Samba share for Guest SSID users?

[brawlsadford]

I'm looking to segregate access on my home network and trying to avoid buying a second router. I'd like two levels of access:

1. guests+kids tablets+Chromecast+our smartphones+family PCs+HTPC, and
2. desktop+work laptop+VPN users

I'm currently using the RT-N66U 'Guest Network' functionality to restrict the first group's access to the LAN (they are all wifi devices rather than wired) and they don't generally need to talk to each other (Chromecast still works fine), so all good.

The second group are all wired connections and Windows shares work as expected. VPN seems to work (thanks to advice on this forum) so far, haven't tested it to destruction yet though.

The cherry on top would be if I could set up some sort of share for the first group though, so that media files (currently attached to the HTPC but could be moved to a router USB port) could be accessed by group 1. FTP probably works but it seems a bit clumsy to go out to the Internet when the stuff is actually on the LAN. I liked using various android SMB-enabled media players when everything could see everything.

The only discussion I turned up on a search was "Does Merlin support samba guest sharing" but it's not quite what I'm after. Presumably if this is possible it will involve scripting, ebtables and brouting? I did find this but I can't mash it into what I'm after.

Cheers...

 

[RussellInCincinnati]

I'm looking to segregate access on my home network and trying to avoid buying a second router. I'd like two levels of access:

1. guests+kids tablets+Chromecast+our smartphones+family PCs+HTPC, and
2. desktop+work laptop+VPN users

The cherry on top would be if I could set up some sort of share for the first group though, so that media files (currently attached to the HTPC but could be moved to a router USB port) could be accessed by group 1.

Also consider a super low end NAS box. Here's a refurb for $70 dollars:
http://www.amazon.com/dp/B001FFP4PK/?tag=snbforums-20

 

[brawlsadford]

Thanks for the reply and sorry to be a bit dense but how would a NAS help? I already have a few options for storage attached to the (wired) network: N66U USB ports, a FreeNAS box, a Microserver with WHS2011, SMB/CIFS shares on Windows PCs, etc.. I can't see any them from devices attached to the Guest SSID, which is exactly how you would expect it. I've also tried setting up SMB shares on a laptop on the guest SSID and confirmed that other devices on the guest SSID cannot see it. If I attach a Linkstation to the network, will the situation be any different?

What I'm after is a way for one of the devices connected via the guest SSID (HTPC or Microserver with USB wifi adaptor perhaps?) to share media files with other devices attached to the guest SSID (tablets, smartphones, 'family' PCs) - if this is possible. I'd also be happy to attach the media storage to the router USB ports if that makes life easier.

 

[brawlsadford]

I've looked into this some more and think I might need to set up some VLANS... but it looks like I'll have to move away from Merlin and get into Tomato for that

 

[Puppa]

Some NAS devices will allow you to restrict access by IP or MAC. If you put group 1 into the IP range that could work, but IP restrictions alone aren't terribly secure. Is that what you're after?

Sent from my SM-N910V using Tapatalk

 

[brawlsadford]

Some NAS devices will allow you to restrict access by IP or MAC. If you put group 1 into the IP range that could work, but IP restrictions alone aren't terribly secure. Is that what you're after?

I can see now that my first post wasn't really clear: I'm looking to prevent guest/home users from seeing the work network (and associated data) and vice versa.

I currently have guests segregated on the guest SSID and home/work devices on the LAN. Access to work and home shares is controlled by SMB authentication (user/password)... which is OK... a nasty app on the kids tablet or wife's laptop hopefully can't steal/wipe/encrypt all the work data too easily and clients/colleagues can't trawl through my holiday pics.

However, I'm now setting up a VPN for remote (work) users and that's prompted me to think about a more sophisticated setup; i.e. 'home' users can't even ping 'work' devices (more secure?) and 'work' users can't even see the 'home' shares/devices (more professional).

Short-term, partial solution: move all 'home' users to the built-in guest SSID. But this leaves the home shares inaccessible... hence the thread. The real solution, presumably involves VLANs?