Posted: Fri May 04, 2018 8:59 Post subject: Block LAN users to access WAN subnet
I've a DSL router in the 192.168.1.0/24 subnet connected to the WAN port of the DD-WRT switch.
DD-WRT switch has on WLAN and LAN ports a 192.168.2.0/24 subnet configured.
I'd like to avoid a 192.168.2.X client to be able to access a 192.168.1.X client (TCP, ICMP, etc.).
On the other hand, a 192.168.1.X client should be able to access 192.168.2.X clients.
Joined: 18 Mar 2014 Posts: 12917 Location: Netherlands
Posted: Fri May 04, 2018 10:35 Post subject:
To isolate your upstream network i.e. router you can add the following line to the firewall of your downstream router (Administration/Commands save firewall):
Code:
iptables -I FORWARD -d `nvram get wan_ipaddr`/`nvram get wan_netmask` -m state --state NEW -j REJECT
I have not tested it so I am not 100% sure but others will surely correct me
