I'm trying to issolate clients from each other and the intranet on the guest wifi, but still give them read access to the Samba and DNLA (on the AC68U).
I've found a thread on issolating clients on a specific interface from each other with
wl -i wl0.1 ap_issolate 1
And ebtables to block intranet access
ebtabes -I FORWARD -i wl0.1 -o ! eth0 -j DROP
ebtables -I FORWARD -i ! eth0 -o wl0.1 -j DROP
But this seems to block Samba etc. I readup on ebtables and iptables and tried adding different exceptions using the router mac or IP but I can't work out how to allow access to Samba & DNLA.
Any suggestions?
I've found a thread on issolating clients on a specific interface from each other with
wl -i wl0.1 ap_issolate 1
And ebtables to block intranet access
ebtabes -I FORWARD -i wl0.1 -o ! eth0 -j DROP
ebtables -I FORWARD -i ! eth0 -o wl0.1 -j DROP
But this seems to block Samba etc. I readup on ebtables and iptables and tried adding different exceptions using the router mac or IP but I can't work out how to allow access to Samba & DNLA.
Any suggestions?