Hello all,
I’m wondering if its possible to restrict access to chromecast device ( chromecast 2 ) on wifi network. Device it self don’t have any setting regarding security or limiting access, it will accept cast from anybody on network ( who thought this was good idea ?!? 
)
So I setup infinite lease so the IP is always the same for the device and two PCs on the network. Now… how do I limit traffic so only connections from two PCs can reach the chromecast device IP ?
Thanks.
So I tried some rules:
Any traffic
From any host in any zone
To IP 192.168.1.150 in any zone
Discard forward
( thats the IP of the chromecast device ) by my understanding that should block all trafic to it… well guess not 
This is bit infuriating :-/ I set this rule:
Any traffic
From any host in lan
To IP 192.168.1.200 in lan
Discard forward
Which should mean any PC in LAN zone ( so internal NW ) should not be able contact IP above… but zero F. given by router… the traffic is going on line nobody’s business…
I’m no networking expert, but what if you put the chromecast on a different subnet or define a different network for it, and then either use the firewall to allow those two pc’s to communicate with that subnet/network or define routes on the pc’s to that subnet?
that might actually work, will try. But I’m confused about the Firewall traffic rules, it looks like they have no effect…
Welcome to the world of „Plug-and-Play“ internet devices, whose only security model is based on sharing subnet with other devices.
The only way you can restrict access to only certain devices is to put those certain devices into same subnet as the Chromecast device. Since it uses some sort of broadcast/multicast discovery, such arrangement would be sufficient enough, because other users in different subnet would not discover the presence of the Chromecast.
Well, the firewall applies to traffic going from one zone to another. It doesn’t do anything to traffic staying in the same zone.
And it would be actually quite hard (and inefficient) to do it otherwise. The firewall is done in the CPU, but LAN is switched in a switch chip even before going into the CPU.
Thats what I’m finding out now, I thought that FW is controlling all traffic inside each zone. Guess I have to create new “zone” and firewall rule them between Zone LAN and new “Chrome cast” zone…
Edit: looking at it now, but its not that simple as I thought 
Any direction how to set it up with LuCI would be greatly appreciated. I’m not NW guy, I know the basics but this wasn’t covered 
hahaha
You’re not going to be able to control traffic within the same subnet, that traffic doesn’t go through the firewall.
What you could do is create another subnet or DMZ and put your casts into them. Then set up rules controlling what devices in your primary subnet can talk to devices in the cast subnet by MAC address effectively locking it down to specific devices regardless of what IP address they are.
At least, that’s how I’d set it up.
But how to do it, the device is connected via Wifi, is it possible to create subnet within wifi without affecting the rest of connected devices ?
OOO I might be onto something, what about setting guest wifi ( thats on separated subnet ) and then do the firewall tango so only one PC can talk to the other device… will try tomorrow at work 
If you are in LuCI you can add additional wireless networks to the existing radios. I haven’t personally tested it, it depends on the hardware to support it, but it looks like the unit is capable. It’s a pretty common task for consumer routers, I don’t see why the Omnia wouldn’t include it.
I don’t see the option to set this up in the easy interface.
Yea, two wifi can be run on same wifi card ( same channel ) if the HW can cope with it. I will try it tomorrow, it would solve the issue for quite nicely and I can add other chromecast devices and let specific PCs control which one I want.
I’m reading this manual now: https://wiki.openwrt.org/doc/recipes/guest-wlan-webinterface