Guest wifi with local web access only

Post new topic   Reply to topic    DD-WRT Forum Index -> Advanced Networking
Author Message
KnightsGoNidd
DD-WRT Novice


Joined: 25 Aug 2019
Posts: 4

PostPosted: Sun Aug 25, 2019 16:50    Post subject: Guest wifi with local web access only Reply with quote
I have the following:
Router Model: Linksys WRT1900ACS
Firmware Version: DD-WRT v3.0-r40559 std (08/06/19)
Kernel Version: Linux 4.9.187 #1207 SMP Tue Aug 6 05:17:29 CEST 2019 armv7l

I have set up a guest WLAN with its own HTTP range (192.168.2.x). This works fine

I have set up a small website in the router using lighttpd. This also works fine.

At the moment, the guest WLAN has full WAN access, but I wish to prevent this, allowing it access only to the router website (though it will need DNS access as the router website name requires a lookup).

As a starting point, I tried using Access Restrictions to block interface ath1.1 from WAN access, but this seems to have no effect at all.

I suspect I will need some custom iptables commands, but am very much a newbie in this area. Any suggestions, please?
Sponsor
student13
DD-WRT User


Joined: 17 Nov 2016
Posts: 95

PostPosted: Mon Sep 02, 2019 3:42    Post subject: Reply with quote
suppose you want to block ip address 192.168.1.110 from teh internet you could do this


iptables -I FORWARD -s 192.168.1.110 -o `get_wanface` -m state --state NEW -j REJECT




I AM NOT SURE IF THIS SYNTAX WORKS BUT, if you want to block multiples internal adresses you can TRY this :


iptables -I FORWARD -s 192.168.1.1-xx -o `get_wanface` -m state --state NEW -j REJECT
egc
DD-WRT Guru


Joined: 18 Mar 2014
Posts: 12834
Location: Netherlands

PostPosted: Mon Sep 02, 2019 8:20    Post subject: Reply with quote
Try:
Code:
iptables -I FORWARD -s 192.168.2.0/24 -o $(nvram get wan_iface) -m state --state NEW -j REJECT

_________________
Routers:Netgear R7000, R6400v1, R6400v2, EA6900 (XvortexCFE), E2000, E1200v1, WRT54GS v1.
Install guide R6400v2, R6700v3,XR300:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
Install guide R7800/XR500: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
Forum Guide Lines (important read):https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087
student13
DD-WRT User


Joined: 17 Nov 2016
Posts: 95

PostPosted: Mon Sep 02, 2019 13:40    Post subject: Reply with quote
$(nvram get wan_iface)

versus


`get_wanface`


What's the difference ? I know that `get_wanface` works on a linksys Wrt1900ac , because I have used this exact piece of
of code ?
egc
DD-WRT Guru


Joined: 18 Mar 2014
Posts: 12834
Location: Netherlands

PostPosted: Mon Sep 02, 2019 17:31    Post subject: Reply with quote
student13 wrote:
$(nvram get wan_iface)

versus


`get_wanface`


What's the difference ? I know that `get_wanface` works on a linksys Wrt1900ac , because I have used this exact piece of
of code ?


With most routers it amounts to the same

_________________
Routers:Netgear R7000, R6400v1, R6400v2, EA6900 (XvortexCFE), E2000, E1200v1, WRT54GS v1.
Install guide R6400v2, R6700v3,XR300:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
Install guide R7800/XR500: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
Forum Guide Lines (important read):https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087
KnightsGoNidd
DD-WRT Novice


Joined: 25 Aug 2019
Posts: 4

PostPosted: Sun Sep 08, 2019 12:37    Post subject: iptables Reply with quote
Many thanks for the replies here. I now have something that works, but there is a new problem (in a new post) whereby the commands are vanishing all by themselves!
https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=321208
SurprisedItWorks
DD-WRT Guru


Joined: 04 Aug 2018
Posts: 1444
Location: Appalachian mountains, USA

PostPosted: Sun Sep 08, 2019 14:11    Post subject: Reply with quote
student13 wrote:
$(nvram get wan_iface) versus `get_wanface`

What's the difference ? I know that `get_wanface` works on a linksys Wrt1900ac, because I have used this exact piece of
of code ?

I had exactly the same question a couple of months ago and finally did the googling. Turns out that in the bash world (and our router shell is modeled on bash) the ` ` version is the old way and $( ) is the new way, and though they are both supported and have the same functionality, the $( ) way is now considered best practice. I think the change to the new notation was made because visually it can be tricky in some fonts to spot that ` ` is not ' ', and the function is so different that this can be a problem when reading code.

_________________
2x Netgear XR500 and 3x Linksys WRT1900ACSv2 on 53544: VLANs, VAPs, NAS, station mode, OpenVPN client (AirVPN), wireguard server (AirVPN port forward) and clients (AzireVPN, AirVPN, private), 3 DNSCrypt providers via VPN.
kapparecall
DD-WRT Novice


Joined: 04 Sep 2019
Posts: 2

PostPosted: Fri Sep 13, 2019 5:08    Post subject: Reply with quote
I am having the same problem. If you find a solution do mention it here.
Display posts from previous:    Page 1 of 1
Post new topic   Reply to topic    DD-WRT Forum Index -> Advanced Networking All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum