[bl@d3runn3r]

It's probably an easy task but for some reason it can't get it to work.

I created a isolated Guest network using this Wiki page
https://wiki.dd-wrt.com/wiki/index.php/Guest_Network

I did not use the new DNSMasq method (yet) because it would mean more work for me but will be done later if needed.

So i have this isolated Guest network on br1 with subnet 20.0.0.1 /24

And my private network 192.168.1.0/24 (br0)

I was reading some guides and iptable documents and i thought it should look something like this but it doesn't seem to work and have no idea how to easy troubleshoot this.

# Allow Guest Network to access Pi-Hole
iptables -I FORWARD -i br1 -o br0 -d 192.168.1.130 -p udp --dport 53 -m state --state NEW -j ACCEPT
iptables -I FORWARD -i br1 -o br0 -d 192.168.1.130 -p tcp --dport 53 -m state --state NEW -j ACCEPT

Any ideas?

[egc]

For that we have to see all your rules:
telnet to your router and do:
iptables -vnL FORWARD

You can leave out the

[Per Yngve Berg]

iptables -I FORWARD -i br1 -o br0 -d 192.168.1.130 -p udp --dport 53 -m state --state NEW -j ACCEPT

This rule does not work because there is no state on UDP. It's a connectionless protocol.

[Per Yngve Berg]

Do you get the same results between br1 and br0?

[bl@d3runn3r]

Thanks for all the answers, will do some test when home later today.

[bl@d3runn3r]