[dzseki]

Hello,
First time poster here. I am an electrical engineer by profession, so probably have higher understanding on networking than Average Joe, yet still, here I am asking...
Long story coming...

For ourselves we have 1Gbps internet coming in with optical fibre, we have the fibre modem/router from the ISP. This modem acts as the main Wi-Fi source for the wireless devices around the house, as this modem has only one 1Gbps Ethernet port all wired devices are connected to a switch (that is connected to the high speed port of the modem).

We have an apartment to let out located on our family estate which is located further from the main house. As a gesture I want to share my internet connection with the tenant, but without the ability to access my private home network.

Even though I have good enough bandwidth for our needs, I still figured that I should limit the bandwidth for the tenant somehow. My idea was to use an old D-LINK DIR-615 wireless router I have at hand, since this only has 100Mbps ports (but has N WiFi) the bandwidth limitation is done without fuss.
This D-LINK router runs dd-wrt firmware of course, currently running on an older version: v3.0-r55209 std.

So far I did the following:
ISP Modem -> LAN Switch -> D-LINK (WAN)

- In dd-wrt the WAN port is configured as a gateway, and the WAN port has a static IP assigned from the ISP modem/router.
- My local network is on 192.168.1.xxx subnet, while the D-LINK router is assigning 192.168.2.1xx addresses, but obviously the gateway is set to 192.168.1.1 (my main ISP router).

With this setting the internet is accessible properly from both networks, however while I can't ping on the 192.168.2.1xx devices from my network, it works the other way around, there is no problem in accessing any of my devices from the D-LINK network, this I don't want.

So I am seeking advice on how to setup the D-LINK dd-wrt router to act like a completely separate network, except for accessing the "same internet".