I need to run 2 waps. The secure one is connected to the inside interface via a switch and it works fine. WPA, mac filtering, etc. I want to add a second insecure wap for guests to the dmz interface and restrict them to outside access and a single inside host (printer) only. I tried to obvious stuff but I think I'm doing the subnet segmenting wrong. guest wap users cant reach anything and my inside machine cant hit the guest WAP box itself so I can admin it.
Probably easiest just to start from scratch.
my inside lan is 192.168.98.x
I'd like the guest lan to be 192.168.97.x