[Newbe question] Setup of separate guest network with exeptation

[drboss]

At the moment I use for quest the WiFi network created on wl0.2 interface - GUESTNET (until I start work with VLANs but this is second stage for me and I things it take time...)
I decided that GUESTNET i separate from home network and have access to internet via main or vpn connection (it's work). The next step I want give access from guest network to dedicated IP on home network and SONOS (in this moment guest and home network use the same IP subnet for omit broadcast problems 192.168.1.0/24, for guest the address start from 230 to the 250)
And I have the problem
the configuration of ebtable is:
table filter, chain FORWARD
-i wl0.2 -j DROP
-o wl0.2 -j DROP
table broute chain BROUTING
-p IPv4 -i wl0.2 --ip-dst 192.168.1.1 --ip-proto icmp -j ACCEPT
-p IPv4 -i wl0.2 --ip-dst 192.168.1.0/24 --ip-proto icmp -j DROP
-p IPv4 -i wl0.2 --ip-dst 192.168.1.0/24 --ip-proto tcp -j DROP
the IP in home network to be accessed from GEUSTNET:
TV: 192.168.1.10
one of Sonos player: 192.168.1.108
for work it from GESTNET I doing:
ebtables -t broute -I BROUTING -p IPv4 -i wl0.2 --ip-dst 192.168.1.10 --i
p-proto tcp -j ACCEPT
ebtables -t broute -I BROUTING -p IPv4 -i wl0.2 --ip-dst 192.168.1.10 --i
p-proto icmp -j ACCEPT
but after this access from GUESTNET to TV and Sonos still not wok.
What I can do wrong or what i didn't do?

 

[JDB]

https://www.snbforums.com/threads/y...-merlin-guest-wifi-inc-ssid-vpn-client.45924/

This might make it simpler to setup


Sent from my iPhone using Tapatalk

 

[drboss]

Unfortunate no, I know this script. YazFi operate on virtual interface for every WIFI and use ebtable for isolate guestnet from main. They use
-i wl0.2 -j DROP
-o wl0.2 -j DROP
if separation of main network is selected but any exclusion from DROP not work.
In YAzFI is possible set routing between guest and main but not for specific IP, only for all subnet. I tested with iptable too.
And YAzFI isn't work with VLAN to propagate guestnet to others routers by LAN cable not via WiFi

 

[Jack Yaz]

Unfortunate no, I know this script. YazFi operate on virtual interface for every WIFI and use ebtable for isolate guestnet from main. They use
-i wl0.2 -j DROP
-o wl0.2 -j DROP
if separation of main network is selected but any exclusion from DROP not work.
In YAzFI is possible set routing between guest and main but not for specific IP, only for all subnet. I tested with iptable too.
And YAzFI isn't work with VLAN to propagate guestnet to others routers by LAN cable not via WiFi

You can add your own rules to sit in the relevant YazFi iptables chains. Just make sure you run them after YazFi finishes. I'm working to add proper user rule support in an upcoming version (no ETA on that though)