On 2023-04-30 08:59, Per Jessen wrote:
Carlos E. R. wrote:
On 2023-04-29 21:07, Per Jessen wrote:
But I think I was saying that I can not give guest machines IPs in a different LAN or VLAN. Not supported by my current hardware, AFAICS.
It doesn't have to be. You could simply keep your machines in a defined range that is never dished out by dhcp.
I do that. But there is nothing that impedes a guest machine from reading a share in any other machine. It is all a single /16.
Ever heard of firewalls?
I did say "with my existing hardware" :-) If not in this post, in another.
When you know "all known machines" are in 192.168.34.0/24 and "everything else" is in 192.168.101.0/24, it is easy to permit everything between "all known machines" and isolate them from "everything else".
Certainly. But with my existing hardware, I can not put guests in another LAN. I know very well how to do it, but my existing hardware is not capable. MEANING. I have both a router and a wiFi access point. Both have "guest wifi" setup. NONE of them assigns a different (SUB)LAN to them. To do that, I need a third AP with its own DHCP server and using a different LAN. And some eth mouths, one for input, several for output (mind: my existing AP doesn't separate those ETH mouths AFAIR). It is perfectly doable, I know how to do that. But it is new hardware, new expense, new management time. I simply say that my existing hardware, and this is a common complaint, despite claiming they can do guest handling, really don't. -- Cheers / Saludos, Carlos E. R. (from 15.4 x86_64 at Telcontar)