How do I make sure my guests only have internet access?

Post new topic   Reply to topic    DD-WRT Forum Forum Index -> Broadcom SoC based Hardware
Author Message
TimTurry
DD-WRT Novice


Joined: 11 Jul 2012
Posts: 4

PostPosted: Fri Sep 14, 2012 21:46    Post subject: How do I make sure my guests only have internet access? Reply with quote
Thanks to the users in this forum, I recently installed the latest dd-wrt software on my router. I use WPA2 encryption.

I regularly have people come over who ask me for my wireless password. This is fine. I want them to be able to use the internet, but unfortunately, once they are on my network, they can also access all my other computers including my NAS (where I keep my Tax stuff).

Is there a way I can limit "their password" to internet (and maybe printer) only, and have "another password?" for my own laptops that gives me full network access (including computers printers and NAS)?
Sponsor
shmackitup
DD-WRT Novice


Joined: 06 Feb 2011
Posts: 28

PostPosted: Fri Sep 14, 2012 23:23    Post subject: Reply with quote
Read through the links here: http://www.dd-wrt.com/phpBB2/viewtopic.php?t=161853&highlight=multiple+wlan
James2k
DD-WRT Guru


Joined: 23 Oct 2011
Posts: 549

PostPosted: Sat Sep 15, 2012 7:35    Post subject: Reply with quote
Create a virtual WLAN on a new bridge:

http://www.dd-wrt.com/wiki/index.php/Multiple_WLANs

Then use IPTABLES to restrict access:

http://www.dd-wrt.com/wiki/index.php/Multiple_WLANs#Restricting_Access

e.g.

Code:
iptables -I FORWARD -i br1 -o br0 -m state --state NEW -j DROP
iptables -I FORWARD -i br0 -o br1 -m state --state NEW -j DROP


You need more firewall rules than the above to get it working so read through the Wiki Guide

_________________
James

Main router:

Netgear R7000 overclocked to 1.2GHz - DD-WRT v3.0-r35965M kongac

IPv6 6in4 (HE.net), OpenVPN (with PBR and split tunnelling), Entware, dnsmasq with ipset

Easy ipset support for the R7000

VPN speed: Download: 77.96 Mbps Upload: 5.00 Mbps (AES-128-CBC HMAC-SHA1)

Yes you can get 50 Mbps+ with OpenVPN on a R7000 if you configure it properly!

Previous routers:

ASUS RT-N66U - The Dark Knight
WNR2000v3 - Bought on the cheap for someone else, neutered crap
WNR3500Lv1 - First venture into the DD-WRT world
blueturtles
DD-WRT Novice


Joined: 05 Aug 2012
Posts: 14

PostPosted: Sun Sep 16, 2012 22:12    Post subject: Reply with quote
Hello,

I have the same request: I am wanting to give access to guests but not my entire network. I have successfully created guest network before, but my question is, can I create the guest access with a Virtual WLAN bridge on a "Repeater"?

I am running a Buffalo WZR-HP-G300NH as my main router with a Linksys WRT54G as a repeater. Everything is working great now. I just would like to add a guest SSID to the Linksys router.

Thanks for your thoughts in advance!
Display posts from previous:    Page 1 of 1
Post new topic   Reply to topic    DD-WRT Forum Forum Index -> Broadcom SoC based Hardware All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum