I'm not as system admin and therefor unsure if my ideas of the router setup really work.
The objectives I have are:
Normal access via ethernet to the LAN resources, no special restrictions accessing my server etc.
Restricted access of the internet. The device should be known/configured to have internet access. Neither my printer nor my TV or any other device should be able to access the internet by default.
The devices that should have access could be enabled/disabled easily. I also want to be able to block certain ports for a device, e.g. block whattsapp if the kids should learn for shool.
Router configuration is only possible vial ethernet, for security reasons.
Since we have ferro concrete ceilings, I need a router for each floor. Connected via ethernet.
My idea was to configure three interfaces
- WAN (one RJ45 port)
- LAN (four RJ45 ports)
- WIFI (2.5 and 5GHz)
The WAN should get a static IP from the DSL modem (192.168.0.1) range, e.g. (WAN=192.168.0.2). The zero network.
The LAN should get static IP 192.168.1.1, the one network.
The WIFI should get a static IP 192.168.2.1, the two network.
I would like to configure DHCP static leases for the known devices, MAC -> IP from the one or two network, depending on LAN or WIFI.
That's the point where I got lost. I have 3 different networks. From my understanding they should not be able to communicate between each other. What I do need are routes between the networks and rules to block traffic for certain IPs/ports. How to configure that? Is it al way to complicated for a home lan? Are there similar setups documented somewere?