Posted: Mon Nov 08, 2021 12:50 Post subject: DDWRT guest network
Hello,
I have a DDWRT ifrmware based linksys e3000 with lan connected to my modem from my provider. The version I use is "Firmware: DD-WRT v3.0-r47608 mega (10/28/21)".
Config of the DDWRT router is as follow :
- two wireless networks in bridged mode
- dhcp is disabled
- wan port is connected to the internetmodem by cable
- operation mode is Router
I followed this https://wiki.dd-wrt.com/wiki/index.php/Wireless_Access_Point during the installation
Joined: 08 May 2018 Posts: 14222 Location: Texas, USA
Posted: Mon Nov 08, 2021 15:58 Post subject:
That info will be on the main router status page. I don't think the linked information in the upper right corner for firmware revision will show that in the popup? _________________ "Life is but a fleeting moment, a vapor that vanishes quickly; All is vanity"
Contribute To DD-WRT Pogo - A minimal level of ability is expected and needed... DD-WRT Releases 2023 (PolitePol)
DD-WRT Releases 2023 (RSS Everything)
----------------------
Linux User #377467 counter.li.org / linuxcounter.net
I followed the directions from the word document section "Separate (unbridged) VAP".
I disabled network isolation because that does not work.
Added dhcp to wl0.1.
Then followed these instructions :
VAP on WAP
If you place the unbridged VAP on a wireless access point (a secondary router with a disabled WAN, no DHCP and on the same subnet as a the primary router) then you have to add the following rule to the firewall in order to get internet access from the VAP.
In the web-interface of the router: Administration/Commands save Firewall:
iptables -t nat -I POSTROUTING -o br0 -j SNAT --to $(nvram get lan_ipaddr)
Net Isolation does not work on a WAP so just keep it disabled and add the following line to the firewall:
iptables -I FORWARD -i wl0.1 -d $(nvram get lan_ipaddr)/$(nvram get lan_netmask) -m state --state NEW -j REJECT
For isolating the WAP itself from the guest network:
iptables -I INPUT -i wl0.1 -m state --state NEW -j REJECT
iptables -I INPUT -i wl0.1 -p udp -m multiport --dports 53,67 -j ACCEPT
(note: not all firmwares have the multiport directive)
Here are the sesstings from my VAP fot guest network.
Can someone explain why under status/lan the dhcp range shown is from 192.168.1.100 to 192.168.1.149 and not from 192.168.20.100 to 192.168.20.149 ?
My clients don't get ip-adresses when connecting to the vap guste network.[/code]
The GUI command box is hit or miss when it comes to running commands like this. The "sleep 20" probably defeats it.
Save as Startup
reboot
Is this not the range for your lan as defined at Setup>Basic Setup>Network Address Server Settings (DHCP)?
DHCP server of ddwrt router is disabled (WAN port disabled, outer internet provider connected with cable). DHCP server is router internet provider.
See attachment for commands Administration/commands.
Joined: 08 May 2018 Posts: 14222 Location: Texas, USA
Posted: Tue Nov 09, 2021 17:04 Post subject:
1) You have to be careful how you copy and paste into the webUI.
2) Syntax and escape characters do apply as far as the webUI functionality. What works via telnet/ssh doesn't always work via that input box, save and except for saving scripts. _________________ "Life is but a fleeting moment, a vapor that vanishes quickly; All is vanity"
Contribute To DD-WRT Pogo - A minimal level of ability is expected and needed... DD-WRT Releases 2023 (PolitePol)
DD-WRT Releases 2023 (RSS Everything)
----------------------
Linux User #377467 counter.li.org / linuxcounter.net
Note: I don't know this device's switch/cpu architecture (the WAN might be a special switch port, different switch, or on the cpu itself), but you could be limiting your speed/latency if connecting (a non-gateway) via WAN. I only use WAN ports for lower speed/importance things (doorbell cam, A/V Rx to stream Pandora, testing older 100Mb PCs, telnet/ssh admin access, etc). If you know the architecture and that it isn't an issue, then nm me. _________________ #NAT/SFE/CTF: limited speed w/ DD#Repeater issues#DD-WRT info: FAQ, Builds, Types, Modes, Changes, Demo#
OPNsense x64 5050e ITX|DD: DIR-810L, 2*EA6900@1GHz, R6300v1, RT-N66U@663, WNDR4000@533, E1500@353,
WRT54G{Lv1.1,Sv6}@250|FreshTomato: F7D8302@532|OpenWRT: F9K1119v1, RT-ACRH13, R6220, WNDR3700v4
Note: I don't know this device's switch/cpu architecture (the WAN might be a special switch port, different switch, or on the cpu itself), but you could be limiting your speed/latency if connecting (a non-gateway) via WAN. I only use WAN ports for lower speed/importance things (doorbell cam, A/V Rx to stream Pandora, testing older 100Mb PCs, telnet/ssh admin access, etc). If you know the architecture and that it isn't an issue, then nm me.
Reset the router, and created a new guest network with the dnsmasq option. No Firewall settings in administration/commands.
This is the dnsmasq entry :
interface=wl0.1
dhcp-option=wl0.1,3,192.168.10.1
dhcp-option=6,192.168.178.1,84.116.46.22,84.116.46.23
dhcp-range=wl0.1,192.168.10.100,192.168.10.200,255.255.255.0,12h
The ip-address of the vap is 192.168.10.1
The ip-address of the internet router is 192.168.178.1
Clients of guest network get an ip-adres but no internet.
Any suggestions?
Joined: 08 May 2018 Posts: 14222 Location: Texas, USA
Posted: Sat Nov 13, 2021 23:23 Post subject:
Why are you passing the upstream router IP as a DNS server? Do you still have E3000 WAN connected to upstream router's LAN? This may not work, might require LAN to LAN. Do the main AP interfaces work properly? Wondering if you need to set upstream router IP as gateway (option 3)...
That "DNSMasq method" makes me wonder if the process of a WAP configuration is counter-intuitive and should be done in a specific order so that disabling the WAN is the last step. _________________ "Life is but a fleeting moment, a vapor that vanishes quickly; All is vanity"
Contribute To DD-WRT Pogo - A minimal level of ability is expected and needed... DD-WRT Releases 2023 (PolitePol)
DD-WRT Releases 2023 (RSS Everything)
----------------------
Linux User #377467 counter.li.org / linuxcounter.net