Guest network has no internet access

Post new topic   Reply to topic    DD-WRT Forum Index -> Advanced Networking
Goto page Previous  1, 2, 3
View previous topic :: View next topic  
Author Message
kernel-panic69
DD-WRT Guru


Joined: 08 May 2018
Posts: 14221
Location: Texas, USA
PostPosted: Tue Feb 11, 2020 23:47    Post subject: Reply with quote
I'd claim the wiki is outdated, but: "This page was last modified 08:41, 17 January 2020"... still doesn't mean it works across the board. Which particular build are you using, again? I didn't see anything that jumped out at me. Be specific, because if the 30..... number was the build number, then you should probably upgrade to a more recent version.
_________________
"Life is but a fleeting moment, a vapor that vanishes quickly; All is vanity"
Contribute To DD-WRT
Pogo - A minimal level of ability is expected and needed...
DD-WRT Releases 2023 (PolitePol)
DD-WRT Releases 2023 (RSS Everything)
----------------------
Linux User #377467 counter.li.org / linuxcounter.net
Back to top View user's profile Send private message Visit poster's website
Sponsor
Furball Zen
DD-WRT Novice


Joined: 18 Dec 2009
Posts: 23
PostPosted: Wed Feb 12, 2020 4:37    Post subject: Reply with quote
kernel-panic69 wrote:
I'd claim the wiki is outdated, but: "This page was last modified 08:41, 17 January 2020"... still doesn't mean it works across the board. Which particular build are you using, again? I didn't see anything that jumped out at me. Be specific, because if the 30..... number was the build number, then you should probably upgrade to a more recent version.


DD-WRT v3.0-r36698 std (08/22/18)

Cannot ping router from guest network.

This is my first time to need a guest network, i trust my roommate but not people she may have over and want my networked data secured from them.
Back to top View user's profile Send private message
kernel-panic69
DD-WRT Guru


Joined: 08 May 2018
Posts: 14221
Location: Texas, USA
PostPosted: Wed Feb 12, 2020 6:41    Post subject: Reply with quote
You might want to consider updating...

https://download1.dd-wrt.com/dd-wrtv2/downloads/betas/

There are known issues with some builds, do some research in the build threads.

https://forum.dd-wrt.com/phpBB2/viewforum.php?f=58
_________________
"Life is but a fleeting moment, a vapor that vanishes quickly; All is vanity"
Contribute To DD-WRT
Pogo - A minimal level of ability is expected and needed...
DD-WRT Releases 2023 (PolitePol)
DD-WRT Releases 2023 (RSS Everything)
----------------------
Linux User #377467 counter.li.org / linuxcounter.net
Back to top View user's profile Send private message Visit poster's website
Wildlion
DD-WRT Guru


Joined: 24 May 2016
Posts: 1415
PostPosted: Thu Feb 13, 2020 0:10    Post subject: Reply with quote
Correct me if I am wrong, but it sounds like you are getting an ip address on the guest network.

So let us see if it is DNS settings or not, if you ping an ip address say 8.8.8.8, does it reply? If you ping google.com does it reply?

Next question is where did you stop on the article or did you do it all such as the bandwidth limiting and so on.
Back to top View user's profile Send private message
Furball Zen
DD-WRT Novice


Joined: 18 Dec 2009
Posts: 23
PostPosted: Sat Feb 15, 2020 16:29    Post subject: Reply with quote
kernel-panic69 wrote:
You might want to consider updating...

https://download1.dd-wrt.com/dd-wrtv2/downloads/betas/

There are known issues with some builds, do some research in the build threads.

https://forum.dd-wrt.com/phpBB2/viewforum.php?f=58


Can it be updated without wiping all the settings? I have a lot of port forwards and such.

Wildlion wrote:

Correct me if I am wrong, but it sounds like you are getting an ip address on the guest network.

So let us see if it is DNS settings or not, if you ping an ip address say 8.8.8.8, does it reply? If you ping google.com does it reply?

Next question is where did you stop on the article or did you do it all such as the bandwidth limiting and so on.

I stopped at the bandwidth settings, didnt figure there would be enough use for that to happen.
Dont get a usable IP (169.254) and cant ping anything.
Back to top View user's profile Send private message
Wildlion
DD-WRT Guru


Joined: 24 May 2016
Posts: 1415
PostPosted: Sat Feb 15, 2020 17:30    Post subject: Reply with quote
Yes you can upgrade without resetting settings.

so it sounds like you do not have the second dhcp server setup correctly.

these are some older directions but i was looking for something with screenshots for each step for you:

https://www.alexlaird.com/2013/03/dd-wrt-guest-wireless/

can you try this?
Back to top View user's profile Send private message
bushant
DD-WRT Guru


Joined: 18 Nov 2015
Posts: 2036
PostPosted: Sat Feb 15, 2020 18:07    Post subject: Reply with quote
Kong's Guest Wifi Setup DD-WRT on page 6 here.
Pretty short and sweet.
Back to top View user's profile Send private message
pakamon1
DD-WRT Novice


Joined: 30 Oct 2020
Posts: 21
PostPosted: Sun Oct 30, 2022 20:28    Post subject: Reply with quote
mrjcd wrote:
Since it's a gateway ...

use these 'Save as Firewall' …
Code:
iptables -t nat -I POSTROUTING -o `get_wanface` -j SNAT --to `nvram get wan_ipaddr`
iptables -I FORWARD -i br1 -m state --state NEW -j ACCEPT
iptables -I FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clampmsstopmtu
iptables -I FORWARD -i br1 -o br0 -m state --state NEW -j DROP
iptables -I INPUT -i br1 -p tcp --dport telnet -j REJECT --reject-with tcp-reset
iptables -I INPUT -i br1 -p tcp --dport ssh -j REJECT --reject-with tcp-reset
iptables -I INPUT -i br1 -p tcp --dport www -j REJECT --reject-with tcp-reset
iptables -I INPUT -i br1 -p tcp --dport https -j REJECT --reject-with tcp-reset

If that works you can add whatever else till it breaks.
This should allow br1 to internet and block br1 from anything else including this device.


Exclamation Thank you #mrjcd for sharing this Very Happy
I was trying most recent YT guides, old forums etc. but I couldn't find anything that just worked. I had exactly the same scenario (no internet on guest WLANs only while using Gateway).

Great work Guru's Wink
Back to top View user's profile Send private message
mrjcd
DD-WRT Guru


Joined: 31 Jan 2015
Posts: 6290
Location: Texas
PostPosted: Sun Oct 30, 2022 20:47    Post subject: Reply with quote
pakamon1 wrote:

Exclamation Thank you #mrjcd for sharing this Very Happy

glad it worked for you ...it's old old way of doing things but if it still works that's great.
Thinking others may have better/easier way mostly all GUI stuff these days without all that input firewall mess ... I dunno -- I still do most all my stuff the old way Twisted Evil
Back to top View user's profile Send private message
pakamon1
DD-WRT Novice


Joined: 30 Oct 2020
Posts: 21
PostPosted: Sun Oct 30, 2022 20:50    Post subject: Reply with quote
mrjcd wrote:
pakamon1 wrote:

Exclamation Thank you #mrjcd for sharing this Very Happy

glad it worked for you ...it's old old way of doing things but if it still works that's great.
Thinking others may have better/easier way mostly all GUI stuff these days without all that input firewall mess ... I dunno -- I still do most all my stuff the old way Twisted Evil


You caught my attention sir ... Idea
I guess there is no alternative for dd-wrt except iptables right?
Back to top View user's profile Send private message
egc
DD-WRT Guru


Joined: 18 Mar 2014
Posts: 12887
Location: Netherlands
PostPosted: Mon Oct 31, 2022 7:52    Post subject: Reply with quote
Recent builds (latest is 50671) can setup a Virtual Access Point (VAP aka guest network) with the GUI, see how I do it in my attached notes Smile
_________________
Routers:Netgear R7000, R6400v1, R6400v2, EA6900 (XvortexCFE), E2000, E1200v1, WRT54GS v1.
Install guide R6400v2, R6700v3,XR300:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
Install guide R7800/XR500: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
Forum Guide Lines (important read):https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087
Back to top View user's profile Send private message
pakamon1
DD-WRT Novice


Joined: 30 Oct 2020
Posts: 21
PostPosted: Mon Oct 31, 2022 16:21    Post subject: Reply with quote
egc wrote:
Recent builds (latest is 50671) can setup a Virtual Access Point (VAP aka guest network) with the GUI, see how I do it in my attached notes Smile


Very useful doc indeed although I do have only TP-link 1043nd v2 which is not great hardware. I'm using it though with three VLANs and no WiFi (which is offloaded to Unify AC Lite via vlan). So for now its more then enough for me.

Thanks!
Back to top View user's profile Send private message
S0und
DD-WRT Novice


Joined: 25 Aug 2023
Posts: 1
PostPosted: Fri Aug 25, 2023 22:13    Post subject: Reply with quote
Context:

DD-WRT v3.0-r53396 giga (08/21/23)
ASUS RT-AC66U

I've followed this tutorial: https://forum.dd-wrt.com/wiki/index.php/Guest_WiFi_%2B_abuse_control_for_beginners

Everything worked except I had no internet on the Guest network. What helped these commands:

Code:
iptables -I FORWARD -i wl0.1 -d `nvram get lan_ipaddr`/`nvram get lan_netmask` -m state --state NEW -j REJECT
iptables -t nat -I POSTROUTING -o br0 -j SNAT --to `nvram get lan_ipaddr`


These are from the "old" Guest network tutorial, the bottom of the page, "VAP with no WAN" section.
https://forum.dd-wrt.com/wiki/index.php/Guest_Network

Make sure wl0.1 matches your VAP interface name.
Back to top View user's profile Send private message
Goto page Previous  1, 2, 3 Display posts from previous:    Page 3 of 3
Post new topic   Reply to topic    DD-WRT Forum Index -> Advanced Networking All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum