I have a soekris net4511 setup as a wireless access point (LAN -> wi0:
192.168.89.1) and wired to another router as the WAN (WAN -> sis0:
192.168.1.67). I am not using the eth1 port.
When I connected wirelessly and was given a 192.168.89.x address, I was
able to browse the Local area lan in the 192.168.1.x subnet. I need to have
wireless clients only be able to get to the internet (e.g., 192.168.89.x ->
192.168.89.1 -> 192.168.1.1 -> Internet) and not be able to see any other
machines or addresses on the 192.168.1.x subnet.
What firewall rule would I use to stop clients on the LAN (192.168.89.x)
subnet from seeing machines on the WAN subnet (192.168.1.x) but still be
able to get routed out to the Inet?
Is this what the "block private ip" setting is for?