isolating devices

[davidr83]

Hello,

Is it possible to isolate devices connected to the same interface on the router? So that they can talk to the internet, but not each other? I tried with iptables, but it looks like this didn't have any effect on the packets within the same subnet.

Thanks!
David

 

[CaptainSTX]

The simplest method might be to utilize the Guest Network feature and set the guest network for Internet only and no intranet connectivity.

 

[jlake]

In addition to guest network suggestion, you might have to turn on AP isolation too. I've never tested it, so am just speculating.

 

[davidr83]

cool, thank you both for the suggestions. i thought the guest network stuff only worked for clients connected to wifi. is it possible to use it with wired clients too ?

 

[CaptainSTX]

The guest network solution will only work for WiFi connections.

Using SOHO type equipment and wanting isolation, my next recommendation is that you double NAT routers with each router having its own subnet. Use your ASUS as the primary router and depending on the speed that you need use less expensive routers for you secondary router. Even inexpensive old 54Gs should be able to handle up to 40Mbps download speeds using an Ethernet connection.

If you want maximum speed then consider a name brand router with Gigabyte LAN ports. Since WiFi isn't a consideration no need to go overboard with dual band radios, AC, etc.

You might also want to look at the feature set of DD-WRT. I haven't experimented with it recently, but if any firmware would have the isolation feature it might be DD-WRT. If it will work for you is another question because my experience with DD-WRT is that while a feature my exist in DD-WRT it doesn't always work on every router.

 

[RMerlin]

Ethernet clients cannot be isolated, since all the traffic goes through a switch and not through the TCP/IP stack/Netfilter subsystems.