fbicknel
Occasional Visitor
I set up a separate router for my IoT devices. It runs on the 192.168.8.0 network and my main network is 192.168.2.0.
I'm trying to firewall it off from my main network, but apparently no luck.
I tried the blacklisting in the firewall section of the main router, but that did nothing. Here's how I tried it:
I also enabled the firewall in the General tab.
Since this did nothing, I tried reverting to iptables. I used this:
This produced this in the table:
How should I be doing this? Any suggestions as to what I'm doing wrong would be helpful.
Complete output from iptables -L -n is here.
---
I would eventually like to start a guest network on my IDIoT router. The guest can have access to the internet (and presumably my IoT). But with the firewall there, they'll not be able to access my main network. I tried this out starting a guest network on the main network, but that Internet access went through my VPN (configured on the main network) and I want guests to not have to deal with VPN-hating services like Hulu and their ilk. That's why I decided to go with the IDIoT network above. It's not using the VPN, since many of my IoT things are VPN-snobs like Hulu and the likes of them.
I'm trying to firewall it off from my main network, but apparently no luck.
I tried the blacklisting in the firewall section of the main router, but that did nothing. Here's how I tried it:
I also enabled the firewall in the General tab.
Since this did nothing, I tried reverting to iptables. I used this:
Code:
iptables -I FORWARD -s 192.168.8.0/24 -d 192.168.2.0/24 -j DROP
This produced this in the table:
Code:
Chain FORWARD (policy DROP)
target prot opt source destination
DROP all -- 192.168.8.0/24 192.168.2.0/24
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
other2wan all -- 0.0.0.0/0 0.0.0.0/0
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
ACCEPT all -- 192.168.2.0/24 192.168.8.0/24
logdrop all -- 0.0.0.0/0 0.0.0.0/0 state INVALID
SECURITY all -- 0.0.0.0/0 0.0.0.0/0
NSFW all -- 0.0.0.0/0 0.0.0.0/0
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 ctstate DNAT
OVPN all -- 0.0.0.0/0 0.0.0.0/0 state NEW
logdrop all -- 0.0.0.0/0 0.0.0.0/0
How should I be doing this? Any suggestions as to what I'm doing wrong would be helpful.
Complete output from iptables -L -n is here.
---
I would eventually like to start a guest network on my IDIoT router. The guest can have access to the internet (and presumably my IoT). But with the firewall there, they'll not be able to access my main network. I tried this out starting a guest network on the main network, but that Internet access went through my VPN (configured on the main network) and I want guests to not have to deal with VPN-hating services like Hulu and their ilk. That's why I decided to go with the IDIoT network above. It's not using the VPN, since many of my IoT things are VPN-snobs like Hulu and the likes of them.