apologies in advance, i am probably using the wrong terms, sorry about it, i have a mechanical background, i know what i need (kind of... ) but i am not sure how it is called...
i have setup a guest network (guest interface @ 192.168.3.1 / 255.255.255.0 while lan is @192.168.2.1 / 255.255.255.0)
everything is working fine apart from the fact that i cannot ping/ssh from one client on the main network to one client on the guest network (and vice versa)
actually, i am not concerned by ping/ssh, i have tried and i can
client on guest network --> ssh --> router --> ssh --> client on main network (and the other way round)
but i am trying to access my son's minetest (open source game similar to minecraft) on 192.168.3.184 (guest network) from my computer on 192.168.2.177 (main network)
minetest runs on port 30000, so i would be happy to open/forward only this port and make it accessible from the main network
i have been playing with firewall, i don't mind reading some manuals but i am not sure of what i have to look for.
is there anyone that could point me in the right direction?
I am in exactly the same situation. I guess now you need the guest clients to reach some device (a printer, perhaps?) on the LAN. I would give static IP addresses to those devices, then allow to forward traffic from the guest network to those devices.
I think it can be easier.
Connect son's PC in LAN. Send with DHCP different namerver to it.
Let his friends (and other guests) continue to use the guest network.
My guess is the son and friends will want to play LAN games which send broadcast or multicast for game host discovery etc, this means they should all be in same broadcast domain, same network
i am not sure if i have ended with an oversimplified solution, but i just tested and it seems to work
i have added the following forwarding:
config forwarding
option src 'lan'
option dest 'guest'
and all seems good, i can access my son's minetest server (on the guest network) from my computer (on the main network) and the same goes for ssh
for the moment there are no fancy lan games involved so this should be enough
i hope i have not compromised the security of the network
I am not sure if it makes sense, i was looking into limiting "src" and "dest" to a specific IP (all addresses are static in both networks) but i don't believe that forwarding accepts src_ip or dest_ip
in the firewall page i I see it only for "rules"
am i missing something obvious?
i will study more and if all is ok i will mark this as solved