Guest Wi-Fi provides internet access to your network members. It also provides firewall security rules to isolate your guest network from the rest. This recipe is based on the Guest Wi-Fi basics and Guest Wi-Fi extras, providing a more user-friendly approach through the LuCI web interface.
The changes below assume an OpenWrt default configuration. We assume that you have a private WLAN set on 192.168.1.xxx and want a guest WLAN on 192.168.2.xxx.
At the interfaces, edit the `guest` interface that you just created.
Switch the protocol to a static address.
Fill in the static IP, subnet mask and enable DHCP.
Make sure the static IP is on a different subnet.
At firewall settings, create a new guest firewall zone.
At the firewall settings, edit the newly created guest zone.
Set Input to REJECT, Output to ACCEPT and Foward to REJECT. Allow forward to destination zone: `lan`.
It should look as follows
Also enable masquarading for lan