One way access to devices on guest network












0















I'm trying to configure a guest wireless network on the router asus RT-AC66U_B1. The network's purpose is to host iot devices and and a server running home automation software.



I'd like to be able to reach these devices from my main network to via protocols like SMB and SSH so i need to be able to see them, but at the same time i'd like them not to be able to see what's on the main network. The only setting i've found in the router is an "access intranet" checkbox on the guest network's settings, but that opens up everything so it kills the benefits of having a separate network.



Do you have any idea on how i might be able to solve this?










share|improve this question



























    0















    I'm trying to configure a guest wireless network on the router asus RT-AC66U_B1. The network's purpose is to host iot devices and and a server running home automation software.



    I'd like to be able to reach these devices from my main network to via protocols like SMB and SSH so i need to be able to see them, but at the same time i'd like them not to be able to see what's on the main network. The only setting i've found in the router is an "access intranet" checkbox on the guest network's settings, but that opens up everything so it kills the benefits of having a separate network.



    Do you have any idea on how i might be able to solve this?










    share|improve this question

























      0












      0








      0








      I'm trying to configure a guest wireless network on the router asus RT-AC66U_B1. The network's purpose is to host iot devices and and a server running home automation software.



      I'd like to be able to reach these devices from my main network to via protocols like SMB and SSH so i need to be able to see them, but at the same time i'd like them not to be able to see what's on the main network. The only setting i've found in the router is an "access intranet" checkbox on the guest network's settings, but that opens up everything so it kills the benefits of having a separate network.



      Do you have any idea on how i might be able to solve this?










      share|improve this question














      I'm trying to configure a guest wireless network on the router asus RT-AC66U_B1. The network's purpose is to host iot devices and and a server running home automation software.



      I'd like to be able to reach these devices from my main network to via protocols like SMB and SSH so i need to be able to see them, but at the same time i'd like them not to be able to see what's on the main network. The only setting i've found in the router is an "access intranet" checkbox on the guest network's settings, but that opens up everything so it kills the benefits of having a separate network.



      Do you have any idea on how i might be able to solve this?







      networking wireless-networking router






      share|improve this question













      share|improve this question











      share|improve this question




      share|improve this question










      asked Jan 18 at 8:23









      mrcmrc

      1




      1






















          1 Answer
          1






          active

          oldest

          votes


















          0














          There are multiple ways to accomplish this, unfortunately none match all the criteria of secure, easy AND cheap.




          1. If your Iot devices are all wireless you may be able to put them on a guest WIFI LAN (but im not sure if the included firmware will allow the main LAN to reach the IOT lan - the servers may need to be hosted putside your network.


          2. If you het a second router you can have the internet coming to the 'edge' router and connect yhe IOT devices to that. You then connect a LAN port on the edge router to the WAN port of the secind (core) router and hang your main network behind the core router. By using (double) NAT you effectively allow the Home router to reach the iot router and Internet but protect inbound connections. You just need to ensure the LAN ranges are different. (You could also drop NAT on the core router and replace it with routing and firewall rules, provided the core router csn do this.


          3. The way I would do it would be to flash dd-wrt onto the router and then have 2 different LAN interfaces (it does not appear the supplied firmware can do this, but DD-WRT can. Once you have 2 lan segments set up you can use the router to route between them and firewall as appropriate.







          share|improve this answer
























          • Thanks for your answer, i have a second router and i had exactly the 2nd configuration, but i wasnt able to ping the devices from the inner network..

            – mrc
            Jan 19 at 12:06











          • @mrc Ok. Thats probably a seperate question - you would need to describe the network and hardware to find the problem.

