Forums

Home Forums Troubleshooting Guest WiFi Allows Browing of LAN Shares

Guest WiFi Allows Browing of LAN Shares

Viewing 6 posts - 1 through 6 (of 6 total)
  • Author
    Posts
  • November 28, 2025 at 5:31 pm #7063
    J1970M2
    Participant

    Hello,
    I’m struggling to create a Guest WiFi network that only allows Internet connectivity and stops access to LAN shared directories. Here’s what I’ve done so far in pcWrt:
    * Created a Guest Wifi SSID
    * Enabled “client isolation” for the Guest network
    * Enabled WireGuard on the Guest network (tried on/off states)
    * VLAN page has Source->Destination as Guest->Guest only.
    However, with these settings, I can browse from the Guest network to shared directories on the LAN.
    Please advise.

    November 28, 2025 at 9:14 pm #7065
    support
    Keymaster

    WireGuard is not necessary. But if you have it, it affects the Internet traffic only.

    Can you share more info on your setup? I’m guessing you have a computer with a shared folder on the LAN. Another computer connected to the Guest WiFi trying to access the shared folder on LAN.

    What are the IP addresses for the computers? Are they on different subnets? Is the guest computer accessing the share by IP address, like \\192.168.10.123\shared-folder?

    November 28, 2025 at 10:04 pm #7066
    J1970M2
    Participant

    Hello,
    I basically have two routers:

    Router A has the Internet from my ISP – all devices on that router are within 192.168.1.xxx.
    Router B (pcWrt) WAN port connects To Router A port and routes to devices that I want to have a 24/7 WireGuard connection – all devices on Router B are within 192.168.2.xxx.
    Router B (pcWrt) can access devices on Router A with 192.168.1.0/24 added to the WireGuard tunneling page.

    I want a Guest Wifi network on Router B (pcWrt) that CANNOT access anything other than an Internet connection. I created the Guest WiFi network, but a device on the Guest network can access a share on 19.1.68.1.xxx and I don’t want it to.

    Thanks for your help.

    November 30, 2025 at 3:55 pm #7067
    J1970M2
    Participant

    Hello,
    Any suggestions? I tried disabling WireGuard, removing the 192.168.1.0/24 added to the WireGuard tunneling page, removed all checkmarks for Guest on the vLan page, but no matter what I try, a device on Guest has full access to my shard directories that are only shared on the LAN (no WAN access). I’m stumped.
    Thanks

    December 1, 2025 at 9:01 pm #7068
    support
    Keymaster

    Devices on your ISP router are on the WAN side of the pcWRT router. Therefore, any traffic going to the 192.168.1.x address space is considered Internet traffic by the pcWRT router. You have several options:

    1. If possible, remove the ISP router and place all devices on its LAN to the LAN VLAN on the pcWRT router.
    2. Keep the ISP router, but move the servers on the 192.168.1.x network to the LAN VLAN on the pcWRT router.
    3. If only specific devices need to access your file share, you can keep the network setup unchanged but use Access Control to block access the file share from unknown devices.
    December 1, 2025 at 11:43 pm #7069
    J1970M2
    Participant

    Thanks so much for the response. Thanks to your feedback, I think I have a solution. I created a new Access Control profile and:

    * Blocked all P2P traffic
    * Blacklisted 192.168.1.0/24
    * Added the device I want to block to the profile

    I then joined the device to the Guest network and it cannot:

    * Get to the pcWrt login page
    * Browse any shares
    * Get to other device LAN network pages

    I think that will do it! Thank you. Apologies for not mentioning that I know the device name I want to block.

  • Author
    Posts
Viewing 6 posts - 1 through 6 (of 6 total)

You must be logged in to reply to this topic.

©2024 bigXi LLC