Yet another guest wifi problem

Network discovery typically relies on multicast traffic which scope is limited.
However, according to your current settings, accessing LAN hosts by IP should be possible.

Maybe I was unclear. Of course guest devices shall not see my LAN devices. It is a guest network :slight_smile: .

When connected to my guest wifi, Fing does see only other guests, no hosts on the LAN. Will confirm by explicitly pinging one.

Indeed, knowing the address, it is possible to access a host on my LAN. So I guesst what I said above is true, that I need to define firewall rules to block guest access to hosts on 192.168.234.*.

uci set firewall.@forwarding[0].enabled="0"
uci -q delete firewall.guest_fwd
uci set firewall.guest_fwd="rule"
uci set"Allow-Guest-Forward"
uci set firewall.guest_fwd.src="guest"
uci set firewall.guest_fwd.dest="lan"
uci set firewall.guest_fwd.dest_ip="!"
uci set firewall.guest_fwd.proto="all"
uci set"ACCEPT"
uci commit firewall
/etc/init.d/firewall restart

Thanks @vgaetera ! Guest wifi is working as expected. Will check the client-isolation on the weekend.

1 Like

Isolating clients was trivial using the 3 lines Vladislav had referred to. For interested folks with the same issue, look at all posts above I marked as solution. All of these combined did the trick.

Big thanks a lot to @vgaetera and @mk24 , guest wifi is how I wanted now.

1 Like

You can only mark one post as solution, it just changes which one is marked when you click a different post

1 Like

Thanks for the info

I have now just marked the first in the series of additions by Vladislav.
Interested readers need to start looking there and follow the advice from there.


This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.