Hello.
See attached for a basic diagram, and also most of the setup of my issue.
I have two homes where I'm implementing roughly the same network, and then a peer to peer wireguard between them.
In one I have 192.168.1.x and in the other, 192.168.2.x.
I have a synology NAS with a reverse proxy behind my AX88u routers in both locations.
In both locations, I have a guest wifi network as well as the 'regular' wifi, and the guest network is set to 'no intranet'.
However, I would like to be able to open a website on the NAS ONLY to my guest network (i.e., not to the outside world).
Using my 192.168.2.0 network as an example,
my addresses are / would be:
public static address X.Y.Z.50
DNS fqdn foobar.com that points to that same public address
192.168.2.1 router
192.168.2.10 NAS (where reverse proxy runs, and webservers)
From a PC on the 192.168.2.0 subnet, I can do a ping and connect to the foobar.com. The traceroute shows it go immediately to it, no other hops.
From a Phone on the guest network, if I try to ping or traceroute or http access the same foobar.com, I get nothing, no route, no ping response.
I assume this is somehow related to the core mechanism of the guest network with 'intranet disabled'.
The guest network is assigning addresses in the 192.168.101.x space.
I see that by connecting my cellphone, for instance, to the guest wifi, and then looking at its ipconfig using pingtools.
My phone shows
dhcp server 192.168.101.1
domain [as expected, the name from DNS]
gateway: 192.168.101.1
DNS 192.168.101.1
Network address 192.168.101.0/24
Broadcast 192.168.101.255
I suspect if I enabled 'LAN access' for the guest network, it would probably find its way.
But I don't want to do that, so I am wondering how to allow the guest network devices (or even just one) to find their way to the 192.168.2.x network, or even more specifically, just to that 192.168.2.10 reverse proxy...
-could I perhaps create a static route from a specific client on the 192.168.101.0 guest network, back to the Synology device IP?
-is there some other better option?
I think a vlan capable router would work, and I think the vlan support is actually there, but not exposed in the GUI, and I frankly don't want to delve into the command line stuff anymore...
Thanks for any thoughts, hope this laid it out properly, happy to answer any questions.
See attached for a basic diagram, and also most of the setup of my issue.
I have two homes where I'm implementing roughly the same network, and then a peer to peer wireguard between them.
In one I have 192.168.1.x and in the other, 192.168.2.x.
I have a synology NAS with a reverse proxy behind my AX88u routers in both locations.
In both locations, I have a guest wifi network as well as the 'regular' wifi, and the guest network is set to 'no intranet'.
However, I would like to be able to open a website on the NAS ONLY to my guest network (i.e., not to the outside world).
Using my 192.168.2.0 network as an example,
my addresses are / would be:
public static address X.Y.Z.50
DNS fqdn foobar.com that points to that same public address
192.168.2.1 router
192.168.2.10 NAS (where reverse proxy runs, and webservers)
From a PC on the 192.168.2.0 subnet, I can do a ping and connect to the foobar.com. The traceroute shows it go immediately to it, no other hops.
From a Phone on the guest network, if I try to ping or traceroute or http access the same foobar.com, I get nothing, no route, no ping response.
I assume this is somehow related to the core mechanism of the guest network with 'intranet disabled'.
The guest network is assigning addresses in the 192.168.101.x space.
I see that by connecting my cellphone, for instance, to the guest wifi, and then looking at its ipconfig using pingtools.
My phone shows
dhcp server 192.168.101.1
domain [as expected, the name from DNS]
gateway: 192.168.101.1
DNS 192.168.101.1
Network address 192.168.101.0/24
Broadcast 192.168.101.255
I suspect if I enabled 'LAN access' for the guest network, it would probably find its way.
But I don't want to do that, so I am wondering how to allow the guest network devices (or even just one) to find their way to the 192.168.2.x network, or even more specifically, just to that 192.168.2.10 reverse proxy...
-could I perhaps create a static route from a specific client on the 192.168.101.0 guest network, back to the Synology device IP?
-is there some other better option?
I think a vlan capable router would work, and I think the vlan support is actually there, but not exposed in the GUI, and I frankly don't want to delve into the command line stuff anymore...
Thanks for any thoughts, hope this laid it out properly, happy to answer any questions.
