So I found a solution just for my scenario.
My ISP router is a Fritzbox 7490 (behind a modem) which provides a guest Lan at one of the ethernet ports.
I got there thinking about a solution using Vlans, but the Fritzbox does not provide Vlans.
Regards
Jürgen

Am Mi., 4. Nov. 2020 um 11:18 Uhr schrieb Juergen Kimmel <juergenkimmel@gmail.com>:
But unfortunately it is not working here. I can ping all devices in my home network.
I can even open a program on a Raspi which does not need credentials when accessed within my home network

Am Mi., 4. Nov. 2020 um 10:35 Uhr schrieb Juergen Kimmel <juergenkimmel@gmail.com>:
" I suppose this is what you do not want, correct?"
Yes, exactly!

Am Di., 3. Nov. 2020 um 19:44 Uhr schrieb Ilario Gelmetti <iochesonome@gmail.com>:
On 10/28/20 2:54 PM, Juergen Kimmel wrote:
> My home network and the mesh network are connected to the same ISP router.
> How can I separate one from the other?

This is a very interesting question!
We absolutely need some documentation on this, as I'm sure that it is a
common problem.
I don't know if there is a prepared solution for this or if you'll have
to add a firewall rule.

I just tested, and being connected to a LAN port or to the AP of my
LibreMesh router directly connected via its WAN port to my ISP router, I
can ping other devices connected directly to the ISP router.
I tested this both with and without the OpenWrt firewall package selected.
I suppose this is what you do not want, correct?

The easiest solution I can think of is:

* find out the IPv4 of your home gateway (likely 192.168.0.1 or 192.168.1.1)
* from this IPv4, find the subnet of your home network: take the gateway
IP, replace the rightmost field by a zero digit and append a "/24"
(usually either 192.168.0.0/24 or 192.168.1.0/24)
* add this line in the middle of the /etc/rc.local file in the router
directly connected to the ISP, before the "exit 0" line:

iptables -I FORWARD -d your_network_subnet -j REJECT

for example, in my case my gateway router has IP 192.168.0.1 and I added:

iptables -I FORWARD -d 192.168.0.0/24 -j REJECT

And reboot.

If anyone has a more elegant solution, please share!
Ciao,
Ilario




_______________________________________________
lime-users mailing list
lime-users@lists.libremesh.org
https://lists.libremesh.org/mailman/listinfo/lime-users