I segmented my home network into 2 separate subnets LAN/IoT so that IoT devices cannot attack my PCs and smartphones if compromised.
Personal devices get assigned IPs in the range 10.1.1.1 - 10.1.1.254
IoT devices get assigned IPs in the range 10.2.2.1 - 10.2.2.254
Some mobile apps (for instance "Daikin Online Controller") discover the IoT devices by scanning the subnet they're in, looking for IPs that answer on specific ports to specific messages. In this example a specific HTTP GET on port 80.
It is now obvious that such method won't work if my personal device is not in the same subnet as the IoT devices it's looking for. It will only scan from 10.1.1.1 to 10.1.1.254 and will never interrogate a device whose address is (for instance) 10.2.2.50
What's the smartest way of implementing a "proxy" that when interrogated by the app on port 80 through the "LAN" subnet routes the packet to the "IoT" subnet?
My setup uses a VMWare esxi environment running pfSense and a FreshTomato home router that acts as managed switch and access point so I have plenty of options. I can set up a dedicated virtual machine if it needs be, or set up some script in the Tomato router or in pfSense.
Is this even a good idea? How else could I solve this?