V-Lan Netze trennen

Post new topic   Reply to topic    DD-WRT Forum Index -> Broadcom SoC basierende Hardware
Author Message
psysmile
DD-WRT Novice


Joined: 26 Apr 2021
Posts: 4

PostPosted: Mon Apr 26, 2021 15:52    Post subject: V-Lan Netze trennen Reply with quote
Hallo zusammen,

ich nutze einen WRT54GL zur Bereitstellung eines Hotspots mit Voucher (über externen Dienstleister), damit Gäste kostenlosen Zugriff aufs Internet haben.
Da nach knapp 10 Jahren das Gerät leider defekt ging, kaufte ich das gleich Modell wieder.
"Leider" gibt es die damals eingesetzte DD-WRT Version nicht mehr [DD-WRT v24-sp2 (10/10/09) std svn 13064].
Nach ausgiebiger Recherche im Forum war auch klar warum. Also suchte ich nach einer neuen Version zum Aufspielen.
Da das Thema vielfach diskutiert wurde, entschied ich mich letztendlich für die Version [DD-WRT v3.0-r46177 std-special (03/26/21)] welche auch bei mir bisher gut funktionierte.
Wie empfohlen habe ich dann die mir bekannte "alte" Konfiguration händisch übertragen.

Der Hotspot mit seinen Funktionen ist wieder in Betrieb und funktioniert.
ABER über das WLAN sowie den Port 4 habe ich nach erfolgreichem einloggen mittels "Voucher Code" Zugriff auf die privaten Netze.
Und das möchte ich gerne unterbinden. Jedoch hat jeder Versuch (z.B. Net Isolation) kein Erfolg gebracht. Optimalerweise sollen die eingeloggten Geräte keine Kommunikation untereinander erhalten, keinen Zugriff auf die Routeroberfläche sowie nicht auf die privaten Netze kommen. Lediglich vom Netz 192.168.6.X heraus ins Internet.
Der Wunsch von "außen", also über den WAN Port auf den Router zum Konfigurieren zu kommen, besteht. Das geht auch momentan.
Der WRT54GL wird von einer Fritzbox über den WAN Port versorgt.

Daher wende ich mich nun an die Experten in der Runde und bitte freundlichst um Hilfe.

Angehängt die Screenshots meiner bisherigen Konfiguration.

Herzlichen Dank und viele Grüße
psysmile



Config.zip
 Description:

Download
 Filename:  Config.zip
 Filesize:  1.88 MB
 Downloaded:  274 Time(s)

Sponsor
egc
DD-WRT Guru


Joined: 18 Mar 2014
Posts: 12837
Location: Netherlands

PostPosted: Mon Apr 26, 2021 16:05    Post subject: Reply with quote
I have not looked at all your pictures, but at least you have to give br1 an IP address e.g. 192.168.6.1/24

Save/Apply and probably you need to reboot

After that on the same page on the bottom add a DHCP server for br1

Further more under static DNS add a DNS server like 1.1.1.1 or 9.9.9.9 or whatever you want

My German is OK but my English is better so apologies that I do not answer in German

_________________
Routers:Netgear R7000, R6400v1, R6400v2, EA6900 (XvortexCFE), E2000, E1200v1, WRT54GS v1.
Install guide R6400v2, R6700v3,XR300:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
Install guide R7800/XR500: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
Forum Guide Lines (important read):https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087
psysmile
DD-WRT Novice


Joined: 26 Apr 2021
Posts: 4

PostPosted: Mon Apr 26, 2021 19:28    Post subject: Reply with quote
Hi egc,

thanks for your input.
I've done your additional setup, but without success.
With the DHCP for br1 the clients have now direct access to see the network. connection to internet is "sometimes" possible without login. strange.
by the way: the dhcp server is not necessary in my opinion because this will be set from Hotspot service.

Do you have any other ideas?
egc
DD-WRT Guru


Joined: 18 Mar 2014
Posts: 12837
Location: Netherlands

PostPosted: Tue Apr 27, 2021 10:26    Post subject: Reply with quote
Right, you are using Chilispot, no expert in that department but I think it does the DHCP so you should not need a DHCPD server, br1 might need an IP address though, make it something in the subnet like 192.168.6.2.
But I am not sure of that either.

To make sure every subnet has a way out add this:
Code:
iptables -t nat -I POSTROUTING -o $(get_wanface) -j MASQUERADE


First test from CLI (telnet/Putty) and if working add to Administration/Commands Save Firewall

_________________
Routers:Netgear R7000, R6400v1, R6400v2, EA6900 (XvortexCFE), E2000, E1200v1, WRT54GS v1.
Install guide R6400v2, R6700v3,XR300:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
Install guide R7800/XR500: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
Forum Guide Lines (important read):https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087


Last edited by egc on Tue Apr 27, 2021 15:20; edited 1 time in total
psysmile
DD-WRT Novice


Joined: 26 Apr 2021
Posts: 4

PostPosted: Tue Apr 27, 2021 15:04    Post subject: Reply with quote
I cant connect via ssh or telnet. user and pass did not fit. strange.
however, I copied your command and put it by risk in the Admin/Command and saved to firewall

but this is still not working. Access from vlan to "wan" is possible.

One question: is it necessary to switch on the "SPI Firewall" under security?
kernel-panic69
DD-WRT Guru


Joined: 08 May 2018
Posts: 14126
Location: Texas, USA

PostPosted: Wed Apr 28, 2021 3:43    Post subject: Reply with quote
Username for telnet or ssh is always root, if either are enabled under services tab. I don't know why you wouldn't have the SPI firewall enabled.
_________________
"Life is but a fleeting moment, a vapor that vanishes quickly; All is vanity"
Contribute To DD-WRT
Pogo - A minimal level of ability is expected and needed...
DD-WRT Releases 2023 (PolitePol)
DD-WRT Releases 2023 (RSS Everything)

----------------------
Linux User #377467 counter.li.org / linuxcounter.net
psysmile
DD-WRT Novice


Joined: 26 Apr 2021
Posts: 4

PostPosted: Wed Apr 28, 2021 8:10    Post subject: Reply with quote
ok, I have enabled it. it's still not working.
kernel-panic69: to your question -> I deactivated it in the past because I could not connect to router from wan side. now connection via browser is working.

thx, I could connect via ssh with user root Smile
Display posts from previous:    Page 1 of 1
Post new topic   Reply to topic    DD-WRT Forum Index -> Broadcom SoC basierende Hardware All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum