Posted: Mon Sep 17, 2007 2:43 Post subject: DMZ or some other way.
Ok. i want to setup a second wireless access point to give free internet to people in my building, however i dont want them to have access to MY network. The second accesspoint is actually a router that i was going to set as a DMZ host, but DMZ doesnt work how i thought it should, well,f like this http://en.wikipedia.org/wiki/Demilitarized_zone_(computing) DMZ is supposed to open all ports from the internet to the DMZ host, and is supposed to BLOCK all access to the local network FROM the DMZ, yet the local and internet have access to DMZ. That would have been perfect for what i want to do, is there some other way to set it up similar to that. I dont want to mess with my built in wirless for the free one, i want to use an external AP for the free net.
part of the problem is the lack of a meaningful firewall GUI in the dd-wrt firmware. i'll save that debate for another and place though.
DMZ has different meanings for different products. For most home equipment that I've used, it's simply meant that all incoming ports get forwarded to the DMZ IP unless otherwise specified. I've not seen LAN/DMZ seperation. Higher end stuff like zywall routers have dedicated DMZ ports and let you configure explicit rules regarding DMZ and internal network interactions.
You might try looking into putting the second AP onto a seperate subnet or vlan ... at that point you could also try looking into using IPTABLE commands to prevent communication between the two. I'd be more specific but I really don't have that good of an idea about what I'm talking about at this point
Joined: 07 Jun 2006 Posts: 145 Location: Jackson, TN
Posted: Mon Sep 17, 2007 11:02 Post subject:
I think you are trying it backwards?
Set the public access router as the primary router. Then set up your network on the second router with the second router in a DMZ of the primary router.
Setting your network in a DMZ of the primary router makes VPN access to your network from the Internet easier.
Posted: Mon Sep 17, 2007 12:18 Post subject: bass akwards
Yea i know i SHOULD use the primary router as MY wireless net.. But there has to be a way maybe in vnet? maybe isolate say network jack 4 to the free wireless AP and bridge it only to the WAN? but im not to swift with messing with vnet, haha i killed my net access last time i tried what seemed to make sense.. ok so just in case anyone doesn't understand what im trying to do...
(DSL)----(dd-wrt router with MY WIRELESS)------(free router for others)
I want the dd-wrt to be the main router for my lan, wired and wireless. I want the free router to have access to the DSL but NOT my lan.
Joined: 07 Jun 2006 Posts: 145 Location: Jackson, TN
Posted: Mon Sep 17, 2007 16:37 Post subject:
Why do you want to do it this way:
(DSL)----(dd-wrt router with MY WIRELESS)------(free router for others)
Instead of this way:
(DSL) ----(free router for others) ---(DD-wrt router with MY WIRELESS)
In the first case, the free router is behind your firewall exposing your network to attack. In the second case, your network is safely behind the firewall.
well, because im a complete idiot and didn't think of the simplest fix. KISS Keep it simple stupid! I could set my existing router (my network) as the DMZ host on the free router, problem solved... huh..... geeze. I guess my only worry would be now i would have a higher risk of loosing my network if either router was to go flaky, but its better than people mapping my C$. :-)
