Author
Message
Spotting6528 DD-WRT Novice Joined: 25 Mar 2023 Posts: 7
Posted: Sat Mar 25, 2023 5:31 Post subject: [SOLVED]netgear r6300v1 WAP with guest network setup
Hello, I have tried to setup the above by following the wiki here and this guide here . While my regular network functions normally and my guest network has working internet and DNS, I am able to reach clients on my regular network from my guest network. I'm unsure why this is, the only major difference was that I connected my physical 2.4ghz radio as the guest network provider instead of creating a virtual AP.
Back to top
Sponsor
egc DD-WRT Guru Joined: 18 Mar 2014 Posts: 12915 Location: Netherlands
Back to top
Spotting6528 DD-WRT Novice Joined: 25 Mar 2023 Posts: 7
Posted: Sat Mar 25, 2023 16:26 Post subject:
I am running r51729.
No virtual AP. Instead I'm just trying to use the physical 2.4ghz radio. These are my current commands saved to firewall:
iptables -t nat -I POSTROUTING -o br0 -j SNAT --to $(nvram get lan_ipaddr)
iptables -I FORWARD -i wl0 -d $(nvram get lan_ipaddr)/$(nvram get lan_netmask) -m state --state NEW -j REJECT
iptables -I INPUT -i wl0 -m state --state NEW -j REJECT
iptables -I INPUT -i wl0 -p udp --dport 67 -j ACCEPT
iptables -I INPUT -i wl0 -p udp --dport 53 -j ACCEPT
iptables -I INPUT -i wl0 -p tcp --dport 53 -j ACCEPT
With this, I am still able to access my main network LAN clients from my guest network.
The only bridge on my network is br0, which has the my LAN ethernet and vlan2 on it (since WAN is disabled).
Back to top
egc DD-WRT Guru Joined: 18 Mar 2014 Posts: 12915 Location: Netherlands
Back to top
Spotting6528 DD-WRT Novice Joined: 25 Mar 2023 Posts: 7
Posted: Sat Mar 25, 2023 17:31 Post subject:
Thank you, here are the commands and their output:
iptables -vnL FORWARD:
Chain FORWARD (policy ACCEPT 49 packets, 13414 bytes)
pkts bytes target prot opt in out source destination
0 0 REJECT all -- wl0 * 0.0.0.0/0 192.168.2.0/24 state NEW reject-with icmp-port-unreachable
iptables -vnL INPUT:
Chain INPUT (policy ACCEPT 429 packets, 83785 bytes)
pkts bytes target prot opt in out source destination
0 0 ACCEPT tcp -- wl0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:53
0 0 ACCEPT udp -- wl0 * 0.0.0.0/0 0.0.0.0/0 udp dpt:53
0 0 ACCEPT udp -- wl0 * 0.0.0.0/0 0.0.0.0/0 udp dpt:67
0 0 REJECT all -- wl0 * 0.0.0.0/0 0.0.0.0/0 state NEW reject-with icmp-port-unreachable
iptables -t nat -vnL:
Chain PREROUTING (policy ACCEPT 103 packets, 8579 bytes)
pkts bytes target prot opt in out source destination
Chain INPUT (policy ACCEPT 71 packets, 3861 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 7 packets, 431 bytes)
pkts bytes target prot opt in out source destination
Chain POSTROUTING (policy ACCEPT 1 packets, 60 bytes)
pkts bytes target prot opt in out source destination
16 1047 SNAT all -- * br0 0.0.0.0/0 0.0.0.0/0 to:192.168.2.2
192.168.2.0/24 is my main subnet (the same subnet the router and the AP are on).
Back to top
ho1Aetoo DD-WRT Guru Joined: 19 Feb 2019 Posts: 3002 Location: Germany
Posted: Sat Mar 25, 2023 17:46 Post subject:
And which IP address and which subnet does the WLAN interface have?
On broadcom routers, the interface names are also strange, WLAN is actually an eth* interface.
Back to top
Spotting6528 DD-WRT Novice Joined: 25 Mar 2023 Posts: 7
Posted: Sat Mar 25, 2023 17:51 Post subject:
Thank you, how do I find that out? If WLAN is the guest network then it is on wl0 (eth1) with 192.168.3.1/24.
Back to top
egc DD-WRT Guru Joined: 18 Mar 2014 Posts: 12915 Location: Netherlands
Back to top
ho1Aetoo DD-WRT Guru Joined: 19 Feb 2019 Posts: 3002 Location: Germany
Back to top
Spotting6528 DD-WRT Novice Joined: 25 Mar 2023 Posts: 7
Posted: Sat Mar 25, 2023 18:48 Post subject:
Here, I thought this might be easier to read.
Description:
Download
Filename:
Networking.pdf
Filesize:
254.81 KB
Downloaded:
32 Time(s)
Description:
Download
Filename:
Routing.pdf
Filesize:
272.4 KB
Downloaded:
24 Time(s)
Description:
Download
Filename:
Setup.pdf
Filesize:
257.24 KB
Downloaded:
23 Time(s)
Back to top
Spotting6528 DD-WRT Novice Joined: 25 Mar 2023 Posts: 7
Posted: Sat Mar 25, 2023 18:50 Post subject:
And the rest. Let me know if you need anything else.
Description:
Download
Filename:
Services.pdf
Filesize:
272.91 KB
Downloaded:
31 Time(s)
Description:
Download
Filename:
Advanced Wireless Settings.pdf
Filesize:
331.48 KB
Downloaded:
43 Time(s)
Description:
Download
Filename:
Wireless.pdf
Filesize:
237.73 KB
Downloaded:
41 Time(s)
Back to top
egc DD-WRT Guru Joined: 18 Mar 2014 Posts: 12915 Location: Netherlands
Back to top
egc DD-WRT Guru Joined: 18 Mar 2014 Posts: 12915 Location: Netherlands
Back to top
Spotting6528 DD-WRT Novice Joined: 25 Mar 2023 Posts: 7
Posted: Sun Mar 26, 2023 1:44 Post subject:
egc wrote: I reviewed your setup and it is looking good.
It looks like the only alteration you have to make is to use eth1 instead of wl0 and Bob's your uncle
Thank you so much, that did indeed fix the problem! I guess I should have realized that earlier when you mentioned interfaces.
Back to top