VAP with 2 subnets, how to configure?

Post new topic   Reply to topic    DD-WRT Forum Index -> Advanced Networking
View previous topic :: View next topic  
Author Message
AlexisRobin
DD-WRT Novice


Joined: 14 Aug 2018
Posts: 2
PostPosted: Tue Aug 14, 2018 10:34    Post subject: VAP with 2 subnets, how to configure? Reply with quote
Hello, I'm getting there for some help because after several hours researching and testing stuff, I can't make my network work as I need to.

I attached a simple network diagram of what I need to achieve.

I have a Netgear WNR3500Lv2 router with DD-WRT v3.0-r27520M installed. No internet here, I'm making a local network.

I want to have my physical network and my wireless network working with 192.168.10.x adress range, and add a VAP with a DHCP giving adresses of 192.168.20.100 - 110 to "guests". These "guests" should have the ability to "talk" to the PC (192.168.10.30) but not to the rest of the .10.x network.

I managed to create my VAP, set 2 different SSIDs for wl0 and wl0.1, create passwords, create a br1 interface and a DHCP with .20.x range... but my subnets can't communicate. I managed to get the 192.168.10.30 computer ping the 192.168.20.1 bridge but not any client in the .20.1xx range...

If I can make this work, I also don't really know how to setup the firewall...

Any clue on that?
Back to top View user's profile Send private message
Sponsor
egc
DD-WRT Guru


Joined: 18 Mar 2014
Posts: 12884
Location: Netherlands
PostPosted: Tue Aug 14, 2018 12:37    Post subject: Reply with quote
Without having seen your firewall rules and assuming you have Net isolation enabled on the bridge the following firewall rule can restore a path to your PC
Code:
iptables -I FORWARD -i br1 -d 192.168.10.30/255.255.255.255 -j ACCEPT

_________________
Routers:Netgear R7000, R6400v1, R6400v2, EA6900 (XvortexCFE), E2000, E1200v1, WRT54GS v1.
Install guide R6400v2, R6700v3,XR300:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
Install guide R7800/XR500: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
Forum Guide Lines (important read):https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087
Back to top View user's profile Send private message
AlexisRobin
DD-WRT Novice


Joined: 14 Aug 2018
Posts: 2
PostPosted: Thu Aug 16, 2018 10:07    Post subject: Reply with quote
Ok thanks for the advices, I got it working!

In fact, it was my *dumb* windows which redirected my .20.x requests to another interface than the one I used to configure my router...

So now, with the firewall disabled, everyone can ping eachother, I've a DHCP only on my guest network, which is fine, but I must now setup my firewall.

For now, I've entered these rules (my .20.x network is on eth1) :

Quote:
#Prevent access to router from eth1
iptables -I INPUT -i eth1 -p tcp --dport telnet -j REJECT --reject-with tcp-reset
iptables -I INPUT -i eth1 -p tcp --dport ssh -j REJECT --reject-with tcp-reset
iptables -I INPUT -i eth1 -p tcp --dport www -j REJECT --reject-with tcp-reset
iptables -I INPUT -i eth1 -p tcp --dport https -j REJECT --reject-with tcp-reset


Now I want to block every communication from eth1 except when eth1 wants to join 192.168.10.30

You know how to setup it?
Back to top View user's profile Send private message
Display posts from previous:    Page 1 of 1
Post new topic   Reply to topic    DD-WRT Forum Index -> Advanced Networking All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum