mew1033
Occasional Visitor
I think I know what I need to do, I just want to get a sanity check to make sure I'm heading in the right direction. Basically I want to have a separate network for less secure devices. Right now it's only wifi devices, although it might one day include wired devices. I'd connect these devices (webcams, printer, sprinkler controller, etc.) to the DMZ wifi network. Devices in this network would be blocked from accessing devices in my main network. They would also be blocked from accessing the internet. However, devices in my main network would be allowed to reach through into the DMZ network and access the less secure devices. I also want to be able to poke specific holes for devices in the DMZ network to reach back into the main network (FTP upload for the cameras, for example). Ideally, I'd like these networks to have separate subnets.
Here's my plan:
Create two guest wifi networks (2.4 and 5) and tick the restrict access to intranet box. - Do this from the GUI
Configure dnsmasq with a separate subnet and dhcp server for the two networks. - Use a dnsmasq.postconf script?
Add iptables rules to block/allow the things I want. - Use the firewall-start script?
I've got quite a bit of networking experience, but I'm still pretty new at using Asuswrt Merlin.
Thanks!
Here's my plan:
Create two guest wifi networks (2.4 and 5) and tick the restrict access to intranet box. - Do this from the GUI
Configure dnsmasq with a separate subnet and dhcp server for the two networks. - Use a dnsmasq.postconf script?
Add iptables rules to block/allow the things I want. - Use the firewall-start script?
I've got quite a bit of networking experience, but I'm still pretty new at using Asuswrt Merlin.
Thanks!
