[SOLVED] Openwrt with WLAN client mode, restrict communication only to and from primary gateway

stoicavictormarius · December 9, 2023, 7:02pm

Hello all, need some advice on how is the optimal way to do the following:

I have a main basic gateway/router from the ISP that provide internet access to my network (no vlan and just basic firewall capabilities) - IP 10.10.10.1
Then several APs (a mesh) providing wifi to access internet and the other wired network devices - 10.10.10.0/26.
Now i have to provide wired access to internet to a device that is in a semi-public zone. Because of the distance I was thinking to configure an small Openwrt wireless router as a Wifi Client and connect the device via the lan port (192.168.1.0/28).
That's basically done, BUT my problem is that from this new lan connection others can just physically connect and reach any of my internal network devices.
Thus I need advice how can I restrict traffic for 192.168.1.0/28 to be only to and from the router 10.10.10.1.

Thanks!

psherman · December 9, 2023, 7:54pm

It sounds like you want to create a guest network on a dumb ap type config. Take a look at this and let us know if this addresses your need:

psherman · December 9, 2023, 8:05pm

Actually, reading this a second time, it seems that you need to connect wirelessly. Therefore, creating a separate network is actually super easy - you’ll use a sta-mode “wwan” and then use the router in normal routing mode. The only difference is that you’ll add a firewall rule to block the upstream network access similar to the guest WiFi method.

stoicavictormarius · December 9, 2023, 8:39pm

yup. i just needed some simple firewall rules to block access. thx

system · December 19, 2023, 9:29pm

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.