4 Nov
2020
4 Nov
'20
12:24 p.m.
So I found a solution just for my scenario.
My ISP router is a Fritzbox 7490 (behind a modem) which provides a guest
Lan at one of the ethernet ports.
I got there thinking about a solution using Vlans, but the Fritzbox does
not provide Vlans.
Regards
Jürgen
Am Mi., 4. Nov. 2020 um 11:18 Uhr schrieb Juergen Kimmel <
juergenkimmel(a)gmail.com>gt;:
But unfortunately it is not working here. I can ping
all devices in my
home network.
I can even open a program on a Raspi which does not need credentials when
accessed within my home network
Am Mi., 4. Nov. 2020 um 10:35 Uhr schrieb Juergen Kimmel <
juergenkimmel(a)gmail.com>gt;:
> " I suppose this is what you do not want, correct?"
> Yes, exactly!
>
> Am Di., 3. Nov. 2020 um 19:44 Uhr schrieb Ilario Gelmetti <
> iochesonome(a)gmail.com>gt;:
>
>> On 10/28/20 2:54 PM, Juergen Kimmel wrote:
>> > My home network and the mesh network are connected to the same ISP
>> router.
>> > How can I separate one from the other?
>>
>> This is a very interesting question!
>> We absolutely need some documentation on this, as I'm sure that it is a
>> common problem.
>> I don't know if there is a prepared solution for this or if you'll
have
>> to add a firewall rule.
>>
>> I just tested, and being connected to a LAN port or to the AP of my
>> LibreMesh router directly connected via its WAN port to my ISP router, I
>> can ping other devices connected directly to the ISP router.
>> I tested this both with and without the OpenWrt firewall package
>> selected.
>> I suppose this is what you do not want, correct?
>>
>> The easiest solution I can think of is:
>>
>> * find out the IPv4 of your home gateway (likely 192.168.0.1 or
>> 192.168.1.1)
>> * from this IPv4, find the subnet of your home network: take the gateway
>> IP, replace the rightmost field by a zero digit and append a "/24"
>> (usually either 192.168.0.0/24 or 192.168.1.0/24)
>> * add this line in the middle of the /etc/rc.local file in the router
>> directly connected to the ISP, before the "exit 0" line:
>>
>> iptables -I FORWARD -d your_network_subnet -j REJECT
>>
>> for example, in my case my gateway router has IP 192.168.0.1 and I added:
>>
>> iptables -I FORWARD -d 192.168.0.0/24 -j REJECT
>>
>> And reboot.
>>
>> If anyone has a more elegant solution, please share!
>> Ciao,
>> Ilario
>>
>>
>>
>>
>> _______________________________________________
>> lime-users mailing list
>> lime-users(a)lists.libremesh.org
>> https://lists.libremesh.org/mailman/listinfo/lime-users
>
>