LAN & OPT1 share a Chromecast?

  • Is there a way to set up my LAN port and OPT1 (renamed to Guest WiFi)port to be on the same subnet (IP range, but to keep devices on OPT1 from talking to anything but a single device on LAN while still getting internet access?

    em0=WAN, em1=LAN, em2=GuestWiFi

    LAN contains all my personal network equipment (AP, printer, MOCA bridge, computers, etc)
    OPT1 is going to be for guest WiFi, so they shouldn't have access to my file servers, etc but I would like them to be able to push stuff to my Chromecast is that possible?

    I tried giving the OPT1 interface an IP address of and handing out DHCP to however, devices had no internet access and couldn't ping the Chromecast with the following rules on GuestWiFI:

    LAN rules:

  • LAN and OPT1 can't be on the same subnet.  If LAN is, make OPT1 something like with DHCP range  Then your rules should work.

  • Like Kom said give your guestwifi its own dhcp server and then make a rule something like this to block all access to your lan:

    BLOCK IPv4 * GUESTWIFI net * LAN net * * none

    Be sure to give your chromecast a static IP if you have not already.

  • Well, I seem to have it working. I'll have to get a sanity check on my firewall rules for all my networks later this week. Since the two auxiliary APs get turned off when not in use they aren't exactly a security risk all the time.

