I created a separate wifi network for all of my IoT devices following these instructions. I'd like to be able to ssh from my "normal" wifi on the LAN into a server (say a rapsberry pi) that is connected to the guest network.
I know I need to change something in the firewall just don't know exactly what. Do I need to update zones, or is it as simple as adding a traffic rule where source zone is LAN and output zone is guest?
Thanks!
Simply make a firewall rule to allow the traffic you want to do.
It depends on how broad or granular you want to get with the rule.
Simply speaking, you'll create a forwarding rule that allows traffic from the lan zone to the zone that contains your iot network (I'll just assume the zone is called iot):
config forwarding
option src 'lan'
option dest 'iot'
What is the equivalent in LuCi? Is it adding a traffic rule or adding a new section in Zone=>Forwardings?
Edit the iot zone and then go to the section where it says allow forward from source zones > add the lan zone.
Got it. Is there a benefit to doing it that way vs. a traffic rule? They seem like the same thing just in two different places.
This is the easiest, but it is a blanket rule. If you wish to have fine grained control, you can build this with traffic rules. IMO, if you’re allowing the trusted network to initiate connections, it is fine to make such a coarse rule.
If you allow the untrusted network to start connections, the allowances should be very narrowly defined (highly granular) so that you can protect your trusted lan and only allow what is crucial.
Got it. Thank you!
No problem.
If your problem is solved, please consider marking this topic as [Solved]. See How to mark a topic as [Solved] for a short how-to.
Thanks! 