[Ork77]

Good day everyone.
I write to you from a deep state of desperation.
I find myself needing to activate a guest network. Unfortunately, although we are almost in 2024, my internet provider gives routers that are not capable of creating a banal guest network. I was thus forced to buy a new router to go alongside this one and in order not to complicate my life I looked for something that could do this thing alone without too many problems and I got a tp-link ax55. Unfortunately today, after spending hours with TP link support, I hear that this router cannot do what it promised. Having no intention of wasting any more money, I went to recover an old router I had, a Tp-link wdr3600 on which I installed the latest available version of ddwrt. Unfortunately my problems are not over and despite the immense potential of this system I still cannot do what I need (and this time certainly due to my personal inability undoubtedly in the field of computer networks)
Let me start by saying that I have already read everything I found and made countless attempts without success. I can't find a single updated guide that is suitable for a total novice on the subject like me. Finding a good soul here is truly my last hope.

I'll give you my general configuration.
Router 1...not very configurable and not replaceable, several PCs are connected to it via cable. Possibly I will also use it to create the home WiFi network

Router 2, the wdr3600. This should be connected to the main one via cable (it is currently in gateway mode and connected via WAN port), I would use one of its LAN ports for a final PC and its network interfaces (both 2.4 and 5 gigabytes) to create the network guests. The guest network must be able to connect to the internet without limits but must absolutely not see, ping, connect etc etc with everything present in the main network. All my attempts so far have not achieved this result. Even with distinct subnets, putting ad hoc iptables rules, with ap and net isolation, blacklisting the mac addresses of the PCs on the main network, even with all this together I can't prevent a guest from seeing my PC or my plex server or anything else.
By now I've lost count of the resets but I don't know what else to try anymore. Could someone help me or direct me to some up-to-date and simple online resources to do what I want?
Thank you

[egc]

Latest DDWRT can mean a lot of things, latest is of today 54248

To prevent a downstream router to see upstream network a simple iptables rules should suffice:

[Ork77]

OHMYGOD....For me you really are a guru
Thank you..the first command did the trick!
Now there is just a minor thing to fix. The pc I connect to the ddwrt router gets his ip from it and the ip is 192.168.1.X (the main network and the wan are 192.168.0.x). Now...is there a way to force it to take an ip as all the others? Should I disable the dhc on the secondary router? (I guess no because probably will disable also the ones that provide ips for the wlan0/1 ). Or maybe should I just give it a static IP?
Thx

[egc]

If you want the PC wired connected to the downstream router be part of the upstream network you can add the routers lan port to which that PC is connected to vlan2 instead of vlan1.

You can do that very simple on the Switch config tab although I am not sure your router has one.

Be warned that your PC can either be part of just one router.

[Ork77]

I have that..and it worked again.. and you really saved my day.

THANK YOU!