Access restrictions don't work on different subnet (VAP)

Post new topic   Reply to topic    DD-WRT Forum Forum Index -> Marvell MVEBU based Hardware (WRT1900AC etc.)
Author Message
charmander
DD-WRT User


Joined: 22 Jun 2013
Posts: 81

PostPosted: Sun Jul 10, 2016 0:46    Post subject: Access restrictions don't work on different subnet (VAP) Reply with quote
DD-WRT v3.0-r29825M kongmv (06/04/16)

Greetings,

I am trying to apply access restrictions to a different subnet (192.168.2.x). This subnet is setup as a VAP that is fully functional. I have tried the same restrictions on the 192.168.1.x range and they work fine. It seems that the restrictions cannot see the other range. The GUI only has filter entries for 192.168.1.x.

Is there any way to do this?

Any help is appreciated.
Sponsor
charmander
DD-WRT User


Joined: 22 Jun 2013
Posts: 81

PostPosted: Tue Jul 12, 2016 17:11    Post subject: Reply with quote
Really?

No one??
zakaron
DD-WRT User


Joined: 03 Jun 2016
Posts: 90

PostPosted: Tue Jul 12, 2016 20:56    Post subject: Reply with quote
Could you do a custom IP Tables rule to accommodate what you are needing to accomplish? I have not tried it personally, but an allow all rule for weekedays (mon-fri) between 8am-5pm could look something like:

$IPTABLES -A INPUT -s 192.168.2.0/24 -m state --state NEW -m time --timestart 08:00 --timestop 17:00 --days Mon,Tue,Wed,Thu,Fri -j ACCEPT
$IPTABLES -A OUTPUT -s 192.168.2.0/24 -m state --state NEW -m time --timestart 08:00 --timestop 17:00 --days Mon,Tue,Wed,Thu,Fri -j ACCEPT
$IPTABLES -A FORWARD -s 192.168.2.0/24 -m state --state NEW -m time --timestart 08:00 --timestop 17:00 --days Mon,Tue,Wed,Thu,Fri -j ACCEPT

This way you can specify any network you need. Not sure, but it sounds like the GUI is tied to the same network as it's on.
charmander
DD-WRT User


Joined: 22 Jun 2013
Posts: 81

PostPosted: Wed Jul 13, 2016 22:29    Post subject: Reply with quote
Unfortunately, I don't think the Busybox version of iptables supports --timestart --timestop, or state commands.
zakaron
DD-WRT User


Joined: 03 Jun 2016
Posts: 90

PostPosted: Thu Jul 14, 2016 16:04    Post subject: Reply with quote
Sorry, I didn't think to check compatibility before responding Sad
charmander
DD-WRT User


Joined: 22 Jun 2013
Posts: 81

PostPosted: Mon Jul 18, 2016 1:53    Post subject: Reply with quote
Anyone??
DeltaNu1142
DD-WRT Novice


Joined: 12 May 2014
Posts: 10

PostPosted: Thu Jul 28, 2016 23:23    Post subject: Reply with quote
Thanks with the help on my other thread. I was able to make a little headway using the instructions here... however, I can still access the gateway IP. So that doesn't really accomplish what I need it to. "Net Isolation" doesn't do what it purports.
Per Yngve Berg
DD-WRT Guru


Joined: 13 Aug 2013
Posts: 5703
Location: Akershus, Norway

PostPosted: Fri Jul 29, 2016 11:39    Post subject: Reply with quote
DeltaNu1142 wrote:
"Net Isolation" doesn't do what it purports.


It prevents two wireless clients from talking to each other.
DeltaNu1142
DD-WRT Novice


Joined: 12 May 2014
Posts: 10

PostPosted: Fri Jul 29, 2016 19:41    Post subject: Reply with quote
Per Yngve Berg wrote:
DeltaNu1142 wrote:
"Net Isolation" doesn't do what it purports.

It prevents two wireless clients from talking to each other.

I was under the impression that's what AP isolation did:
link to thread
Either way... I want clients on the guest VAP to be isolated from each other and from the admin page of the router. Right now, from the guest VAP I can access both 10.0.0.1 (WAN IP) and 10.0.1.1 (VAP IP)... they direct to the same page.
Display posts from previous:    Page 1 of 1
Post new topic   Reply to topic    DD-WRT Forum Forum Index -> Marvell MVEBU based Hardware (WRT1900AC etc.) All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum