On 2023-04-30 11:58, Per Jessen wrote:
Carlos E. R. wrote:
On 2023-04-30 08:59, Per Jessen wrote:
Carlos E. R. wrote:
On 2023-04-29 21:07, Per Jessen wrote:
But I think I was saying that I can not give guest machines IPs in a different LAN or VLAN. Not supported by my current hardware, AFAICS.
It doesn't have to be. You could simply keep your machines in a defined range that is never dished out by dhcp.
I do that. But there is nothing that impedes a guest machine from reading a share in any other machine. It is all a single /16.
Ever heard of firewalls?
I did say "with my existing hardware" :-) If not in this post, in another.
Maybe you did, but what is the significance? you don't need extra hardware to set up a firewall.
Certainly. But with my existing hardware, I can not put guests in another LAN.
I never suggested you should. It might provide extra separation and better options for performance, but in a household context, those are not particularly relevant.
On a known machine : iptables -I INPUT -p all -s 192.168.34.0/24 -j ACCEPT iptables -I INPUT -p all -s 192.168.101.0/24 -j DROP
All that is very nice, but I do need new hardware to assign 192.168.101.0/24 to guests. Currently I have no way to do that. DHCP is handled by the router. The router has no capability to assign a different range to clients that connect to the guest SSID. And before you ask, no, I can not put DHCP on a different machine without breaking TV and who knows what. For most common home routers I have seen, the guest configuration is only about giving guests a different SSID and password than the main one. They get IPs from the same pool as the household.
Disclaimer: not a ready-to-go solution, just for inspiration. The rest is up to the reader. Might require some reading.
-- Cheers / Saludos, Carlos E. R. (from 15.4 x86_64 at Telcontar)