HOW TO: Guest WiFi + abuse control for beginners

Post new topic   Reply to topic    DD-WRT Forum Forum Index -> Atheros WiSOC based Hardware
Goto page Previous  1, 2, 3, 4, 5, 6, 7  Next
Author Message
michalko58
DD-WRT Novice


Joined: 23 May 2010
Posts: 28

PostPosted: Mon Feb 09, 2015 14:56    Post subject: Reply with quote
2 tatsuya46: that commands are there according the guide

2 Mile-Lile: ok, thanks, I´ll try to ask somewhere else
Sponsor
coolkoushik07
DD-WRT Novice


Joined: 04 Feb 2015
Posts: 12

PostPosted: Tue Feb 10, 2015 13:07    Post subject: need some help Reply with quote
Hi, I have no idea on how this things work, I just follow this as it is.. I have a question in mind.. I have heard of sniffing packets and MITM attack.. So, if someone has access to my guest network, can he sniff and perform MITM attack or any kind of attacks to clients in main AP that is dangerous for my security?? And if so then please give me the solution and also if I use multi ssid, will it affect the performance of router? Your help will will be grateful to me.. Thanks in advance..
Mile-Lile
DD-WRT Guru


Joined: 24 Feb 2013
Posts: 1516
Location: Belgrade

PostPosted: Tue Feb 10, 2015 13:52    Post subject: Reply with quote
If you use "AP isolation" function suggested in this article you are protected. About multiple ssid, I have been using 3 VAP wthout problem. Wiki says 5 is max. You can test it by yourself, but I think that it is router depended... It is not same if you have dual or single core CPU etc. (RAM)...
coolkoushik07
DD-WRT Novice


Joined: 04 Feb 2015
Posts: 12

PostPosted: Tue Feb 10, 2015 14:24    Post subject: Reply with quote
Mile-Lile wrote:
If you use "AP isolation" function suggested in this article you are protected. About multiple ssid, I have been using 3 VAP wthout problem. Wiki says 5 is max. You can test it by yourself, but I think that it is router depended... It is not same if you have dual or single core CPU etc. (RAM)...


Thanks for ur reply.. so I have a wap and a vap both password (different passwords) protected and I have followed this article except access restriction part and bandwidth limit and yes ap isolation is enabled as this article says.. So my friends connected to guest network, cant hack anything or spy on me about what I am doing on my network right?


Edit: I have another confusion.. Please pardon me for asking you so much question.. I have serached before asking and did not get any easy answer.. What if I select bridge connection in vap instead of unbridged? thanks in advance again
Mile-Lile
DD-WRT Guru


Joined: 24 Feb 2013
Posts: 1516
Location: Belgrade

PostPosted: Tue Feb 10, 2015 18:42    Post subject: Reply with quote
Net isolation = Guests can not hack your private LAN+WLAN

AP Isolation = Guests can not hack each other on guest VAP

unbridged vs bridged = works same way
unbridged = just few clicks
bridged = must use custom iptable firewall rules etc.
coolkoushik07
DD-WRT Novice


Joined: 04 Feb 2015
Posts: 12

PostPosted: Tue Feb 10, 2015 19:42    Post subject: Reply with quote
Mile-Lile wrote:
Net isolation = Guests can not hack your private LAN+WLAN

AP Isolation = Guests can not hack each other on guest VAP

unbridged vs bridged = works same way
unbridged = just few clicks
bridged = must use custom iptable firewall rules etc.


Thanks for ur reply.. In my case both ssid using same channel. will this make any interference issue?? or is there any solution to make them use different channel?
Mile-Lile
DD-WRT Guru


Joined: 24 Feb 2013
Posts: 1516
Location: Belgrade

PostPosted: Wed Feb 11, 2015 7:23    Post subject: Reply with quote
I think that it is not possible, but BS stated once that he was working on finding solution for VAPs to work on diferent channel...
tatsuya46
DD-WRT Guru


Joined: 03 Jan 2010
Posts: 7381
Location: YWG, Canada

PostPosted: Wed Feb 11, 2015 8:12    Post subject: Reply with quote
vaps wont work on a different channel, i think thats a hw limit, one radio cant broadcast on 2 separate channels at once. but 2 networks on the same channels dont "interfere", instead they coexist, taking turns transmitting
_________________
LATEST FIRMWARE(S)

BrainSlayer wrote:
we just do it since we do not like any restrictions enforced by stupid cocaine snorting managers

[x86_64] Haswell i3-4150/QCA9984/QCA9882 ------> r44849 std
[QUALCOMM] DIR-862L --------------------------------> r44849 std
[QUALCOMM] WNDR4300 v1 --------------------------> r44849 std
[QUALCOMM] DIR-862L --------------------------------> r44849 std
▲ ACTIVE / INACTIVE ▼
[BROADCOM] DIR-860L A1 ----------------------------> r44583 std


If you use DSLReports please enable hi-res bufferbloat.


Sigh.. why do i exist anyway..
michalko58
DD-WRT Novice


Joined: 23 May 2010
Posts: 28

PostPosted: Thu Feb 12, 2015 9:33    Post subject: Reply with quote
Networks in my case are on the same channel.
h2opolo
DD-WRT Novice


Joined: 10 Apr 2014
Posts: 3
Location: Pacific time, USA

PostPosted: Sun Feb 15, 2015 1:43    Post subject: Reply with quote
Mile-Lile wrote:
Net isolation = Guests can not hack your private LAN+WLAN

AP Isolation = Guests can not hack each other on guest VAP

unbridged vs bridged = works same way
unbridged = just few clicks
bridged = must use custom iptable firewall rules etc.


I couldn't find the "net isolation" setting. Sad

But, I've got it working with an unbridged vap, and a router rule to deny access to the LAN (e.g.
"iptables -t nat -A PREROUTING -i ath0.1 --destination 192.168.0.1/24 -j DROP", where the destination is the lan's subnet.)
Mile-Lile
DD-WRT Guru


Joined: 24 Feb 2013
Posts: 1516
Location: Belgrade

PostPosted: Sun Feb 15, 2015 8:31    Post subject: Reply with quote
Net isolation button is available only on unbridged inteface
on newer builds for Broadcom starting from build 23020, for Atheros starting from build 24759 and for Ralink/Mediatek units starting from build 25934.
Banderas
DD-WRT Novice


Joined: 15 Feb 2015
Posts: 4

PostPosted: Sat Mar 14, 2015 8:37    Post subject: Reply with quote
Hello,
I have TP-Link 841ND v8.2
DD-WRT: 25697

I try to create guest wi-fi, but there is an QoS problem.
When i try to limit the guest addresses noting happen.
Speed limitations works only on main network. When guest is connected allways have full speed. Anyone have the same problem?
Mile-Lile
DD-WRT Guru


Joined: 24 Feb 2013
Posts: 1516
Location: Belgrade

PostPosted: Sat Mar 14, 2015 9:51    Post subject: Reply with quote
Post screenshots of your QoS configuration...
Banderas
DD-WRT Novice


Joined: 15 Feb 2015
Posts: 4

PostPosted: Sat Mar 14, 2015 15:57    Post subject: Reply with quote
Here it is.

Mile-Lile
DD-WRT Guru


Joined: 24 Feb 2013
Posts: 1516
Location: Belgrade

PostPosted: Sat Mar 14, 2015 19:09    Post subject: Reply with quote
As I told people before in this post: "Everything written on this article works on WAN port of router"...

your traffic shaping is on LAN+WLAN port, you don't have global down/up limits so simply it won't work:(
Goto page Previous  1, 2, 3, 4, 5, 6, 7  Next Display posts from previous:    Page 3 of 7
Post new topic   Reply to topic    DD-WRT Forum Forum Index -> Atheros WiSOC based Hardware All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum