Posted: Wed Nov 13, 2013 19:46 Post subject: WRT54G v5 Guest Network
WRT54G v5 running DD-WRT v24RC-7
This was hastily set up to provide a guest wireless network for vendors/clients to use while visiting our office. However, the way it was setup was an open, non-secure wireless network with access to our corporate network. IE, our servers were pingable. This is obvious bad.
So you can already imagine the obvious, that I need to set this up as its own isolated guest network. I have 2 ISPs that are routed through the same router. For the purpose of this post, the one I need to use is routed through 192.168.100.253 on my router, this is a Comcast connection and will be used.
This is the first time I've ever used DD-WRT. I just need a couple of pointers here on how to isolate this wireless network to where I cannot ping or access anything on the corporate network. I want *ALL* traffic to be routed to the gateway 192.168.100.253 and the device's IP address will be set static to 192.168.100.252, for example. I'm assuming some subnetting here with /32. I will be setting the DNS to public DNS as well.
See the multiple wlans guide in the wiki. I don't know if you can set up multiple wlans with that neutered router.
Also, your build is old and has security issues. See the forum announcements. _________________ SIG:
I'm trying to teach you to fish, not give you a fish. If you just want a fish, wait for a fisherman who hands them out. I'm more of a fishing instructor.
LOM: "If you show that you have not bothered to read the forum announcements or to follow the advices in them then the level of help available for you will drop substantially, also known as Murrkf's law.."
I'll take a look at that, though I don't know if dual WLANs is necessary?? This router will not need any access to the corporate network at all. Something like this:
<ISP1/ISP2>
\
\ (on switches, etc)
<router> --> <corporate network ISP1>
\
\--> <guest network ISP2>
(on this WRT54G)
So my main router has dual ISP, but both are routed through the same subnet - yea, I know... Not my call.
I have gateway 192.168.100.7 for ISP1 and 192.168.100.253 for ISP2. However, devices on ISP2 gateway can still ping/access corporate network because they are in the same subnet, from my limited understanding of this magic world.. I'm learning =P.
If I can get the WRT54G on to ISP2's gateway while blocking all other IPs from the .100.x network but its own, basically. And how to do that in the setup.
I'll update the version as well, that's a good start.
Joined: 26 Jan 2008 Posts: 13049 Location: Behind The Reset Button
Posted: Wed Nov 13, 2013 21:22 Post subject:
A simple way:
connect the guest routers wan port to the main network.
set up the guest router's wan connection type as either dhcp or static which ever you think is better.
the wan ip should be in the 192.168.100.x subnet.
now set up the guest routers lan ip to a diff subnet like 192.168.1.x
Bamm!
all guest clients (wireless or wired) connected to the guest router will be on a diff subnet (192.168.1.x) and should not be able to access clients on the main network / subnet.
the main network is basically the guest routers isp. _________________ [Moderator Deleted]
What I thought was to set the IP static to a different network.
We have: 192.168.50.x, .100.x, and .200.x all 255.255.255.0
I thought changing that port to 192.168.50.x, asigning a static IP to it and then giving it the 192.168.100.253 gateway with a 255.255.255.254 subnet. But it won't let me assign the gateway to anything but the default .50.1 on that network. Every time I set it to the 192.168.100.253 and save or apply, it reverts back to 192.168.50.1