multiple sub-nets on a single wifi router?

[doug_porsche]

Quick/Dumb question time as I am probably worried about nothing that matters.

I am managing multiple devices that I would like to break off into two different sub-nets.
Really don’t see a need for the DVR/TV or my WIFI printer to have access to the NAS array.

I think the answer is “no” but…
Is there a way to setup a gargoyle wifi routing to have multiple DHCP sub-net masks?

I basically want to setup two subnets for use with both wired and wifi, using DHCP with Assigned IP address.
One that cannot see the NAS array, but can see the internet and the other devices in this sub-net (subnet 255.255.255.128) example, my TV
One that can see the NAS array, can see the internet and all devices other sub-net (subnet 255.255.255.0) example, my Laptop

Simple (paranoid) test case
I want my laptop to be able to access the NAS and the wifi printer, but I don’t want the (here is the paranoia part) wifi printer to be able to access the NAS

Is this possible with a single wifi router running Gargoyle?

[Lantis]

In theory, yes. But only if you set up everything by command line and then make no modifications to the GUI.
Most of Gargoyles monitoring and quota features would probably stop working as well.

The closest thing you can get using the GUI is a guest wifi network. This is designed to not allow any guests access to any of the rest of the network, just the internet.

A simpler method than using subnets, although I don’t know if it is possible because they are on the same interface, is to use ebtables to block specific access to those devices. This is how the guest wifi does it, but it had the advantage of a defined separate interface to hang rules against. This method if you can make it work will have minimal interference with Gargoyle features.
But I’m almost 100% sure that ebtables can’t operate on traffic within the LAN itself

[doug_porsche]

Thank you for the response.

Think I will take plan B.
I will add a second, cheap (currently under $30.00 US on ebay), NETGEAR WNDR3700v4
I will set that up to run Gargoyle, with the restrictive subnet mask.
Then I will have all IOT devices use the second router.

Best case, I will have the IOT devices isolated from the main network.

Worst case, I will have a lukewarm backup router.

Thanks again.

[robert7k]

Yes, it possible to achieve using openwrt VLANs/separate WLANs and to copy (by modifying files in etc/config/...) to gargoyle as well.
Easiest way to install openwrt on your router, do your setup (those subnets and their firewall settings), backup it's settings (backing up /overlay/... is the easiest way).
Then install gargoyle on the router, setup the primary connection via gargoyle GUI, modify the config files according to your setup from openwrt

I have a similar setup (with every port of the router as a different vlan subnet with different settings, most of them are connected to the internet but isolated between them, some of them can access certain IP/ports in other subnet as well. one of them is a guest network) .

The names of the primary network has to remain the same (otherwise gargoyle will overwrite it), gargoyle gui doesn't touch any of the other networks settings (you can configure them only via command line or by modifying the config files directly).
Gargoyle gui will not show most of the stuff related to the other subnets (they wouldn't be listed in your traffic, but they are counted in the totals, you can use their ip addresses for things such as qos)

I did a post how to setup a guest network with separate subnet (works much better than gargoyle way) some years ago.
viewtopic.php?f=5&t=8236&p=35036