            – davidgo
            Jan 19 at 17:46











          Your Answer








          StackExchange.ready(function() {
          var channelOptions = {
          tags: "".split(" "),
          id: "3"
          };
          initTagRenderer("".split(" "), "".split(" "), channelOptions);

          StackExchange.using("externalEditor", function() {
          // Have to fire editor after snippets, if snippets enabled
          if (StackExchange.settings.snippets.snippetsEnabled) {
          StackExchange.using("snippets", function() {
          createEditor();
          });
          }
          else {
          createEditor();
          }
          });

          function createEditor() {
          StackExchange.prepareEditor({
          heartbeatType: 'answer',
          autoActivateHeartbeat: false,
          convertImagesToLinks: true,
          noModals: true,
          showLowRepImageUploadWarning: true,
          reputationToPostImages: 10,
          bindNavPrevention: true,
          postfix: "",
          imageUploader: {
          brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
          contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
          allowUrls: true
          },
          onDemand: true,
          discardSelector: ".discard-answer"
          ,immediatelyShowMarkdownHelp:true
          });


          }
          });














          draft saved

          draft discarded


















          StackExchange.ready(
          function () {
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f1395656%2fone-way-access-to-devices-on-guest-network%23new-answer', 'question_page');
          }
          );

          Post as a guest















          Required, but never shown

























          1 Answer
          1






          active

          oldest

          votes








          1 Answer
          1






          active

          oldest

          votes









          active

          oldest

          votes






          active

          oldest

          votes









          0














          There are multiple ways to accomplish this, unfortunately none match all the criteria of secure, easy AND cheap.




          1. If your Iot devices are all wireless you may be able to put them on a guest WIFI LAN (but im not sure if the included firmware will allow the main LAN to reach the IOT lan - the servers may need to be hosted putside your network.


          2. If you het a second router you can have the internet coming to the 'edge' router and connect yhe IOT devices to that. You then connect a LAN port on the edge router to the WAN port of the secind (core) router and hang your main network behind the core router. By using (double) NAT you effectively allow the Home router to reach the iot router and Internet but protect inbound connections. You just need to ensure the LAN ranges are different. (You could also drop NAT on the core router and replace it with routing and firewall rules, provided the core router csn do this.


          3. The way I would do it would be to flash dd-wrt onto the router and then have 2 different LAN interfaces (it does not appear the supplied firmware can do this, but DD-WRT can. Once you have 2 lan segments set up you can use the router to route between them and firewall as appropriate.







          share|improve this answer
























          • Thanks for your answer, i have a second router and i had exactly the 2nd configuration, but i wasnt able to ping the devices from the inner network..

            – mrc
            Jan 19 at 12:06











          • @mrc Ok. Thats probably a seperate question - you would need to describe the network and hardware to find the problem.

            – davidgo
            Jan 19 at 17:46
















          0














          There are multiple ways to accomplish this, unfortunately none match all the criteria of secure, easy AND cheap.




          1. If your Iot devices are all wireless you may be able to put them on a guest WIFI LAN (but im not sure if the included firmware will allow the main LAN to reach the IOT lan - the servers may need to be hosted putside your network.


          2. If you het a second router you can have the internet coming to the 'edge' router and connect yhe IOT devices to that. You then connect a LAN port on the edge router to the WAN port of the secind (core) router and hang your main network behind the core router. By using (double) NAT you effectively allow the Home router to reach the iot router and Internet but protect inbound connections. You just need to ensure the LAN ranges are different. (You could also drop NAT on the core router and replace it with routing and firewall rules, provided the core router csn do this.


          3. The way I would do it would be to flash dd-wrt onto the router and then have 2 different LAN interfaces (it does not appear the supplied firmware can do this, but DD-WRT can. Once you have 2 lan segments set up you can use the router to route between them and firewall as appropriate.







          share|improve this answer
























          • Thanks for your answer, i have a second router and i had exactly the 2nd configuration, but i wasnt able to ping the devices from the inner network..

            – mrc
            Jan 19 at 12:06











          • @mrc Ok. Thats probably a seperate question - you would need to describe the network and hardware to find the problem.

            – davidgo
            Jan 19 at 17:46














          0












          0








          0







          There are multiple ways to accomplish this, unfortunately none match all the criteria of secure, easy AND cheap.




          1. If your Iot devices are all wireless you may be able to put them on a guest WIFI LAN (but im not sure if the included firmware will allow the main LAN to reach the IOT lan - the servers may need to be hosted putside your network.


          2. If you het a second router you can have the internet coming to the 'edge' router and connect yhe IOT devices to that. You then connect a LAN port on the edge router to the WAN port of the secind (core) router and hang your main network behind the core router. By using (double) NAT you effectively allow the Home router to reach the iot router and Internet but protect inbound connections. You just need to ensure the LAN ranges are different. (You could also drop NAT on the core router and replace it with routing and firewall rules, provided the core router csn do this.


          3. The way I would do it would be to flash dd-wrt onto the router and then have 2 different LAN interfaces (it does not appear the supplied firmware can do this, but DD-WRT can. Once you have 2 lan segments set up you can use the router to route between them and firewall as appropriate.







          share|improve this answer













          There are multiple ways to accomplish this, unfortunately none match all the criteria of secure, easy AND cheap.




          1. If your Iot devices are all wireless you may be able to put them on a guest WIFI LAN (but im not sure if the included firmware will allow the main LAN to reach the IOT lan - the servers may need to be hosted putside your network.


          2. If you het a second router you can have the internet coming to the 'edge' router and connect yhe IOT devices to that. You then connect a LAN port on the edge router to the WAN port of the secind (core) router and hang your main network behind the core router. By using (double) NAT you effectively allow the Home router to reach the iot router and Internet but protect inbound connections. You just need to ensure the LAN ranges are different. (You could also drop NAT on the core router and replace it with routing and firewall rules, provided the core router csn do this.


          3. The way I would do it would be to flash dd-wrt onto the router and then have 2 different LAN interfaces (it does not appear the supplied firmware can do this, but DD-WRT can. Once you have 2 lan segments set up you can use the router to route between them and firewall as appropriate.








          share|improve this answer












          share|improve this answer



          share|improve this answer










          answered Jan 18 at 9:33









          davidgodavidgo

          44k75292




          44k75292













          • Thanks for your answer, i have a second router and i had exactly the 2nd configuration, but i wasnt able to ping the devices from the inner network..

            – mrc
            Jan 19 at 12:06











          • @mrc Ok. Thats probably a seperate question - you would need to describe the network and hardware to find the problem.

            – davidgo
            Jan 19 at 17:46



















          • Thanks for your answer, i have a second router and i had exactly the 2nd configuration, but i wasnt able to ping the devices from the inner network..

            – mrc
            Jan 19 at 12:06











          • @mrc Ok. Thats probably a seperate question - you would need to describe the network and hardware to find the problem.

            – davidgo
            Jan 19 at 17:46

















          Thanks for your answer, i have a second router and i had exactly the 2nd configuration, but i wasnt able to ping the devices from the inner network..

          – mrc
          Jan 19 at 12:06





          Thanks for your answer, i have a second router and i had exactly the 2nd configuration, but i wasnt able to ping the devices from the inner network..

          – mrc
          Jan 19 at 12:06













          @mrc Ok. Thats probably a seperate question - you would need to describe the network and hardware to find the problem.

          – davidgo
          Jan 19 at 17:46





          @mrc Ok. Thats probably a seperate question - you would need to describe the network and hardware to find the problem.

          – davidgo
          Jan 19 at 17:46


















          draft saved

          draft discarded




















































          Thanks for contributing an answer to Super User!


          • Please be sure to answer the question. Provide details and share your research!

          But avoid



          • Asking for help, clarification, or responding to other answers.

          • Making statements based on opinion; back them up with references or personal experience.


          To learn more, see our tips on writing great answers.




          draft saved


          draft discarded














          StackExchange.ready(
          function () {
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f1395656%2fone-way-access-to-devices-on-guest-network%23new-answer', 'question_page');
          }
          );

          Post as a guest















          Required, but never shown





















































          Required, but never shown














          Required, but never shown












          Required, but never shown







          Required, but never shown

































          Required, but never shown














          Required, but never shown












          Required, but never shown







          Required, but never shown







          Popular posts from this blog

          Plaza Victoria

          Puebla de Zaragoza

          Musa