I've been running LEDE snapshots on Archer C7 v4.
I'm new to LEDE and OpenWRT. I've read and learned a lot recently, but I'm still confused about the firewall rules when trying to create separate LANs - One for our use, the other for guests via WLAN.
I'll try to give as much details as possible to be clear.
I'm connected to the internet via PPPoE, and I had this interfaces (default):
I've added new bridge interface called guest_lan. As first step, I've used the same VLAN interface bridged with the guest WLAN. Everything worked fine, I couldn't access the clients from both interfaces (lan and guest_lan) and got Destination port unreachable, but I could access the DHCP server from them.
After some reading, I figured I might need to create new VLAN interface - called eth0.3 in my case, so I did, but got the same result as before.
Here's my current interfaces and firewall settings:
I'm following the guide in German, but I don't understand what IP I should write in the Source NAT section (Allow Guest Internet). The guide says it's the IP of the WLAN, but how do I know what IP it is?
I've tried both, but couldn't get internet access.
What are the advantages to forward the traffic through LAN?
Is there a way to do the same thing with WAN interface?
I've managed to block any communication to my LAN network by creating a forward rule that applies to all of the zones, and the mask 192.168.1.0/24, with the action drop. However, I can still access the LAN Gateway (is it the router IP?) on 192.168.1.1. I couldn't block this communication.
The firewall configuration looks the same as in the images I've uploaded in the original post.
Do you have an idea why it doesn't drop the packets from and to 192.168.1.1?