Posted: Sun Jul 09, 2006 19:54 Post subject: Two routers looking for wireless security from the wired net
I have a need to have wired and wireless nets where the wireless devices can access the internet, but not the LAN devices.
I read a suggestion on the web that you run two routers on differnet subnets and have net traffice route from the wireless router to the wired router for access to the net. This was working well until I discovered I need to have wired devices connected to the wireless router to be able to access the wired subnet.
Wired subnet is 192.168.0.x
Wireless subenet is 192.168.1.x
Router 1: Wired
Internet Settings:
IP: from ISP
Mask: from ISP
Gateway: from ISP
DNS: from ISP
Local Settings:
IP: 192.168.0.1
Mask: 255.255.255.0
Gateway: 192.168.0.1
DNS: 192.168.0.1
DHCP Server:
Pool 100-255
Router 2:
Internet Settings:
IP:192.168.0.100 ( from Router 1)
Mask: 255.255.255.0
Gateway: 192.168.1.1
DNS: 192.168.1.1
Local Settings:
IP: 192.168.1.1
Mask: 255.255.255.0
Gateway: 192.168.1.1
DNS: 192.168.1.1
DHCP Server:
Pool 100-255
I had thought if I configure the laptops wired on Router 2 to use a IP local to router 2 and a mask that opens up traffic I'd be able to connect between the subnets from the wired devices on router 2.
for example the laptop running wired
IP 192.168.1.122
Mask: 255.255.254.0
Gateway: 192.168.1.1
DNS 192.168.1.1
But, I'm unable to connect to the 192.168.0 subnet.
Am I doing something dumb? Is there an easier way?
Posted: Sun Jul 09, 2006 20:02 Post subject: Re: Two routers looking for wireless security from the wired
Jeff D wrote:
IP 192.168.1.122
Mask: 255.255.254.0
Gateway: 192.168.1.1
DNS 192.168.1.1
Did you mean 255.255.255.0 for your subnet mask? _________________ whr-g54s -- DD-WRT v23 SP2 (08/04/06) mini -- gateway
wrt54gs v5 -- DD-WRT v23 SP2 (08/04/06) micro -- AP
Local Settings:
IP: 192.168.1.1
Mask: 255.255.255.0
Gateway: 192.168.1.1
DNS: 192.168.1.1
Your wireless laptop must be on the same subnet as the local settings, unless I am missing something, here. Adding a static route for 0.0.0.0 to 192.168.0.0 on the "wireless" router may accomplish what you are after. You would also probably need to make another static route entry on your Internet router on behalf of the 192.168.1.0 traffic. I am not sure. I know there are others with more experience on this site that could weigh in on this one. _________________ whr-g54s -- DD-WRT v23 SP2 (08/04/06) mini -- gateway
wrt54gs v5 -- DD-WRT v23 SP2 (08/04/06) micro -- AP
Local Settings:
IP: 192.168.1.1
Mask: 255.255.255.0
Gateway: 192.168.1.1
DNS: 192.168.1.1
Your wireless laptop must be on the same subnet as the local settings, unless I am missing something, here. Adding a static route for 0.0.0.0 to 192.168.0.0 on the "wireless" router may accomplish what you are after. You would also probably need to make another static route entry on your Internet router on behalf of the 192.168.1.0 traffic. I am not sure. I know there are others with more experience on this site that could weigh in on this one.
THanks I wasn't sure if the PC's settings such as net mask need to match. And it's connected wired, not wireless that's part of the problem wanting to keep wireless connections away from the wired lan. The problem here is that I do have secure stuff on my LAN that I know others could figure out how to get. I'm willing to provide a wireless hotspot for either closed or open wlan, but still keep the wired part of the lan hidden from the wireless folks.
All this because my wife really likes wireless and I hate it.... guess who wins? I'm just trying to keep myself happy at the same time. =)
This is the routing table of the wireless router at the moment...
192.168.1.0 255.255.255.0 0.0.0.0 LAN & Wireless
192.168.0.0 255.255.254.0 0.0.0.0 WAN (Internet)
0.0.0.0 0.0.0.0 192.168.0.1 WAN (Internet)
I then gave it a shot and configured this satic route:
Destination LAN
IP192.168.0.1
Subnet Mask 255.255.255.0
Default Gateway 0.0.0.0
Interface LAN & Wireless WAN (Internet)
The result is that both the wired and wireless connections on router 2 have access to my wired LAN on router 1. I want to restrict wireless connections. I looked at VLAN as an option, but my DDWRT install doesn't have help pages for those settings.
mahenry Wow, thanks for finding that. I would have NEVER found that, not knowing what I was looking for exactly would be the problem.
THere was a lot in that linked topic that's WAY over my head (at the moment) but if I understand correctly this would allow two things...
1) the use of one router to do the work I was trying to do with two
2) break the ethernet adapter from the LAN interface but still allow access to the WAN interface.
the second thing alone would do exactly what I think I need.
I'll have to read the wiki page again to be sure I get the full scope of everything that's going on. I don't think DNSMasq is an issue for me, I think DHCP would be fine... it must be fine, I never enabled DNSMasq on my routers. =)
It's been 7 months, wonder if the wiki page is up to date... I didn't compare too closely.