I’m using the GL.iNet GL-MT3000 Beryl AX and have the following setup:
MAIN WiFi (10.0.5.0/24)
GUEST WiFi (192.168.5.0/24)
WireGuard VPN connected on MAIN network to access my homelab at 10.0.0.0/24.
There’s a small server on the MAIN network at 10.0.5.10. And of course, it has access to the homelab via the WireGuard tunnel.
So far, this is all working great using the default web UI setup.
Now, here’s what I want to achieve:
Devices on the GUEST network should be able to access 10.0.5.10 (e.g., to use some services hosted on it).
GUEST devices should also have internet access.
But they must not have access to the 10.0.0.0/24 network (the remote homelab via WireGuard).
Has anyone done something similar? I’m open to firewall rule suggestions or other config tweaks to isolate the VPN while still allowing limited local access from GUEST to MAIN.
Yep, it's enabled, and rightfully so - I only want to allow access to one particular IP in the MAIN network, I don't want the GUEST hosts to roam across other MAIN hosts.
And what's weird, the GUEST can talk to MAIN WiFi hosts by default (when I only want it to access one particular IP there). I described this issue in another post on this forum.
I guess I'll have to add proper firewall rules, but I worry that setting with those via LuCI will somehow be overridden by Beryl native UI in case I modify e.g. the VPN policy...
