Two routers looking for wireless security from the wired net

Post new topic   Reply to topic    DD-WRT Forum Forum Index -> Broadcom SoC based Hardware
Author Message
Jeff D
DD-WRT Novice


Joined: 09 Jul 2006
Posts: 7

PostPosted: Sun Jul 09, 2006 19:54    Post subject: Two routers looking for wireless security from the wired net Reply with quote
I have a need to have wired and wireless nets where the wireless devices can access the internet, but not the LAN devices.

I read a suggestion on the web that you run two routers on differnet subnets and have net traffice route from the wireless router to the wired router for access to the net. This was working well until I discovered I need to have wired devices connected to the wireless router to be able to access the wired subnet.

Wired subnet is 192.168.0.x
Wireless subenet is 192.168.1.x

Router 1: Wired
Internet Settings:
IP: from ISP
Mask: from ISP
Gateway: from ISP
DNS: from ISP

Local Settings:
IP: 192.168.0.1
Mask: 255.255.255.0
Gateway: 192.168.0.1
DNS: 192.168.0.1

DHCP Server:
Pool 100-255


Router 2:
Internet Settings:
IP:192.168.0.100 ( from Router 1)
Mask: 255.255.255.0
Gateway: 192.168.1.1
DNS: 192.168.1.1

Local Settings:
IP: 192.168.1.1
Mask: 255.255.255.0
Gateway: 192.168.1.1
DNS: 192.168.1.1

DHCP Server:
Pool 100-255


I had thought if I configure the laptops wired on Router 2 to use a IP local to router 2 and a mask that opens up traffic I'd be able to connect between the subnets from the wired devices on router 2.

for example the laptop running wired
IP 192.168.1.122
Mask: 255.255.254.0
Gateway: 192.168.1.1
DNS 192.168.1.1

But, I'm unable to connect to the 192.168.0 subnet.

Am I doing something dumb? Is there an easier way?
Sponsor
mahenry
DD-WRT User


Joined: 12 Jun 2006
Posts: 120

PostPosted: Sun Jul 09, 2006 20:02    Post subject: Re: Two routers looking for wireless security from the wired Reply with quote
Jeff D wrote:
IP 192.168.1.122
Mask: 255.255.254.0
Gateway: 192.168.1.1
DNS 192.168.1.1
Did you mean 255.255.255.0 for your subnet mask?
_________________
whr-g54s -- DD-WRT v23 SP2 (08/04/06) mini -- gateway
wrt54gs v5 -- DD-WRT v23 SP2 (08/04/06) micro -- AP
Jeff D
DD-WRT Novice


Joined: 09 Jul 2006
Posts: 7

PostPosted: Sun Jul 09, 2006 20:35    Post subject: Re: Two routers looking for wireless security from the wired Reply with quote
mahenry wrote:
Jeff D wrote:
IP 192.168.1.122
Mask: 255.255.254.0
Gateway: 192.168.1.1
DNS 192.168.1.1
Did you mean 255.255.255.0 for your subnet mask?


Nope, that was the thinking I could get access to the 192.168.0 subnet with masking off bit 1 of that byte. Am I wrong?
mahenry
DD-WRT User


Joined: 12 Jun 2006
Posts: 120

PostPosted: Sun Jul 09, 2006 20:46    Post subject: Reply with quote
Quote:
Local Settings:
IP: 192.168.1.1
Mask: 255.255.255.0
Gateway: 192.168.1.1
DNS: 192.168.1.1

Your wireless laptop must be on the same subnet as the local settings, unless I am missing something, here. Adding a static route for 0.0.0.0 to 192.168.0.0 on the "wireless" router may accomplish what you are after. You would also probably need to make another static route entry on your Internet router on behalf of the 192.168.1.0 traffic. I am not sure. I know there are others with more experience on this site that could weigh in on this one.

_________________
whr-g54s -- DD-WRT v23 SP2 (08/04/06) mini -- gateway
wrt54gs v5 -- DD-WRT v23 SP2 (08/04/06) micro -- AP
Jeff D
DD-WRT Novice


Joined: 09 Jul 2006
Posts: 7

PostPosted: Sun Jul 09, 2006 22:40    Post subject: Reply with quote
mahenry wrote:
Quote:
Local Settings:
IP: 192.168.1.1
Mask: 255.255.255.0
Gateway: 192.168.1.1
DNS: 192.168.1.1

Your wireless laptop must be on the same subnet as the local settings, unless I am missing something, here. Adding a static route for 0.0.0.0 to 192.168.0.0 on the "wireless" router may accomplish what you are after. You would also probably need to make another static route entry on your Internet router on behalf of the 192.168.1.0 traffic. I am not sure. I know there are others with more experience on this site that could weigh in on this one.


THanks I wasn't sure if the PC's settings such as net mask need to match. And it's connected wired, not wireless that's part of the problem wanting to keep wireless connections away from the wired lan. The problem here is that I do have secure stuff on my LAN that I know others could figure out how to get. I'm willing to provide a wireless hotspot for either closed or open wlan, but still keep the wired part of the lan hidden from the wireless folks.

All this because my wife really likes wireless and I hate it.... guess who wins? I'm just trying to keep myself happy at the same time. =)
Jeff D
DD-WRT Novice


Joined: 09 Jul 2006
Posts: 7

PostPosted: Sun Jul 09, 2006 23:33    Post subject: Reply with quote
This is the routing table of the wireless router at the moment...
192.168.1.0 255.255.255.0 0.0.0.0 LAN & Wireless
192.168.0.0 255.255.254.0 0.0.0.0 WAN (Internet)
0.0.0.0 0.0.0.0 192.168.0.1 WAN (Internet)


I then gave it a shot and configured this satic route:
Destination LAN
IP192.168.0.1
Subnet Mask 255.255.255.0
Default Gateway 0.0.0.0
Interface LAN & Wireless WAN (Internet)

The result is that both the wired and wireless connections on router 2 have access to my wired LAN on router 1. I want to restrict wireless connections. I looked at VLAN as an option, but my DDWRT install doesn't have help pages for those settings.
Jeff D
DD-WRT Novice


Joined: 09 Jul 2006
Posts: 7

PostPosted: Mon Jul 10, 2006 18:38    Post subject: Reply with quote
Any other ideas? I still haven't found a way...

Thanks
mahenry
DD-WRT User


Joined: 12 Jun 2006
Posts: 120

PostPosted: Mon Jul 10, 2006 19:44    Post subject: Reply with quote
Here's what I found:

Read this first (but don't do anything, yet):
http://www.linksysinfo.org/modules.php?name=Forums&file=viewtopic&t=9945

Next read this from the WIKI (the link above was imbedded in this page):
http://www.dd-wrt.com/wiki/index.php/Separate_LAN_and_WLAN

If someone actually has experience doing this PLEASE DON'T HESITATE TO JUMP IN!!

_________________
whr-g54s -- DD-WRT v23 SP2 (08/04/06) mini -- gateway
wrt54gs v5 -- DD-WRT v23 SP2 (08/04/06) micro -- AP
Jeff D
DD-WRT Novice


Joined: 09 Jul 2006
Posts: 7

PostPosted: Tue Jul 11, 2006 0:47    Post subject: Reply with quote
mahenry Wow, thanks for finding that. I would have NEVER found that, not knowing what I was looking for exactly would be the problem.

THere was a lot in that linked topic that's WAY over my head (at the moment) but if I understand correctly this would allow two things...
1) the use of one router to do the work I was trying to do with two
2) break the ethernet adapter from the LAN interface but still allow access to the WAN interface.

the second thing alone would do exactly what I think I need.

I'll have to read the wiki page again to be sure I get the full scope of everything that's going on. I don't think DNSMasq is an issue for me, I think DHCP would be fine... it must be fine, I never enabled DNSMasq on my routers. =)

It's been 7 months, wonder if the wiki page is up to date... I didn't compare too closely.
Display posts from previous:    Page 1 of 1
Post new topic   Reply to topic    DD-WRT Forum Forum Index -> Broadcom SoC based Hardware All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum