Hi, new to AsusWRT-Merlin and YazFi! (Not to mention iptables.)
I'm trying to allow my "true" guest network (wl0.1, wl1.1) one-way access to my "media" guest network (wl0.2, wl1.2). The intent being to allow house guests to be able to cast music/video to my speakers/TV.
Per Google's help page "Network requirements for cast moderator", I need to:
After running this, I put my cell phone on my guest network and don't see any of my media devices available to cast using, e.g., Spotify.
On my main network, I simply have YazFi's "one-way to guest" enabled for my media network. I suppose I'm really just looking for "actual guest network" (wl0.1, wl1.1) to have one-way access to my media network (wl0.2, wl1.2). (Although, a separate question of how does one-way to guest work for casting if I need to allow UDP traffic to flow from receiver to sender? Again, new to iptables, YazFi, and AsusWRT-Merlin...)
I'm hoping for some help to point out what I'm doing wrong with iptables (or if this is even close to the correct approach to allowing my "actual guest" network to access my media network).
I'm trying to allow my "true" guest network (wl0.1, wl1.1) one-way access to my "media" guest network (wl0.2, wl1.2). The intent being to allow house guests to be able to cast music/video to my speakers/TV.
Per Google's help page "Network requirements for cast moderator", I need to:
- Allow TCP packets on ports 8008-8009 from sender to receiver
- Allow UDP packets on ports 1-65535 from sender to receiver
- Allow UDP packets on ports 1-65535 from receiver to sender
/jffs/addons/YazFi.d/userscripts.d/allow-guest-access-to-media.sh:
Code:
#!/bin/sh
iptables -I YazFiFORWARD -i wl0.1 -o wl0.2 -p tcp --dport 8008:8009 -j ACCEPT
iptables -I YazFiFORWARD -i wl0.1 -o wl0.2 -p udp --dport 1:65535 -j ACCEPT
iptables -I YazFiFORWARD -i wl0.2 -o wl0.1 -p udp --dport 1:65535 -j ACCEPT
iptables -I YazFiFORWARD -i wl1.1 -o wl0.2 -p tcp --dport 8008:8009 -j ACCEPT
iptables -I YazFiFORWARD -i wl1.1 -o wl0.2 -p udp --dport 1:65535 -j ACCEPT
iptables -I YazFiFORWARD -i wl0.2 -o wl1.1 -p udp --dport 1:65535 -j ACCEPT
iptables -I YazFiFORWARD -i wl0.1 -o wl1.2 -p tcp --dport 8008:8009 -j ACCEPT
iptables -I YazFiFORWARD -i wl0.1 -o wl1.2 -p udp --dport 1:65535 -j ACCEPT
iptables -I YazFiFORWARD -i wl1.2 -o wl0.1 -p udp --dport 1:65535 -j ACCEPT
iptables -I YazFiFORWARD -i wl1.1 -o wl1.2 -p tcp --dport 8008:8009 -j ACCEPT
iptables -I YazFiFORWARD -i wl1.1 -o wl1.2 -p udp --dport 1:65535 -j ACCEPT
iptables -I YazFiFORWARD -i wl1.2 -o wl1.1 -p udp --dport 1:65535 -j ACCEPTAfter running this, I put my cell phone on my guest network and don't see any of my media devices available to cast using, e.g., Spotify.
On my main network, I simply have YazFi's "one-way to guest" enabled for my media network. I suppose I'm really just looking for "actual guest network" (wl0.1, wl1.1) to have one-way access to my media network (wl0.2, wl1.2). (Although, a separate question of how does one-way to guest work for casting if I need to allow UDP traffic to flow from receiver to sender? Again, new to iptables, YazFi, and AsusWRT-Merlin...)
I'm hoping for some help to point out what I'm doing wrong with iptables (or if this is even close to the correct approach to allowing my "actual guest" network to access my media network).
