It very well on a D-Link DIR-865L running Tomato unfortunately the router died recently so now I have a Netgear R6250 with DD-WRT (latest version) to replace it.
My main router IP is 192.168.0.1, IP range is 192.168.0.10 to 192.168.0.254 (it is a bell home hub 3000 router, very restricted, very poor and basic functions on it)
My DD-WRT access point/router IP is 192.168.0.2/24, WAN Connection Type and DHCP Server are disabled, WAN port is assigned to VLAN1 so it is a fifth lan port but it is unused, VLAN2 is where the WAN port is checked it is unused, VLAN3 is where lan ports 1 and 2 are checked it is my Guest network bridged to BR1, VLAN1 is where lan ports 3 and 4 are checked it is my main network bridged to BR0, nothing in VLAN0 it is unused, WL0 and WL1 are bridged to BR0, WL0.1 and WL1.1 are bridged to BR1... My pc is connected to lan port 4 and the main router to lan port 3 just like an access point. Tell me if something is missing.
iptables -I FORWARD -i wl0.1 -d `nvram get lan_ipaddr`/`nvram get lan_netmask` -m state --state NEW -j REJECT
iptables -t nat -I POSTROUTING -o br0 -j SNAT --to `nvram get lan_ipaddr`
It did nothing then I added this in Additional Dnsmasq Options:
interface=br1
dhcp-option=br1,3,192.168.1.1
dhcp-range=br1,192.168.1.10,192.168.1.254,255.255.255.0,24h
But still nothing, no internet access in guest network.
First I also tried the same Firewall rules as for the tomato access point but it failed as well:
iptables -I FORWARD -i br1 -m state --state NEW -j ACCEPT
iptables -t nat -I POSTROUTING -o br0 -j SNAT --to `nvram get lan_ipaddr`
iptables -I FORWARD -i br1 -m iprange --dst-range 192.168.0.3-192.168.0.250 -j REJECT
iptables -I INPUT -i br0 -p tcp --dport 67:68 --sport 67:68 -j REJECT
iptables -I INPUT -i br0 -p udp --dport 67:68 --sport 67:68 -j REJECT
I think at this point I need to find the right firewall rules or something like this...
Joined: 08 May 2018 Posts: 14249 Location: Texas, USA
Posted: Thu Jul 15, 2021 12:22 Post subject:
Did you set up "multiple dhcp" in networking tab for br1? If you're setting the R6250 up as a WAP with guest wi-fi, most everything you should need to do is in the webUI. Are you sure you're not supposed to be specifying the upstream router as gateway? _________________ "Life is but a fleeting moment, a vapor that vanishes quickly; All is vanity"
Contribute To DD-WRT Pogo - A minimal level of ability is expected and needed... DD-WRT Releases 2023 (PolitePol)
DD-WRT Releases 2023 (RSS Everything)
----------------------
Linux User #377467 counter.li.org / linuxcounter.net
I rebooted the router and tried to ping many things but nothing happens.
Under multiple dhcp I re-added br0 and disabled dhcp on it then I noticed that the ip address of br1 was 0.0.0.0/24 it seemed weird to me so I specified 192.168.1.1/24 under br1 network interface and now it says 192.168.1.1/24 instead of 0.0.0.0/24 so now it makes more sense but still no internet access on br1.
Im not sure what this means and how I can do this?:
"Are you sure you're not supposed to be specifying the upstream router as gateway?"
What is the difference between these two firewall rules:
I also noticed something when I connect my pc via lan port 1 or 2 (br1 guest network) my pc doesn't automatically get an IP address in the 192.168.1.10/24 range so it seems like the DHCP server on br1 it not working for some reasons I dont know so I just used a static ip address 192.168.1.17 to ping things but still nothing.
Joined: 08 May 2018 Posts: 14249 Location: Texas, USA
Posted: Thu Jul 15, 2021 19:02 Post subject:
You don't need br0 under multiple dhcp servers. It is the default listening interface, and you have the dhcp server disabled on the main setup tab. You are being redundant. All you should have to add is br1 with the proper information. And I was asking if option 3 under additional dhcp options should be the same address as your gateway specified on the main setup tab... and why are we worried about br0 in the firewall rules and not br1? _________________ "Life is but a fleeting moment, a vapor that vanishes quickly; All is vanity"
Contribute To DD-WRT Pogo - A minimal level of ability is expected and needed... DD-WRT Releases 2023 (PolitePol)
DD-WRT Releases 2023 (RSS Everything)
----------------------
Linux User #377467 counter.li.org / linuxcounter.net
Thank you you're right I removed br0 from Multiple DHCP Server only br1 is left.
br1 must have internet and be isolated from br0 because I connect untrusted computers on br1 these are often full of malwares and viruses of all kinds and I dont my computers on br0 being infected by those. Also my printers on br0 will automatically install on any connected computers since they can detect my devices on my main network unless I disable it in windows 10 everytime... I set this up as an access point cause I want all my computers to be on the same netwok, same subnet, same ssids etc... cause I use tightvnc vncviewer and many windows smb shares on several computers I sync with freefilesync accross the same network.
