Posted: Mon Sep 18, 2023 23:53 Post subject: Help Getting a Guest Wifi Subnet Working Properly
I have a home network with a bunch of services running. What I want to do is create a guest network separate from my main network so devices on the guest network cannot access my services. I'm having a bit of trouble configuring it successfully. So far this is what I have done:
I have a Netgear Nighthawk R7000 Router running DD-WRT v3.0-r44715 std
Under Setup > Basic Setup I have a Local IP of 192.168.1.1, Subnet Mask of 255.255.255.0 and a Local DNS specified pointing to a pi-hole server. The pi-hole server serves DHCP so the DHCP server on the router is turned off.
Under Wireless > Basic Settings I have wl0 set, it's in bridged mode with the LAN, and I have a virtual interface wl0.1 set up in unbridged mode with an IP address of 192.168.2.1 and Subnet Mask of 255.255.255.0.
Under Setup > Advances Routing I created a route with a Destination LAN NET of 192.168.1.0, Subnet Mask of 255.255.255.0, Gateway of 192.168.2.1, and Interface on LAN & WAN.
Under Services > Dnsmasq > Additional Dnsmasq Options I have
interface=wl0.1
dhcp-option=wl0.1,3,192.168.2.1
dhcp-range=wl0.1,192.168.2.2,192.168.2.255,255.255.255.0,24h
Finally, under Administration > Commands, saved in the firewall so far I have
iptables -I FORWARD -s 192.168.2.0/24 -j ACCEPT
Ideally what I would like to do is set up another pi-hole server to serve as a seperate DNS/DHCP server for the guest 192.168.2.0 subnet; eventually I want to set up a captive portal on the guest subnet. Also like I mentioned I don't want devices on the guest subnet to use the main subnet's DNS server or communicate with my services on it. Both subnets still need to reach the Internet obviously. So far devices on both subnets can obtain an IP address and connect to the Internet, but devices on the different subnets can communicate with each other and devices on the guest network can reach services on my main subnet which is not what I want.
I fell like I'm close but still missing a few pieces. I don't have a very thorough understanding of iptables and how it works, but I'm pretty sure I'm missing a few commands, but I'm not sure what they would be. As far as setting up a second pi-hole to serve as DNS/DHCP for the guest subnet, I'm not sure how to go about that either. Right now the guest subnet is getting its DHCP leases from Dnsmasq. I have a second pi-hole server running. It's connected the the guest subnet. I'm not sure how to tell the subnet in DD-WRT to use the pi-hole address for DNS/DHCP instead of Dnsmasq.
I'm still learning how to use all of DD-WRT's features so any help to get this working would be greatly appreciated! I tried to be as thorough as possible with my post but if I left out any key information please let me know. Thank you!
