Hi
I’m running Merlin 384.18 on AC86U. AC86U is running in Router Mode. I’ve activated (only) one guest Wifi. Is it possible to grant guest client to one specific wired device e.g. printer? Best would be only defined guest devices are able to access to the LAN devices. Is there no other way al guest clients can be granted to this specific wired device.
I assume this is only a firewall topic, because, guest- Wifi, normal-Wifi and LAN Devices are all in the same range of Number’s.
Starting situation , ebtables –L shows:
I’ve tried to enter specific rules in /jffs/scripts/firewall-strat.
ebtables -I FORWARD -p IPv4 -i wl0.1 --ip-dst 10.xx.yy.zz --ip-proto tcp -j ACCEPT
ebtables -I FORWARD -p IPv4 -o wl0.1 --ip-src 10.xx.yy.zz --ip-proto tcp -j ACCEPT
ebtables -I FORWARD -p IPv4 -i wl1.1 --ip-dst 10.xx.yy.zzz --ip-proto tcp -j ACCEPT
ebtables -I FORWARD -p IPv4 -o wl1.1 --ip-src 10.xx.yy.zz --ip-proto tcp -j ACCEPT
But it doesn’t work. No access possible from guest Wifi to the specified wired device.
It looks like script was executed twice. ebtables –L shows:
Any idea, how to make it work, mabe by using YazFi?
I’m running Merlin 384.18 on AC86U. AC86U is running in Router Mode. I’ve activated (only) one guest Wifi. Is it possible to grant guest client to one specific wired device e.g. printer? Best would be only defined guest devices are able to access to the LAN devices. Is there no other way al guest clients can be granted to this specific wired device.
I assume this is only a firewall topic, because, guest- Wifi, normal-Wifi and LAN Devices are all in the same range of Number’s.
Starting situation , ebtables –L shows:
Code:
Bridge chain: FORWARD, entries: 4, policy: ACCEPT
-i wl0.1 -j DROP
-o wl0.1 -j DROP
-i wl1.1 -j DROP
-o wl1.1 -j DROP
I’ve tried to enter specific rules in /jffs/scripts/firewall-strat.
ebtables -I FORWARD -p IPv4 -i wl0.1 --ip-dst 10.xx.yy.zz --ip-proto tcp -j ACCEPT
ebtables -I FORWARD -p IPv4 -o wl0.1 --ip-src 10.xx.yy.zz --ip-proto tcp -j ACCEPT
ebtables -I FORWARD -p IPv4 -i wl1.1 --ip-dst 10.xx.yy.zzz --ip-proto tcp -j ACCEPT
ebtables -I FORWARD -p IPv4 -o wl1.1 --ip-src 10.xx.yy.zz --ip-proto tcp -j ACCEPT
But it doesn’t work. No access possible from guest Wifi to the specified wired device.
It looks like script was executed twice. ebtables –L shows:
Code:
Bridge chain: FORWARD, entries: 12, policy: ACCEPT
-p IPv4 -o wl1.1 --ip-src 10.10.10.190 --ip-proto tcp -j ACCEPT
-p IPv4 -i wl1.1 --ip-dst 10.10.10.190 --ip-proto tcp -j ACCEPT
-p IPv4 -o wl0.1 --ip-src 10.10.10.190 --ip-proto tcp -j ACCEPT
-p IPv4 -i wl0.1 --ip-dst 10.10.10.190 --ip-proto tcp -j ACCEPT
-p IPv4 -o wl1.1 --ip-src 10.10.10.190 --ip-proto tcp -j ACCEPT
-p IPv4 -i wl1.1 --ip-dst 10.10.10.190 --ip-proto tcp -j ACCEPT
-p IPv4 -o wl0.1 --ip-src 10.10.10.190 --ip-proto tcp -j ACCEPT
-p IPv4 -i wl0.1 --ip-dst 10.10.10.190 --ip-proto tcp -j ACCEPT
-i wl0.1 -j DROP
-o wl0.1 -j DROP
-i wl1.1 -j DROP
-o wl1.1 -j DROP
Any idea, how to make it work, mabe by using YazFi?