It worked because on an old unsupported router running an old version of tomato by shibby 1.28 so im pretty it can work on it too somehow.
sorry but "option 3 under additional dhcp options" in which tab? In Service tab then under DHCP Server is Additional DHCPd Options or Forced DNS Redirection under Network Configuration br1 in the Networking tab?
I gave up on DD-WRT for now and switched back to Tomato by shibby and it works again just like on my old router. The latest build is from 2017 but it works!
That's unfortunate I had much higher expectations with DD-WRT but I hope someday I will find a guide like this one but for DD-WRT:
Joined: 08 May 2018 Posts: 14249 Location: Texas, USA
Posted: Fri Jul 16, 2021 13:44 Post subject:
Additional DNSMasq options where you input option 3 on the Services tab... you cannot even follow your own steps. If you're going to tap out, at least use FreshTomato since it's still being developed. Sorry if the DD-WRT webUI and configuration process is not intuitive to you (or 100% identical to Tomato).
Quote:
It did nothing then I added this in Additional Dnsmasq Options:
interface=br1
dhcp-option=br1,3,192.168.1.1
dhcp-range=br1,192.168.1.10,192.168.1.254,255.255.255.0,24h
Please dont take it too personnal I know DD-WRT is the best router Firmware out there but I just expected it to work out of the box as easily as Tomato. It didn't work on FreshTomato as well for some reasons even if it is very similar, FreshTomato still use the same old linux kernel and probably all the same old security patches than Tomato so there is no use switching to FreshTomato instead.
I dont even know how DNSMasq works at all I just copied the lines I found in a guide then switched the ip addresses for my own ip addresses.
How do you think my Additional Dnsmasq Options should look like at this point knowing that my guest network is br1 192.168.1.1/24, my main network is br0 192.168.0.1/24, the IP address of my DD-WRT AP is 192.168.0.2 and it is connected via lan to my main router 192..168.0.1 which provides internet etc.?
So you think I should replace 192.168.1.1 by 192.168.0.1 (uplink bell home hub 3000 router) at option 3?
There is so many easy step by step guides and videos on how to setup guest network on a DD-WRT router working as a main router with DHCP enabled but basically none for DD-WRT routers working as an access point with dhcp disabled. So with all you knowledge could you make one please? Cause I just browsed the website and I'm definetly not alone with this issue. I think it may help a lot of people actually. If you find one like this one but for DD-WRT please let me know:
https://zedt.eu/tech/hardware/setting-up-guest-wireless-access-on-tomato/
You should've been able to do things fairly straightforward according to the wiki. I may find the mood and time to take one of my Broadcom routers out of service and look into this. We try to maintain the wikis with correct information as best we can. _________________ "Life is but a fleeting moment, a vapor that vanishes quickly; All is vanity"
Contribute To DD-WRT Pogo - A minimal level of ability is expected and needed... DD-WRT Releases 2023 (PolitePol)
DD-WRT Releases 2023 (RSS Everything)
----------------------
Linux User #377467 counter.li.org / linuxcounter.net
Im so close now I got a different result than my last attempts, the guest network's dhcp works! When I connect my pc via a guest lan port 1 or 2 my PC automatically get an IP address in the guest network's subnet! But still no internet.
When I check all my settings in the access point everyting seems fine makes sense I really dont know what is missing at this point.
However I noticed something when my pc is connected to the guest network I that see gateway and dns are 192.168.2.1 so how it is supposed to get internet if gateway and dns are not 192.168.1.1 (my main router ip address).
*Yes I just changed all my ip addresses so everything is the same as in the links.
Joined: 08 May 2018 Posts: 14249 Location: Texas, USA
Posted: Sat Jul 17, 2021 14:41 Post subject:
DNSMasq by default hands out the router's IP address as dns and gateway; this is known behavior. There is a wiki on using dnsmasq as dhcp server, but there is some old information in there that no longer applies. _________________ "Life is but a fleeting moment, a vapor that vanishes quickly; All is vanity"
Contribute To DD-WRT Pogo - A minimal level of ability is expected and needed... DD-WRT Releases 2023 (PolitePol)
DD-WRT Releases 2023 (RSS Everything)
----------------------
Linux User #377467 counter.li.org / linuxcounter.net