DDWRT guest network

Post new topic   Reply to topic    DD-WRT Forum Index -> Broadcom SoC based Hardware
Goto page Previous  1, 2, 3
Author Message
mrjcd
DD-WRT Guru


Joined: 31 Jan 2015
Posts: 6268
Location: Texas

PostPosted: Tue Nov 16, 2021 15:09    Post subject: Reply with quote
egc,
The 'Masquerade / NAT' option is NOT available in Unbridged VAP if unit is in router mode as is in gateway mode...not that it really makes a nevermind. I tried all ways yesterday with NO worky.

NOTE: the Multiple/DHCP Server on networking page did work now ok but still could never get internet.

I'll try afterlater with the E1200v2 & E2500 to see what happens Razz
Sponsor
kernel-panic69
DD-WRT Guru


Joined: 08 May 2018
Posts: 14126
Location: Texas, USA

PostPosted: Tue Nov 16, 2021 16:54    Post subject: Reply with quote
This is probably one of those "must do steps in correct order" situations so that when you switch to router mode, it works... or don't bother switching to router mode?
_________________
"Life is but a fleeting moment, a vapor that vanishes quickly; All is vanity"
Contribute To DD-WRT
Pogo - A minimal level of ability is expected and needed...
DD-WRT Releases 2023 (PolitePol)
DD-WRT Releases 2023 (RSS Everything)

----------------------
Linux User #377467 counter.li.org / linuxcounter.net
egc
DD-WRT Guru


Joined: 18 Mar 2014
Posts: 12837
Location: Netherlands

PostPosted: Tue Nov 16, 2021 17:02    Post subject: Reply with quote
Or maybe it is very router model dependant, but strange it is.

I can imagine for Arm models you need the VAP workaround but for MIPS it seems to work out of the box at least for my router Smile

_________________
Routers:Netgear R7000, R6400v1, R6400v2, EA6900 (XvortexCFE), E2000, E1200v1, WRT54GS v1.
Install guide R6400v2, R6700v3,XR300:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
Install guide R7800/XR500: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
Forum Guide Lines (important read):https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087
mrjcd
DD-WRT Guru


Joined: 31 Jan 2015
Posts: 6268
Location: Texas

PostPosted: Tue Nov 16, 2021 19:32    Post subject: Reply with quote
Linksys E1200 v2
DD-WRT v3.0-r47644 mega (11/15/21)
Linux 4.4.292 #12548 Mon Nov 15 07:38:15 +07 2021 mips
'dd-wrt.v24-47644_NEWD-2_K3.x_mega-nv64k.bin'
worky just fine --









silly 'wirelees packet info' shows 0 but I done speedtest & other browsing


#

When I used the ASUS as WAP w/isolated guest net it worky ok
https://forum.dd-wrt.com/phpBB2/viewtopic.php?p=1245994#1245994

r47474 when the RTN12-D1 went to shit in its current setup
https://forum.dd-wrt.com/phpBB2/viewtopic.php?p=1246277#1246277
egc
DD-WRT Guru


Joined: 18 Mar 2014
Posts: 12837
Location: Netherlands

PostPosted: Wed Nov 17, 2021 11:34    Post subject: Reply with quote
One thing which could play a role might be the use of SFE/CTF/FA (SFE should be good)

So if not working try without any of those, just a thought Smile

_________________
Routers:Netgear R7000, R6400v1, R6400v2, EA6900 (XvortexCFE), E2000, E1200v1, WRT54GS v1.
Install guide R6400v2, R6700v3,XR300:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
Install guide R7800/XR500: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
Forum Guide Lines (important read):https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087
mafkikker
DD-WRT Novice


Joined: 08 Nov 2021
Posts: 12

PostPosted: Sat Nov 20, 2021 10:00    Post subject: Reply with quote
mrjcd wrote:
Linksys E1200 v2
DD-WRT v3.0-r47644 mega (11/15/21)
Linux 4.4.292 #12548 Mon Nov 15 07:38:15 +07 2021 mips
'dd-wrt.v24-47644_NEWD-2_K3.x_mega-nv64k.bin'
worky just fine --









silly 'wirelees packet info' shows 0 but I done speedtest & other browsing


#

When I used the ASUS as WAP w/isolated guest net it worky ok
https://forum.dd-wrt.com/phpBB2/viewtopic.php?p=1245994#1245994

r47474 when the RTN12-D1 went to shit in its current setup
https://forum.dd-wrt.com/phpBB2/viewtopic.php?p=1246277#1246277


Gave it another try today and applied the settins above... and YES I can connect to the guest network now !
Thanks for the good instructions.

Is the setting for the firewall "iptables -t nat -I POSTROUTING -o br0 -j SNAT --to 'nvram get lan_ipaddr' secure enough so that guests connected to the VAP cannot see or access my private network ?

And how do I set QOS so that the VAP gets less bandwith (download speed) than my private network ?
egc
DD-WRT Guru


Joined: 18 Mar 2014
Posts: 12837
Location: Netherlands

PostPosted: Sat Nov 20, 2021 10:16    Post subject: Reply with quote
I do not recommend to use back ticks.
There are many ticks which are indiscernible and cause confusion use $() i.e.:
Quote:
iptables -t nat -I POSTROUTING -o br0 -j SNAT --to $(nvram get lan_ipaddr)


To answer your question, no this has nothing to do with keeping guests of your regular network

See my earlier posts with links to how to setup a VAP on a WAP and the necessary firewall rules to isolate that as the GUI option "Net isolation" does not work on a WAP

Heck probably nobody seems to read that seeing we have all these threads claiming it is not working Sad

Here the text, of course substitute wl0.1 with your own VAP:
Quote:
VAP on WAP
If you place the unbridged VAP on a wireless access point (a secondary router with a disabled WAN, no DHCP and on the same subnet as a the primary router) then you have to add the following rule to the firewall in order to get internet access from the VAP.
In the web-interface of the router: Administration/Commands save Firewall:
iptables -t nat -I POSTROUTING -o br0 -j SNAT --to $(nvram get lan_ipaddr)

Net Isolation does not work on a WAP so just keep it disabled and add the following line to the firewall:
iptables -I FORWARD -i wl0.1 -d $(nvram get lan_ipaddr)/$(nvram get lan_netmask) -m state --state NEW -j REJECT

For isolating the WAP itself from the guest network:
iptables -I INPUT -i wl0.1 -m state --state NEW -j REJECT
iptables -I INPUT -i wl0.1 -p udp -m multiport --dports 53,67 -j ACCEPT
(note: not all firmwares have the multiport directive)

_________________
Routers:Netgear R7000, R6400v1, R6400v2, EA6900 (XvortexCFE), E2000, E1200v1, WRT54GS v1.
Install guide R6400v2, R6700v3,XR300:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
Install guide R7800/XR500: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
Forum Guide Lines (important read):https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087
mafkikker
DD-WRT Novice


Joined: 08 Nov 2021
Posts: 12

PostPosted: Mon Nov 22, 2021 8:31    Post subject: Reply with quote
Thanks ! I now have a working guest VAP.
Goto page Previous  1, 2, 3 Display posts from previous:    Page 3 of 3
Post new topic   Reply to topic    DD-WRT Forum Index -> Broadcom SoC based Hardware All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum