YazFi How to let clients on different guest networks connect to each other?

[tdai]

I have a 2.4 GHz Guest Network (wl0.1) and a 5 GHz Guest Network (wl1.1), both with TWOWAYTOGUEST, ONEWAYTOGUEST, and CLIENTISOLATION set to false.
I want the clients on the two guest networks to be able to connect to each other. Is there a way to do it?

 

[Jack Yaz]

I have a 2.4 GHz Guest Network (wl0.1) and a 5 GHz Guest Network (wl1.1), both with TWOWAYTOGUEST, ONEWAYTOGUEST, and CLIENTISOLATION set to false.
I want the clients on the two guest networks to be able to connect to each other. Is there a way to do it?

they should be able to, i think. check you don't have client isolation enabled on the main radio, and that any device firewalls aren't blocking traffic from other subnets

 

[tdai]

they should be able to, i think. check you don't have client isolation enabled on the main radio, and that any device firewalls aren't blocking traffic from other subnets

Thanks for your reply!
I checked that "Set AP Isolated" for both 2.4 GHz and 5 GHz radios are set to false, and I tested that devices on different subnets can talk to each other when they are not on the guest network, so there's no firewall on the devices blocking traffic from other subnets.

Is there anything you can see from the iptables maybe?

Spoiler: iptables

Chain INPUT (policy ACCEPT)
target     prot opt source               destination         
YazFiINPUT  all  --  anywhere             anywhere           
INPUT_PING  icmp --  anywhere             anywhere             icmp echo-request
ACCEPT     all  --  anywhere             anywhere             state RELATED,ESTABLISHED
DROP       all  --  anywhere             anywhere             state INVALID
PTCSRVWAN  all  --  anywhere             anywhere           
PTCSRVLAN  all  --  anywhere             anywhere           
ACCEPT     all  --  anywhere             anywhere             state NEW
ACCEPT     all  --  anywhere             anywhere             state NEW
OVPN       all  --  anywhere             anywhere             state NEW
ACCEPT     udp  --  anywhere             anywhere             udp spt:bootps dpt:bootpc
ACCEPT     tcp  --  anywhere             Router.              ctstate DNAT tcp dpt:8443
INPUT_ICMP  icmp --  anywhere             anywhere           
DROP       all  --  anywhere             anywhere           

Chain FORWARD (policy DROP)
target     prot opt source               destination         
DROP       all  --  192.168.50.104       anywhere           
YazFiDNSFILTER_DOT  tcp  --  anywhere             anywhere             tcp dpt:853
YazFiFORWARD  all  --  anywhere             anywhere           
ACCEPT     all  --  anywhere             anywhere             state RELATED,ESTABLISHED
other2wan  all  --  anywhere             anywhere           
ACCEPT     all  --  anywhere             anywhere           
DROP       all  --  anywhere             anywhere             state INVALID
NSFW       all  --  anywhere             anywhere           
ACCEPT     all  --  anywhere             anywhere           
ACCEPT     all  --  anywhere             anywhere             ctstate DNAT
OVPN       all  --  anywhere             anywhere             state NEW
DROP       all  --  anywhere             anywhere           

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination         

Chain ACCESS_RESTRICTION (0 references)
target     prot opt source               destination         

Chain DNSFILTER_DOT (0 references)
target     prot opt source               destination         

Chain FUPNP (0 references)
target     prot opt source               destination         
ACCEPT     udp  --  anywhere             192.168.50.107       udp dpt:5353
ACCEPT     udp  --  anywhere             192.168.50.101       udp dpt:5353
ACCEPT     udp  --  anywhere             192.168.50.106       udp dpt:5353
ACCEPT     udp  --  anywhere             192.168.50.107       udp dpt:5353
ACCEPT     udp  --  anywhere             192.168.51.50        udp dpt:5353
ACCEPT     udp  --  anywhere             192.168.51.50        udp dpt:5353

Chain ICAccept (0 references)
target     prot opt source               destination         
ACCEPT     all  --  anywhere             anywhere           

Chain ICDrop (0 references)
target     prot opt source               destination         
DROP       all  --  anywhere             anywhere           

