Posted: Sun May 09, 2021 3:42 Post subject: Two Routers - trying to set up guest network on 2nd router
I have a 2 router setup. Router 1 is Verizon FIOS, has primary Internet connection, running DHCP. Router 2 is Buffalo WZR-300HP with DD-WRT ver v3.0-r30356, no DHCP. All works fine as one network. Trying to set up guest network on Buffalo. Used the instructions in Guest WiFi + Abuse Control For Beginners wiki. Created virtual interface, enabled NAT, enabled Net Isolation, set up as unbridged with new IP range, enabled DHCPd for new interface. Device connecting to new guest network gets IP address but no Internet. I suspect this is because the Internet connection is coming from the FIOS router and I did not give the guest network access to my network to get to the FIOS router. Does anyone know how to get Internet access for the guest network without giving access to my network in this situation?
I do have a guest network on the FIOS router that works, but my guest is closer to the Buffalo router and I want to get him a stronger signal.
Given the second router is NOT using a DHCP server, I have to assume it's connected LAN to LAN wrt the primary router (a detail you didn't mention, but a very important distinction).
The router always assumes a *routed* configuration (i.e., active WAN). But when you convert it to a bridged device (i.e., no active WAN), certain things no longer work. For example, NAT/Masquerade. That option only NATs over the WAN. But in a bridged configuration, the guest network (let's assume that's wl0.1) needs to be NAT'd over the *private* network (br0).
Also, in a bridged configuration, guests have to traverse the private network in order to reach the WAN of the primary router (something NOT true in a routed configuration). So you need to allow the traversal (by NOT enabling Net Isolation), while denying access to specific resources.
Code:
iptables -I FORWARD -i wl0.1 -d $(nvram get lan_ipaddr)/$(nvram get lan_netmask) -j REJECT
