Posted: Sun Jul 10, 2016 0:46 Post subject: Access restrictions don't work on different subnet (VAP)
DD-WRT v3.0-r29825M kongmv (06/04/16)
Greetings,
I am trying to apply access restrictions to a different subnet (192.168.2.x). This subnet is setup as a VAP that is fully functional. I have tried the same restrictions on the 192.168.1.x range and they work fine. It seems that the restrictions cannot see the other range. The GUI only has filter entries for 192.168.1.x.
Could you do a custom IP Tables rule to accommodate what you are needing to accomplish? I have not tried it personally, but an allow all rule for weekedays (mon-fri) between 8am-5pm could look something like:
$IPTABLES -A INPUT -s 192.168.2.0/24 -m state --state NEW -m time --timestart 08:00 --timestop 17:00 --days Mon,Tue,Wed,Thu,Fri -j ACCEPT
$IPTABLES -A OUTPUT -s 192.168.2.0/24 -m state --state NEW -m time --timestart 08:00 --timestop 17:00 --days Mon,Tue,Wed,Thu,Fri -j ACCEPT
$IPTABLES -A FORWARD -s 192.168.2.0/24 -m state --state NEW -m time --timestart 08:00 --timestop 17:00 --days Mon,Tue,Wed,Thu,Fri -j ACCEPT
This way you can specify any network you need. Not sure, but it sounds like the GUI is tied to the same network as it's on.
Thanks with the help on my other thread. I was able to make a little headway using the instructions here... however, I can still access the gateway IP. So that doesn't really accomplish what I need it to. "Net Isolation" doesn't do what it purports.
It prevents two wireless clients from talking to each other.
I was under the impression that's what AP isolation did:
link to thread
Either way... I want clients on the guest VAP to be isolated from each other and from the admin page of the router. Right now, from the guest VAP I can access both 10.0.0.1 (WAN IP) and 10.0.1.1 (VAP IP)... they direct to the same page.