Isolated subnet able to access router settings

Post new topic   Reply to topic    DD-WRT Forum Index -> Broadcom SoC based Hardware
Author Message
Woundup
DD-WRT Novice


Joined: 18 May 2021
Posts: 1

PostPosted: Tue May 18, 2021 22:08    Post subject: Isolated subnet able to access router settings Reply with quote
Hello all,
I hope that Im posting this in the correct place.
First off let me say thank you for any help. Im new to dd-wrt and home networking in general so please forgive me for any stupid questions and/or terminology.

Router: Netgear R6700v3
Build: r46604

I would like to set this up as my main home router to replace the current one Im using.
Right now I do not have it connected to my WAN as I would like to get everything set up on it before swapping routers.

What I am attempting to do is create a main private network, a vlan+wifi for IoT devices, and a guest wifi.

Ive followed a few guides and tried multiple methods, each time factory resetting the router, and every time I keep getting stuck at trying to isolate the IoT subnet. Im always able to 192.168.1.1 from a device connected to the IoT subnet. I've been able to set up the new vlan with a dhcp and the devices are being assigned appropriate IPs for the subnet theyre attached to and have gotten it so that the devices on my IoT cannot communicate with the private network devices but it can still access 192.168.1.1 and thus my router settings.

What Ive tried:
I started off by following this guide because it was essentially exactly how I want my network set up.
https://www.youtube.com/watch?v=0ds4o2RxHAc
With this they use these firewall commands to isolate the bridges and everything seemed to be working properly on my network but, like I said, when I use a device on the iot it can still connect to 192.168.1.1.

# block anything that falls through (just a precaution)
iptables -I FORWARD -i br+ -o br+ -j DROP
# deny iot network access to any other networks
iptables -I FORWARD -i br1 -o br+ -j DROP
# allow private network access to any other networks
iptables -I FORWARD -i br0 -o br+ -j ACCEPT
# push RELATED/ESTABLISHED rule back to top of chain
iptables -D FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -I FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT

I know that in that video he's using a Linksys and Im using a netgear with a broadcom chipset so Ive searched the forums for firewall (iptables) differeces and attempted multiple changes but none have worked.

I also tried this method from the dd-wrt wiki for making a guest network and everything worked but then again the guest network was still able to access 192.168.1.1.
https://wiki.dd-wrt.com/wiki/index.php/Guest_WiFi_%2B_abuse_control_for_beginners

Ive tried other things like changing the the firewall rules that I used in the first guide so they were directed to a specific vlan and not a bridge but with the same results.

Im not sure if there is something that Im missing or if these methods dont work for my router/build but Im a bit stuck at the moment.

Im sorry for the long post. I just wanted to be clear in what Ive tried so far.

Best,
W
Sponsor
Display posts from previous:    Page 1 of 1
Post new topic   Reply to topic    DD-WRT Forum Index -> Broadcom SoC based Hardware All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum