On 2023-04-30 12:34, Per Jessen wrote:
Carlos E. R. wrote:
On a known machine : iptables -I INPUT -p all -s 192.168.34.0/24 -j ACCEPT iptables -I INPUT -p all -s 192.168.101.0/24 -j DROP
All that is very nice, but I do need new hardware to assign 192.168.101.0/24 to guests. Currently I have no way to do that.
I thought you said your router supported allocating fixed addresses, up to 30 ?
Ok, yes, but I'm not going to bother to use those for guests. Too much work. Allow them to connect find the MAC, write the config, force them to re-connect. No.
For most common home routers I have seen, the guest configuration is only about giving guests a different SSID and password than the main one. They get IPs from the same pool as the household.
That is fine - assign fixed addresses to the household machines.
Bufff. I did, most of them... then replaced the router and config destroyed. I'm too lazy, I only assign IPs to machines that I really need to know what address they have, to give them access to an NFS share or otherwise punch a hole in the firewall. There are even virtual machines that get their IP from the house router.
Disclaimer: not a ready-to-go solution, just for inspiration. The rest is up to the reader. Might require some reading.
I understand what you are suggesting, I know how to do that, but... no. Too much work, and too few slots. Yeah, instead, all my important machines have a firewall to inside. No, the only safe and proper way is another AP router, handling DHCP and having a firewall and a distinct IP range. That is an effort I would do if the expense were justified. -- Cheers / Saludos, Carlos E. R. (from 15.4 x86_64 at Telcontar)