This issue has been raised on this forum a few times in the past but I am still facing problems doing the following:
I want to use my Guest network (wifi) as IoT on my GL-BE9300 running 4.8.1. So, I followed examples based on https://www.youtube.com/watch?v=UvniZs8q3eU to modify firewall settings in Luci to allow LAN to communicate with Guest (but not the other way around). The zone settings look like this.
Guest has also inherited exceptions from the original Guest network for DNS and DHCP in Firewall - Traffic Rules.
However, I am still unable to reach any devices on Guest from LAN.
Any idea why?
Note: my GL-BE9300 is in drop-in gateway mode, with the main router being a GL-AX1800. However, the Guest network and all wifi are running from GL-BE9300.
If you want devices on the LAN to be able to access the Guest network, but not vice versa, simply enable forwarding from the LAN to the Guest network in the default configuration.
I think what confused me first was that my device on the BE9300 LAN network (iPhone) could not find a device on Guest (wifi-connected speaker) using the speaker control app. How could I go about solving this issue? I suppose it would be based on udp-broadcast-relay or something similar.
Regarding AX1800 LAN access to BE9300 Guest: is enabling WAN-to-Guest forwarding needed in the BE9300 drop-in gateway mode?
If device discovery relies on multicast/broadcast, then yes, you need to install an application like luci-app-udpxy to forward these traffics between the two subnets.
Both of the aforementioned configuration should be adjusted - static route & Firewall allow
