When I call iptables -L I get (truncated to only show the tops of the chains)
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- 192.168.1.50 anywhere
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT udp -- anywhere anywhere udp spt:bootps dpt:bootpc
and...
Chain FORWARD (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere 192.168.1.50
ACCEPT all -- 192.168.1.50 anywhere
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
DROP all -- anywhere 192.168.1.0/24 state NEW
upnp all -- anywhere anywhere
and...
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere 192.168.1.50
ACCEPT all -- anywhere anywhere
This all seems to be in order, but I cannot ping the printer (192.168.1.50) from my guest network (192.168.2.x)
I should note that I have AP isolation and NET isolation ENABLED for both wireless networks - but disabling these did not change the outcomes.
While the IP address of my guest network is 192.168.2.1
with subnet mask 255.255.255.0, I can't find a setting for gateway on any of the 3 wireless networks (ath0 5GHz, ath1 2.4GHZ, or ath1.1 Guest Network).
So when I said the gateways were both 192.168.1.1, I was wrong.
On the main (wired) setup is the only place I can find a gateway setting, and the only setting that seems to allow internet traffic is 0.0.0.0
Joined: 24 Oct 2008 Posts: 1079 Location: Latin America
Posted: Sun Aug 01, 2021 0:23 Post subject:
mightyeric wrote:
While the IP address of my guest network is 192.168.2.1
with subnet mask 255.255.255.0, I can't find a setting for gateway on any of the 3 wireless networks (ath0 5GHz, ath1 2.4GHZ, or ath1.1 Guest Network).
So when I said the gateways were both 192.168.1.1, I was wrong.
On the main (wired) setup is the only place I can find a gateway setting, and the only setting that seems to allow internet traffic is 0.0.0.0
What am I missing?
If your phone and others are obtaining a dhcp lease, the dhcp server (the router) should provide the gateway address (which should be itself).
BTW: don't set network isolation on. _________________ If you want support, please read first the announcements and forum rules.
Si usted desea ayuda, por favor lea primero los anuncios y las reglas del foro.
Obviously this works, but effectively negates the firewall entirely. The firewall rules I've used are designed to specifically be the ONLY exception to the firewall.
For someone setting rules in the OUTPUT chain and giving your neighbour access to your printer (if this router is connected to the internet, luckily there seems an error in your setup or the printer has its own local firewall allowing only its on subnet) it is a rather bold claim that the software is at fault (but impossible it is not).