[Guest Network Pro] Access device on guest network from main network

[GamerKingFaiz]

I want to put an IOT device (e.g. smart plug) on its own VLAN. This device shouldn't be able to talk to any other device, except the internet.

However I do still need for clients on the main network (e.g. Hubitat) to be able to talk to IOT devices so it can send it commands.

Is there anyway to do one way communication into the Guest Network VLAN?

 

[bennor]

Your question is one that has been discussed elsewhere. You will likely need to use a firewall-start script with some IPTables scripting to allow One-Way (or Two-Way) communication from Guest Network Pro client(s) to a main LAN client.

Trying to understand Guest Network Pro limitations

Using an AX-86U Pro on FW 3006.102.4_beta1, I'm experimenting with Guest Network Pro and VLANs and I must be missing something. I've created a VLAN (tagged as 3) and set ethernet port 3 as an access port tagged with that VLAN. I've then created a new guest network with that same VLAN, turned on...

www.snbforums.com

Allowing main network to access guest networks

Hi everyone, Running on the 3006 firmware version, I have 3 guest networks that are isolated from everything. I'd like to have the main network (192.168.0.0/24 on br0) be able to reach one-way to those 3 guest subnets. I currently achieve this with a firewall-start script that runs the...

www.snbforums.com

Iptables functionality on 3006.102.4

Dirty upgrade from 3004 to 3006.102.4 on my AX88u-Pro a couple days ago. All looked good so far, except I have some iptables rules in firewall-start that do not seem to work anymore. One set of rules dnat'd any DNS other than those in the cleanbrowsing ranges. Ie, if a device used any...

www.snbforums.com

mDNs / Bonjour / Multicast

Hi everyone, I am having issues with 3 HomePods in my home. I have 2 AirPlay receivers which work flawlessly, however my HomePods are very hit and miss to work, I took one on holiday and noticed it was much better than at home. Are there any settings or things to enable/check to ensure mDNs /...

www.snbforums.com

See my post at the following link for example scripting: https://www.snbforums.com/threads/t...st-network-pro-limitations.94438/#post-952345

PS: Also note that many IoT devices are accessed and controlled through the internet. In many cases direct local network access to IoT devices may not be needed.

 

[GamerKingFaiz]

Thank you, I'm glad to see there's a way to do it, but don't love that it's an unofficial way to do it. "Use at your own risk" as you mentioned in the other post.

I need local access control in this case because Hubitat controls the smart plug via local IP address.

 

[bennor]

"Use at your own risk" as you mentioned in the other post.

That is just a basic warning. Essentially a; "don't blame me" if you do something that causes unexpected results with your router. Properly used, firewall-start scripting works to accomplish many things, use incorrectly and it may cause unexpected router issues. At this point in time YazFi is not supported on 3006 firmware so using the firewall-start and IPTables scripting is pretty much the only way to go if you; A) don't want the IoT device on the main LAN network, B) don't want to enable the Access Intranet option in Guest Network Pro (if that option even works), or C) the main LAN device doesn't have a second networking port. If the main LAN device has two networking ports simply connect the second network port to the router and assign that port to the same VLAN as the Guest Network Pro Profile that device needs access to.