Posted: Thu Oct 17, 2013 16:00 Post subject: PC can roam between 3 AP but it cant goes to the fourth AP!
i test by turning ON and OFF. things work fine for there AP running channel 1, 6 and 11 respectively. 4th AP running on channel 1. However when i off all 3 APs, it cant roam to the 4th AP...any other settings?
Clients usually roam based on AP signal strength. If you are putting AP's close together then you should lower their transmit power.
For the 4th AP, are you sure it has the same settings? Can clients connect to it if you reboot the AP and the client when the other 3 AP's are off? _________________ Read the forum announcements thoroughly! Be cautious if you're inexperienced.
Available for paid consulting. (Don't PM about complicated setups otherwise)
Looking for bricks and spare routers to expand my collection. (not interested in G spec models)
Posted: Sun Oct 27, 2013 9:57 Post subject: Re: Disable NAT on br2 but enable on br1. How?
deepoce wrote:
1)If i setup another wifi linked to br2 (17.16.X.X/16), can i disable NAT when traffic going out to br0? which means no NAT for br2, only routing!
currently all traffic from guest wifi (br1-10.1.1.X/24) are NAT when it goes out to br0.
You will have to set up routing on your main router to know about the new 17.16.0.0/16 subnet if you don't want it NAT'd. You can either do the same for br1 or change the NAT rule to include this: -s 10.1.1.0/24 _________________ Read the forum announcements thoroughly! Be cautious if you're inexperienced.
Available for paid consulting. (Don't PM about complicated setups otherwise)
Looking for bricks and spare routers to expand my collection. (not interested in G spec models)
Any idea how to modify my current config, so that traffic frm br2 -no NAT? because all traffic going out to br0 (example br1)are now NAT by this command, right?:
iptables -t nat -I POSTROUTING -o br0 -j SNAT --to `nvram get lan_ipaddr`
# Allow br1 access to br0, the WAN, and any other subnets (required if SPI firewall is on)
iptables -I FORWARD -i br1 -m state --state NEW -j ACCEPT
iptables -I FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
# Restrict br1 from accessing br0's subnet but pass traffic through br0 to the internet (for WAP's - WAN port disabled)
iptables -I FORWARD -i br1 -d `nvram get lan_ipaddr`/`nvram get lan_netmask` -m state --state NEW -j DROP
# Enable NAT for traffic being routed out br0 so that br1 has connectivity (for WAP's - WAN port disabled)
iptables -t nat -I POSTROUTING -o br0 -j SNAT --to `nvram get lan_ipaddr`
# Restrict br1 from accessing the router's local sockets (software running on the router)
iptables -I INPUT -i br1 -m state --state NEW -j DROP
# Allow br1 to access DHCP on the router
iptables -I INPUT -i br1 -p udp --dport 67 -j ACCEPT
# Allow br1 to access DNS on the router
iptables -I INPUT -i br1 -p udp --dport 53 -j ACCEPT
iptables -I INPUT -i br1 -p tcp --dport 53 -j ACCEPT
# Enable NAT for traffic being routed out br0 so that br1 has connectivity (for WAP's - WAN port disabled)
iptables -t nat -I POSTROUTING -o br0 -s 10.1.1.0/24 -j SNAT --to `nvram get lan_ipaddr`
_________________ Read the forum announcements thoroughly! Be cautious if you're inexperienced.
Available for paid consulting. (Don't PM about complicated setups otherwise)
Looking for bricks and spare routers to expand my collection. (not interested in G spec models)