[dbsoundman]

First post, complicate scenario. Here we go:

I have a primary router (Linksys WRT54GL) which is the primary DHCP server, and runs the wireless network. My server is connected via wired connection to this router. I have a secondary dd-wrt router (also Linksys WRT54GL) acting as a wireless bridge to connect an ethernet-to-serial adapter in another room to the main network. I ONLY access the serial adapter via the server connected to the main router.

What I want to do is set up a VLAN on the SECONDARY router to segregate the ethernet to serial adapter and future devices from multicast/broadcast messages on the LAN, AND isolate them from the WAN/internet. All I want to be able to do is access them from the server on the primary router. I found a tutorial on how to create isolated VLANs but I'm not too sure on the firewall settings. I guess I don't quite understand how I can set up access such that I can get to it from the server but not send it other network broadcasts. I hope this makes sense...

For the sake of example, I'll say that the primary router has gateway 192.168.1.1, the secondary is 192.168.2.1, and we'll make the VLAN 10.0.0.1. If the secondary router sees the general wifi connection as vlan0, and the isolated network is vlan1, can I simply direct my server to look for the serial device at a 10.0.0.x address? What specific firewall commands would I need to filter all other traffic away from vlan1?

Based on the tutorial (see below), I think I need something like this: