This is a pretty simple set up to allow your guests to have access to your network on a different subnet and not be able to access other users on the network and the devices on your LAN.
Here are the steps:
- Add a virtual interface in the wireless section. This will be labeled as ath0.1
- Check the advanced box and enable AP isolation and set Network Configuration to "unbridged" and set up your IP address scheme and subnet mask.
- Then apply the settings
Next we are going to add a DHCP server to this virtual interface.
- Go to Setup then Networking
- Here we are going to go down to DHCPD and we are going to add another DHCP server.
- When we add it we are going to assign it to the virtual interface we created. The default identifier for this virtual interface is ath0.1
- When that is selected we are going to press apply
Now you should have a virtual interface with a separate DHCP server on another subnet. Now we are going to add a code to the command so that the wireless guests will have no access to the devices on the LAN.
- Go to Administration and then commands
- In this window here we are going to add the following code
iptables -I FORWARD -i ath0.1 -o br0 -j logdrop
iptables -I FORWARD -i br0 -o ath0.1 -j logdrop
3. Then once that is added we are going to press save firewall.
That is it. Now you should have a separate SSID with its own subnet and DHCP server that cannot connect to other wireless guests nor the devices on the LAN.