Ok, it sounds crazy but here me out.
I have this setup:
A TP-Link router as a gateway00 for my main LAN00, and the hAP lite as a gateway01 for the another LAN01 that is WiFi only.
The hAP is BEHIND the TP-Link, yes, is it a double nat, but the TP-Link does not have the advanced functions, like vlan handling and multi-addressing to handle several networks.
What I want to do is use the hAP to forward specific traffic or ports to one specific machine on the LAN00 again. I know, the TP-Link can do it that BUT, the thing is that I want the hAP to use the src-address list to allow just certain machines that come from the internet to access that specific machine in LAN00.
So, the the hAP that is behind the TP-Link will act as a gatekeeper with the src-address list forwarding just specific traffic or ports to that specific machine on the Lan00
I know, that it can be also done via vlans, but I would like to know how messed up this way would be.
In short (with diagram), Me, will be coming from the internet, the TP-Link will have a port forward pointed to the hAP that is behind, and I want the hAP to forward or route the traffic to an specific machine that is int he TP-Link LAN, which is also the WAN side of the hAP.