Posted: Thu Sep 15, 2016 17:57 Post subject: Isolate device from my private network
I currently have a Buffalo Tech WZR-600DHP running dd-wrt build 29660.
I followed the instructions to create a private wireless ssid and a guest wireless ssid (along with the iptables commands to ensure that devices connected to my guest ssid cannot access anything on my private network).
We recently updated our home security system and had some home automation devices added that require internet connectivity. The security company insisted on installing their own wireless router plugged into the back of mine (and they won't give me admin access to this router).
What I would like to do is ensure that any devices connected through this router can only access the WAN and cannot access anything on my private network.
The wrinkle in this is that I needed the new router to be placed closer to the devices that would connect to it. The only way I could achieve that is to use home PowerLine adapters. There are other devices connected to my network through these adapters that I would like to continue to have access to my private network.
The security system's wireless router has its own subnet, so I assume there are some iptables commands that I can use to isolate this subnet, but I just don't know what they are. Can anyone provide some guidance on this?
Joined: 28 Jun 2011 Posts: 580 Location: Vilnius, Lithuania
Posted: Thu Sep 15, 2016 22:46 Post subject: Re: Isolate device from my private network
pecze wrote:
We recently updated our home security system and had some home automation devices added that require internet connectivity. The security company insisted on installing their own wireless router plugged into the back of mine (and they won't give me admin access to this router
Childish security. It should never depend on your connection _________________ [Ramips] Nexx WT3020F Openwrt @kernel #4.14.167 (OpenVPN server, Wireguard server, AD blocking, SQM QOS, USB)
Joined: 13 Aug 2013 Posts: 6872 Location: Romerike, Norway
Posted: Fri Sep 16, 2016 7:21 Post subject:
You need a second router at the other end of the PowerLine adapter.
I suspect that the Security Router do NAT and you will only see the WAN address of that router. Otherwise it would have not worked unless you put a route to it on your router.