22 Jun
2016
22 Jun
'16
10:38 p.m.
On 06/21/2016 08:59 PM, Amuza wrote:
Hi,
Hi Amuza!
I have my private home network connected to the
Internet and then the
LiMe network I am deploying. In order to let the LiMe network access
the Internet, I connect the WAN port of a LiMe router to a switch port
(LAN) of my private home router. And it just rocks, double NAT works,
and routers spread the Internet all around the mesh.
Yeah!
But now I am trying to deny any traffic from LiMe
hosts (10.x.x.x) to
my private home network (192.168.x.x).
Have you verified that this doesn't already happen?
For example trying to ping a 192... machine while connected with a 10... IP?
I have been playing with the LuCI web interface of my
private home
router but somehow I do not manage to restrict the undesired traffic.
This is what I've tried:
1. I assign a static IPv4 address to the LiMe router (I did not manage
do it with IPv6).
Mmh... So, are you setting this directly in LiMe or in your main router
DHCP server?
I have no experience with the LiMe web interface, but from the terminal
interface you can specify the IPv6 address (as well the IPv4) in the
/etc/config/lime (taking inspiration from /etc/config/lime.example).
2. I create a traffic rule which DROPS ANY traffic
coming from the
statically assigned IPv4 address (192.168.A.A) of the connected LiMe
router (which is in the LAN zone and with a defined source MAC
address) with destination ANY LAN zone -so that they can access only
the Internet (WAN).
3. I enable the rule and put it up to the top of the list
Why can I still reach my home private router from the LiMe network?
"reach the router"?
If I got it correctly the router is your gateway, so it's good if you
can reach it... The problem comes with other devices on the LAN side.
Did I get it correctly?
Is this "zone" thing working?
How should I configure it?
I'm not experienced with OpenWrt firewall configuration, sorry :/
Please let me know. Either through the LuCI web
interface or the
command line -step by step, please.
Thank you!
Bye!!
Ilario