question about connecing 2 routers to create separate lans

Post new topic   Reply to topic    DD-WRT Forum Index -> Advanced Networking
View previous topic :: View next topic  
Author Message
tpqnew
DD-WRT Novice


Joined: 03 Dec 2020
Posts: 47
PostPosted: Fri Dec 04, 2020 10:32    Post subject: question about connecing 2 routers to create separate lans Reply with quote
Hi, I've connected to routers (router 1 lan --> router 2 wan) in order to create 2 separate networks.

My problem is that I can still ping from devices on lan2 to devices on lan1

my setup is:
router 1 : connected to the internet. ip 192.168.0.1, mask 255.255.255.0
router 2 : connected to router 1 via cable lan->wan
dhcp enabled. ip 192.168.1.1, dns & gateway: 192.168.0.1, mask 255.255.255.0

How can I prevent devices on router2 to see devices on router1?

Thanks
Back to top View user's profile Send private message
Sponsor
egc
DD-WRT Guru


Joined: 18 Mar 2014
Posts: 12877
Location: Netherlands
PostPosted: Fri Dec 04, 2020 15:44    Post subject: Reply with quote
Try the following:
Code:
iptables -I FORWARD -d $(nvram get wan_ipaddr)/$(nvram get wan_netmask) -m state --state NEW -j REJECT


Administration/Commands Save Firewall but first test form CLI
_________________
Routers:Netgear R7000, R6400v1, R6400v2, EA6900 (XvortexCFE), E2000, E1200v1, WRT54GS v1.
Install guide R6400v2, R6700v3,XR300:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
Install guide R7800/XR500: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
Forum Guide Lines (important read):https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087
Back to top View user's profile Send private message
tpqnew
DD-WRT Novice


Joined: 03 Dec 2020
Posts: 47
PostPosted: Fri Dec 04, 2020 19:21    Post subject: Reply with quote
Thanks.
I thought the default behavior was that each subnet is isolated :/
Back to top View user's profile Send private message
eibgrad
DD-WRT Guru


Joined: 18 Sep 2010
Posts: 9157
PostPosted: Fri Dec 04, 2020 20:33    Post subject: Reply with quote
tpqnew wrote:
Thanks.
I thought the default behavior was that each subnet is isolated :/


The router doesn't prevent access between subnets (networks) that are behind the same WAN. Not unless you enable Net Isolation on the network interface(s), or define your own firewall rules.

When it comes to anything over the WAN, it's fair game. The router doesn't know the difference between being the primary router and needing to access the internet over its WAN, vs. being daisy-chained behind the primary router and having similar upstream access. It's up to YOU to make that distinction and apply appropriate firewall rules.
Back to top View user's profile Send private message
Display posts from previous:    Page 1 of 1
Post new topic   Reply to topic    DD-WRT Forum Index -> Advanced Networking All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum