HOW TO: Guest WiFi + abuse control for beginners

Post new topic   Reply to topic    DD-WRT Forum Index -> Atheros WiSOC based Hardware
Goto page Previous  1, 2, 3, 4, 5, 6, 7, 8  Next
Author Message
Banderas
DD-WRT Novice


Joined: 15 Feb 2015
Posts: 4

PostPosted: Sun Mar 15, 2015 17:50    Post subject: Reply with quote
Thanks, but first i try to use WAN - the problem is same.
Sponsor
Pattagghiu
DD-WRT User


Joined: 06 Apr 2014
Posts: 75

PostPosted: Tue Mar 24, 2015 13:51    Post subject: Reply with quote
Hello gurus Smile
I have a question for you.
My setup has a "official" wifi network (mine..) and a guest wifi (with a less secure password)
All is working as expected.
But i also have a couple of wifi surveillance cameras that NOW are connected to official wifi.
Can i connect them to guest wifi and access them from official wifi?
Second: can i setup port forwarding on guest network?
Third: can i setup dhcp reservation on guest network?

I'm a little scared about "try and see" since cameras are not so easy to reach and i would prefer not to stay closed outside them Smile

Thanks

_________________
--
Netgear WNDR3700 v.2 - 26081
Tp-Link TL-WR841N v.9.2- 25934
Mile-Lile
DD-WRT Guru


Joined: 24 Feb 2013
Posts: 1634
Location: Belgrade

PostPosted: Fri May 22, 2015 8:12    Post subject: Reply with quote
You can use this feature to on new builds like on the screenshot... I just tested it it is working but needs more testing...
kratosvn
DD-WRT Novice


Joined: 24 May 2015
Posts: 42

PostPosted: Sun May 24, 2015 5:29    Post subject: Reply with quote
Is there anyway to get Opendns work with privoxy:
smt like :
iptables -t nat -I PREROUTING -i ath0.1 -p udp --dport 53 -j DNAT --to 208.67.220.220
iptables -t nat -I PREROUTING -i ath0.1 -p tcp --dport 53 -j DNAT --to 208.67.220.220

and also i want to route all traffic to port 80 to 8118 privoxy ?
Looks like it will conflict together:
if i apply this :
iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-port 8118

Any sugesstion ?
Mile-Lile
DD-WRT Guru


Joined: 24 Feb 2013
Posts: 1634
Location: Belgrade

PostPosted: Sun May 24, 2015 11:50    Post subject: Reply with quote
What is the point to use OpenDNS when you have privoxy, make no sense to me... Anyway your question (iptables stuff) is for Advanced routing ddwrt forum section...
kratosvn
DD-WRT Novice


Joined: 24 May 2015
Posts: 42

PostPosted: Sun May 24, 2015 19:57    Post subject: Reply with quote
Mile-Lile wrote:
What is the point to use OpenDNS when you have privoxy, make no sense to me... Anyway your question (iptables stuff) is for Advanced routing ddwrt forum section...

I want to use OpenDNS for content filtering eg block porn website ... but I also want to block ads. Like i can use OpenDns and pixelserv to both content filtering and blocks ads from the websites in Tomato. It works great with Tomato.
Now I want to have something like that with dd-wrt ...But so far I see that adblock - transparent and custom works with OpenDNS but the statistics show me really low rate to be blocked - ads:
Blocking Statistics:

295 out of 3151 requests have been blocked, which equals a block rate of 9.36%.
Or I missed some configures ?
crashnburn_in
DD-WRT Novice


Joined: 21 Jan 2012
Posts: 31

PostPosted: Sat Jun 13, 2015 11:50    Post subject: Reply with quote
Images missing from first post. Any way to fix? Anyone has original document?
Mile-Lile
DD-WRT Guru


Joined: 24 Feb 2013
Posts: 1634
Location: Belgrade

PostPosted: Mon Jun 15, 2015 10:27    Post subject: Reply with quote
You must be logged. I see all screenshots with no problem...
tatsuya46
DD-WRT Guru


Joined: 03 Jan 2010
Posts: 7568
Location: YWG, Canada

PostPosted: Tue Jun 16, 2015 3:55    Post subject: Reply with quote
this is available with the next build as of this post, the build after r27240 which is due any time now. dont try on r27240 as its got broken qos, earlier builds have rule creation/matching issues.

to use qos on BRIDGED interfaces, u must set "port" to LAN & WLAN, all other functions of qos setup will work the same way as with "WAN" setting, just potentially slightly more cpu usage.

with interface limiting both bridged & unbridged, offers ability to rate or priority limit services or ports/port ranges. this can be exceptionally useful to control bandwidth hogs, regulate hotspots, etc. with an interface limit, a user can change their ip address & mac address as much as they want trying to get around qos, abusive users cant bypass ur rules without switching off the interface.

so unbridged + net isolation + ap isolation + forced dns redirection + interface qos = Cool Twisted Evil Very Happy

example such as:


vlan1 512/512 0 ssl manual

^this means all traffic on vlan1 interface (lan ports for some routers, others use eth) is not limited or shaped & goes "up to" global limits, except ssl traffic, being limited to 512kbps both up & down (64KB/s). multiple entries are possible exampled below.


ath0 512/512 0 ssl manual
ath0 2048/512 0 http manual
ath0 512/512 0 ftp manual

^with this, the same applies to what i said above, just for the ath0 wireless interface & only the listed services are rate limited. u can also do priority limits, but rate limiting & prioritizing the same service is not supported, one or the other.

_________________
LATEST FIRMWARE(S)

BrainSlayer wrote:
we just do it since we do not like any restrictions enforced by stupid cocaine snorting managers

[x86_64] Haswell i3-4150/QCA9984/QCA9882 ------> r55488 std
[QUALCOMM] DIR-862L --------------------------------> r55460 std
▲ ACTIVE / INACTIVE ▼
[QUALCOMM] WNDR4300 v1 --------------------------> r50485 std
[BROADCOM] DIR-860L A1 ----------------------------> r50485 std


Sigh.. why do i exist anyway.. | I love you Anthony.. never forget that.. my other 99% that ill never see again..

Tvisforme
DD-WRT Novice


Joined: 20 Mar 2013
Posts: 49

PostPosted: Thu Jul 02, 2015 0:18    Post subject: Reply with quote
Hi, I am having difficulty in getting the guest wifi to work properly, and have been for many months now. I've tried a number of different methods and tutorials here and elsewhere with no success. The closest I've come is with this thread, but as soon as I enable multiple DHCP servers I lose connectivity for the network. (The router lists an IP etc from my provider, but wired and wireless devices cannot resolve addresses.) I suspect that I'm doing something wrong with DHCPD setup but I have not found a clear guide to set it up. Any advice would be appreciated.

Details:
- TP-Link Archer C7 v2
- DD-WRT r27413
tatsuya46
DD-WRT Guru


Joined: 03 Jan 2010
Posts: 7568
Location: YWG, Canada

PostPosted: Thu Jul 02, 2015 0:53    Post subject: Reply with quote
u didnt provide any config settings..vap settings? which radio is doing it 2.4ghz or 5ghz? multiple dhcpd setting? which interface did u enable it for?

u arent on the latest build u should be before reporting problems..

_________________
LATEST FIRMWARE(S)

BrainSlayer wrote:
we just do it since we do not like any restrictions enforced by stupid cocaine snorting managers

[x86_64] Haswell i3-4150/QCA9984/QCA9882 ------> r55488 std
[QUALCOMM] DIR-862L --------------------------------> r55460 std
▲ ACTIVE / INACTIVE ▼
[QUALCOMM] WNDR4300 v1 --------------------------> r50485 std
[BROADCOM] DIR-860L A1 ----------------------------> r50485 std


Sigh.. why do i exist anyway.. | I love you Anthony.. never forget that.. my other 99% that ill never see again..

Tvisforme
DD-WRT Novice


Joined: 20 Mar 2013
Posts: 49

PostPosted: Thu Jul 02, 2015 11:23    Post subject: Reply with quote
tatsuya46 wrote:
u didnt provide any config settings..vap settings? which radio is doing it 2.4ghz or 5ghz? multiple dhcpd setting? which interface did u enable it for?

u arent on the latest build u should be before reporting problems..


Hi, thanks, sorry and I will provide details - I wasn't certain what would be needed. (As for the latest build, this has been an issue for months and months, across multiple builds.)

I followed the instructions in this thread so the VAP and multiple DHCPD settings are as listed there. This is on the 2.4 GHz radio. After some more testing, it seems that the system fails when I enable "Use DNSMasq for DHCP" on the main Setup page. After enabling that, my wireless device connects but does not receive an address.
tatsuya46
DD-WRT Guru


Joined: 03 Jan 2010
Posts: 7568
Location: YWG, Canada

PostPosted: Thu Jul 02, 2015 17:33    Post subject: Reply with quote
update to latest build first, do u have any dnsmasq custom config.?
_________________
LATEST FIRMWARE(S)

BrainSlayer wrote:
we just do it since we do not like any restrictions enforced by stupid cocaine snorting managers

[x86_64] Haswell i3-4150/QCA9984/QCA9882 ------> r55488 std
[QUALCOMM] DIR-862L --------------------------------> r55460 std
▲ ACTIVE / INACTIVE ▼
[QUALCOMM] WNDR4300 v1 --------------------------> r50485 std
[BROADCOM] DIR-860L A1 ----------------------------> r50485 std


Sigh.. why do i exist anyway.. | I love you Anthony.. never forget that.. my other 99% that ill never see again..

ploquets
DD-WRT Novice


Joined: 05 Nov 2014
Posts: 17

PostPosted: Fri Jul 10, 2015 13:23    Post subject: Reply with quote
Tvisforme wrote:
Hi, I am having difficulty in getting the guest wifi to work properly, and have been for many months now. I've tried a number of different methods and tutorials here and elsewhere with no success. The closest I've come is with this thread, but as soon as I enable multiple DHCP servers I lose connectivity for the network. (The router lists an IP etc from my provider, but wired and wireless devices cannot resolve addresses.) I suspect that I'm doing something wrong with DHCPD setup but I have not found a clear guide to set it up. Any advice would be appreciated.

Details:
- TP-Link Archer C7 v2
- DD-WRT r27413


I'm also having this issue, but I'll try to update to latest build before reporting with more details.
peppo
DD-WRT Novice


Joined: 26 Jul 2015
Posts: 27

PostPosted: Mon Aug 03, 2015 16:54    Post subject: Reply with quote
@Mile-Lile
Super howto, thanks! It working just fine for me.

But the GuestWIFI net had still IP-Connection to my "main" Network. (Ping is possible to the Hosts...)

So I added this firewall rules:

Code:
iptables -I FORWARD -i br0 -o ath0.1 -m state --state NEW -j DROP
iptables -I INPUT -i ath0.1 -m state --state NEW -j DROP
iptables -I FORWARD -i ath0.1 -d `nvram get lan_ipaddr`/`nvram get lan_netmask` -m state --state NEW -j DROP

iptables -I INPUT -i ath0.1 -p udp --dport 67 -j ACCEPT
iptables -I INPUT -i ath0.1 -p udp --dport 53 -j ACCEPT
iptables -I INPUT -i ath0.1 -p tcp --dport 53 -j ACCEPT


But the "Access Restrictions" seems to be not working at all.
I tried to "Website Blocking by URL Address and "Website Blocking by Keyword", but they seems to have no effect at all.

For example: the blocked "yahoo.com" is still from a "Guest" accessible...

greetings
peppo

PS:
I am using a TP-LINK Archer C7 (AC1750), with the newest beta (D-WRT v3.0-r27506 (07/09/15))
Goto page Previous  1, 2, 3, 4, 5, 6, 7, 8  Next Display posts from previous:    Page 4 of 8
Post new topic   Reply to topic    DD-WRT Forum Index -> Atheros WiSOC based Hardware All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum