Joined: 10 Apr 2014 Posts: 3 Location: Pacific time, USA
Posted: Sat Jan 31, 2015 15:28 Post subject:
Mile-Lile wrote:
Thx. Feel free to add your suggestions, ideas to improve this tutorial...
Hi, Thanks for the tutorial. One suggestion I have: Include information on how to block access to LAN ports. Even with AP Isolation enabled, I believe that machines on the LAN are still accessible. (I want to do this, but am having trouble coming up with the correct iptables rules.)
Joined: 24 Feb 2013 Posts: 1634 Location: Belgrade
Posted: Sun Feb 01, 2015 13:12 Post subject:
h2opolo wrote:
Mile-Lile wrote:
Thx. Feel free to add your suggestions, ideas to improve this tutorial...
Hi, Thanks for the tutorial. One suggestion I have: Include information on how to block access to LAN ports. Even with AP Isolation enabled, I believe that machines on the LAN are still accessible. (I want to do this, but am having trouble coming up with the correct iptables rules.)
If you enable Net isolation you don't have to worry, your machines on the LAN are protected. I f you want to check by yourself type in CLI:
Code:
cat /tmp/.ipt
You will see that eveything except DNS and DHCP is DROPed from your guests...
Posted: Sun Feb 01, 2015 20:16 Post subject: Bridging / routing.
I've been tinkering with this setup today. My router functions as a pure router, not a gateway - I have another (SKY) router to be my main gateway to the internet (though that's all it does).
The only change I had to make was to add a Bridge from ath0.1 to br0, otherwise I could not access the internet.
The consequence is that the devices on the guest VAP seem to get a 192.x.x.x IP, which means they are not filtered via the accessibility settings.
Any thoughts on what I can do?
Joined: 24 Feb 2013 Posts: 1634 Location: Belgrade
Posted: Mon Feb 02, 2015 7:21 Post subject:
I am not networking guru too, but I think it won't work that way. You probably using your ddwrt as a L2 bridge where WAN is disabled? It is different story way out this tut...
I´d like to have separated guest wifi on second router (TP-Link WDR3600) connected through LAN (DHCP disabled). When I make two SSID´s everything is working (in both, your´s and wiki´s guides), but when I´ll try to make the guest SSID unbridged, then following your guide - devices cannot obtain IP and following wiki´s guide - devices are unable to access the internet.
Could someone help me please? Funny fact is, that separated guest wifi doesn´t work on original tp-link FW too...