connecting an old Linksys e3000 w dd-wrt on it as a IOT LAN?

sdok

So I've spent a couple hours trying to do this a few ways and am having no luck. I want to put ALL my iot devices on its own router. There ARE some VLAN ways to do this in the switch i have but I really dislike the ubiquiti everything and dont want to use it for this. Plus a few of my devices have issues connecting to UI aps but connect to a Linksys fine.

My setup:

WAN (fiber) > pfsense Intel NIC > LAN Intel 10GB NIC (10.x.x.x/24)> Uibquiti 25 port POE switch ( wifi aps attached to this)

This all works fine.

First thing I tried:
Plugged the WAN port of the Linksys into a port on the UI switch. Whether I let the DHCP pass through or put it on its own completely different range (192.168.x.x/24) it works fine. The PROBLEM is that all of the things connected to the Linksys can still hit all of the things on my 10.x network. I don't want this. I just want them to be able to connect to the internet on their own without access to my main network.

I tried adding rules in pfsense on the LAN side to block that Linksys range to my other LAN but it doesnt seem to care about the rules so this doesnt seem possible.

NEXT....I have a spare Realtek port onboard on the pfsense PC so figured I'd use that. I enabled and assigned that interface called (IOT) and gave it its own ip range 192.168.3.3/24. Enabled DHCP on it and plugged it into the WAN port on the Linksys and disabled DHCP on the Linksys. Anything that connects to the Linksys gets an ip from pfsense as expected. The issue... no internet to any clients. In fact the Linksys cant even get outside. pfsense can ping the WAN ip it gives it, the linksys cannot ping pfsense back on what would be its local gateway ip (192.168.3.3)

LASTLY... I tried the same setup as just before this but instead plugged the pfsense port into port 1 on the Linksys and disabled WAN in the linksys. Basically making it a switch with wifi. This has the same results as above except now the Linksys CAN ping the pfsense new LAN port IOT... but still cant get anything behind that router online.

Any suggestions?
Thx

stephenw10

Yeah, it needs to be on a separate interface to control traffic between there and the main LAN. That can be either a different NIC as you tried or a VLAN interface.

What firewall rules did you add on the new interface? There will be none there by default.

In dd-wrt you should have full control over the ports and onboard switch so you can configure the E3000 how you like. You want it to be just an AP and switch though, connecting to the 'LAN' ports is probably easiest.

Steve

sdok

@stephenw10

the only rule right now for the new LAN (IOT) is this

Theres not much on the standard LAN (that works). Most rules are in the WAN section and forward to LAN.
Still stuck... nothing on the IOT network can reach the internet. :(

akuma1x

@sdok You want to change that SOURCE network to your IOT network, LAN network won't work in this case.

sdok

@akuma1x yep. I'm a dumbass. That was exactly the problem. Cant believe I didnt see or catch that. Thank you. Working now.