I need to bridge Office1 and Office2 wireless with each other using 2 MT BaseBox5.
Office1 and Office2 must not access each other LANS.
Office2 must have internet access through the LTE router in Office1.
I have no idea how to set it up and will appreciate some pointers.
Office1:
hAP AC:
LAN: 192.168.8.1/24
WAN on eth1: 10.10.10.2 with gateway 10.10.10.1
eth2 to eth4 switched
eth2 to eth4, wlan1 bridged
wlan2 disabled
eth5 open
DHCP 192.168.8.20 to 120
LTE Router providing internet access:
10.10.10.1
Internet access works fine from ethernet and wlan in office 1.
Office2:
hAP AC:
LAN: 192.168.6.1/24
eth2 to eth4 switched
eth2 to eth4, wlan1 bridged
wlan2 disabled
All eth ports open
DHCP 192.168.6.20 to 120
a) Simply put 192.168.8.x/24 on “WAN” of router 2, connect it to LAN1 using transparent wireless link made from Baseboxes, add static route to LAN2, finally block direct access between LANs using firewall on router 2.
b) Make router 1 the only router, separate one ethernet port from others and use it for LAN2 (put 192.168.6.1/24 there) and then again transparent wireless link, and router 2 may be just simple bridge. Firewall rules would go on router1.
c) Use dedicated subnet for the link between routers, e.g. 192.168.7.1/24 on separate port of router 1, going to “WAN” with 192.168.7.2/24 on router 2, static route to LAN2, etc…
The main difference is from security perspective, who manages things, how much admins trust each other, etc. For example, with a) it’s mainly router 2 that controls access between networks, with b) everything (dhcp, …) is configured only on router 1, with c) each router can protect own LAN, even if the other one was compromised.