On 9/16/05, Josh Hyles <josh dot maillists at gmail dot com> wrote:
> Right, but how do you do that exactly? and is a DMZ really the best way? I
> still want people on the wifi to be protected by the firewall and such, and
> I want to allow access to just the printer on the LAN
Depending on how you look at it, teminology-wise it's not
"technically" a DMZ. you aren't going to be opening anything into it
from the Internet. But you do want to protect your LAN from that
segment. semantics aside...
That's exactly right, setup that OPT/DMZ/wireless/'whatever you want
to call it' interface on another IP subnet, throw in an allow rule to
allow any to destination "not LAN subnet", and you're set.
To simplify the setup, bridge the wireless AP over to the OPT
interface rather than trying to route or NAT it over.