the living room and one in my bedroom. The problem is that some of the time my family would mistakenly cast to mine and so it would either change what i was playing or simply start my TV and wake me up.
Meh solution:
I started with simply having two wifis at home and isolate my stuff on one. Pretty sure you guessed that this sucks since I'd have to switch wifi every time i wanted to cast something to my living room.
Final solution:
Using openwrt to isolate my two networks logically.
This wasn't simple because of a lot of things.
First let's start with some info about the chromecast:
It uses 239.255.255.250 as the multicast address for discovery.
It uses a ttl 1 on those packets.
So every device starts off with a packet to 239.255.255.250 with a ttl of 1 to discover the chromecast.
The chromecast would then answer back with a unicast address.
To make this work I started by installing those packages:
iptables-mod-ipopt
smcroute
This is my setup:
2 lan interfaces (br-lan and br-lan2) bridged to eth0.1
every interface is also bridged to a wifi interface of its own (thus having 2 wifi interfaces)
I also created two firewall zones (one for each lan interface br-lan and br-lan2) and enabled forwarding on both directions.
Then I configured smc route (file /etc/smcroute.conf) as such:
phyint br-lan enable
phyint br-lan2 enable
mgroup from br-lan2 group 239.255.255.250
mgroup from br-lan group 239.255.255.250
mroute from br-lan2 group 239.255.255.250 to br-lan
mroute from br-lan group 239.255.255.250 to br-lan2
I then assigned a static ip to the chromecast device and all the devices I wanted to permit access to my chromecast.
Then to work around the ttl issue I added custom firewall rules as such (on the custom rules tab of luci):
iptables -t mangle -A PREROUTING -i br-lan --destination 239.255.255.250 -j TTL --ttl-set 2
iptables -t mangle -A PREROUTING -i br-lan2 --destination 239.255.255.250 -j TTL --ttl-set 2
Then all that is left is to block all traffic going to or from the chromecast across the two lan interfaces as such (in the /etc/config/firewall):
config rule
option proto 'all'
option src 'lan2'
option src_ip '<Chromecast IP>'
option target 'REJECT'
option name 'ChromecastReject1'
option dest 'lan'
config rule
option name 'ChromecastReject2'
option proto 'all'
option src 'lan'
option dest 'lan2'
option dest_ip '<Chromecast IP>'
option target 'REJECT'
Then to allow access to Chromecast for a device I would add this on top of the firewall file (/etc/config/firewall):
config rule
option target 'ACCEPT'
option name 'ChromeCastAllow1'
option proto 'all'
option src 'lan'
option src_ip '<device IP>'
option dest 'lan2'
config rule
option target 'ACCEPT'
option name 'ChromecastAllow2'
option proto 'all'
option src 'lan2'
option dest 'lan'
option dest_ip '<device IP>'
I hope this helps someone!
If anyone wants to suggest a modification to make this simpler, please let me know as I am not an expert.
Regards,
Marwan