Hi,
What is best solution to separate one public PC from all other PC and servers on same LAN? Should I use VLANs, DMZ or something else?
Thank you.
If its just one.
I am just a beginner so hopefully other will freak out and provide the right advice.
- create bridges
a. public_bridge - create a new lan network 192.168.2.1 etc… (will need to configure IP Pool, then IP Address, then DHCP server…)
b. cafe_bridge (use existing default network of 192.168.88.1 etc…
assign ether1 (to ISP assuming) and lets say a five port hex router.
ether2 to 4 to cafe_bridge
ether 5 to public_bridge
Ensure Forward Rules are setup such that last forward rule is DROP ALL.
looks like
default fastrack rule accept
allow established, connected
drop invalid
allow LAN to WAN (for cafe bridge)
allow LAN to WAN (for public bridge)
drop all log only (log prefix - DROPPED TRAFFIC)
drop all
Ip route by default should be good to go.
Assuming no port forwarding required.
Are you going to have Internet Cyber Caffe without any deeper knowledge of networking?
BartozSp, Welcome to the wacky and wonderful age of DIY IT. 
DIY is not bad but you should be at least aware what LAN, VLAN, DMZ means and what are they used for.