Chain INPUT_ICMP (1 references)
target     prot opt source               destination         
RETURN     icmp --  anywhere             anywhere             icmp echo-request
RETURN     icmp --  anywhere             anywhere             icmp timestamp-request
ACCEPT     icmp --  anywhere             anywhere           

Chain INPUT_PING (1 references)
target     prot opt source               destination         
DROP       icmp --  anywhere             anywhere           

Chain NSFW (2 references)
target     prot opt source               destination         

Chain OVPN (2 references)
target     prot opt source               destination         

Chain PControls (0 references)
target     prot opt source               destination         
DROP       all  --  anywhere             anywhere           
DROP       all  --  anywhere             anywhere             state INVALID
NSFW       all  --  anywhere             anywhere           
DROP       all  --  anywhere             anywhere           

Chain PTCSRVLAN (1 references)
target     prot opt source               destination         

Chain PTCSRVWAN (1 references)
target     prot opt source               destination         

Chain SECURITY (0 references)
target     prot opt source               destination         
RETURN     tcp  --  anywhere             anywhere             tcpflags: FIN,SYN,RST,ACK/SYN limit: avg 1/sec burst 5
DROP       tcp  --  anywhere             anywhere             tcpflags: FIN,SYN,RST,ACK/SYN
RETURN     tcp  --  anywhere             anywhere             tcpflags: FIN,SYN,RST,ACK/RST limit: avg 1/sec burst 5
DROP       tcp  --  anywhere             anywhere             tcpflags: FIN,SYN,RST,ACK/RST
RETURN     icmp --  anywhere             anywhere             icmp echo-request limit: avg 1/sec burst 5
DROP       icmp --  anywhere             anywhere             icmp echo-request
RETURN     all  --  anywhere             anywhere           

Chain YazFiDNSFILTER_DOT (1 references)
target     prot opt source               destination         

Chain YazFiFORWARD (1 references)
target     prot opt source               destination         
YazFiREJECT  all  --  anywhere             anywhere           
YazFiREJECT  all  --  anywhere             anywhere           
ACCEPT     all  --  anywhere             anywhere           
YazFiREJECT  all  --  anywhere             anywhere           
YazFiREJECT  all  --  anywhere             anywhere           
ACCEPT     all  --  anywhere             anywhere           

Chain YazFiINPUT (1 references)
target     prot opt source               destination         
ACCEPT     udp  --  anywhere             anywhere             multiport dports netbios-ns,netbios-dgm
ACCEPT     udp  --  anywhere             anywhere             multiport dports bootps,ntp
ACCEPT     icmp --  anywhere             anywhere           
YazFiREJECT  all  --  anywhere             anywhere           
ACCEPT     udp  --  anywhere             anywhere             multiport dports netbios-ns,netbios-dgm
ACCEPT     udp  --  anywhere             anywhere             multiport dports bootps,ntp
ACCEPT     icmp --  anywhere             anywhere           
YazFiREJECT  all  --  anywhere             anywhere           

Chain YazFiREJECT (6 references)
target     prot opt source               destination         
REJECT     all  --  anywhere             anywhere             reject-with icmp-port-unreachable

Chain default_block (0 references)
target     prot opt source               destination         

Chain logaccept (0 references)
target     prot opt source               destination         
LOG        all  --  anywhere             anywhere             state NEW LOG level warning tcp-sequence tcp-options ip-options prefix "ACCEPT "
ACCEPT     all  --  anywhere             anywhere           

Chain logdrop (0 references)
target     prot opt source               destination         
LOG        all  --  anywhere             anywhere             state NEW LOG level warning tcp-sequence tcp-options ip-options prefix "DROP "
DROP       all  --  anywhere             anywhere           

Chain other2wan (1 references)
target     prot opt source               destination         
RETURN     all  --  anywhere             anywhere           
DROP       all  --  anywhere             anywhere

 

[mailkni]

Hi, tdai. I asked about similar situation for file sharing/smb. Did you find a solution?

Thanks.

 

[tdai]

Hi, tdai. I asked about similar situation for file sharing/smb. Did you find a solution?

Thanks.

I disabled the 2.4 GHz guest network

 

[mailkni]

I disabled the 2.4 GHz guest network

My 2.4s are also disabled but I can't get them to connect for file sharing/smb. I've marked all the options that would allow communication but no dice. Thanks for the response though.