Separated (Guest) WiFi network with cascade router (Fonera)

Post new topic   Reply to topic    DD-WRT Forum Index -> Atheros WiSOC based Hardware
Goto page 1, 2  Next
Author Message
PandMonium
DD-WRT Novice


Joined: 29 May 2022
Posts: 7

PostPosted: Sun May 29, 2022 18:04    Post subject: Separated (Guest) WiFi network with cascade router (Fonera) Reply with quote
Hi all,

Long story short, I have a modem/router that provides internet over cable and WiFi (192.168.1.0/24). I would like to provide Internet access to some mobile devices while making them unable to access the main (personal) network.

I have a spare Fonera (2100A running DD-WRT) and thought about connecting it to the main router on a LAN port (LAN <-> WAN) and setup a different network for the Fonera LAN part (192.168.2.0/24). I have followed a few guides and searched for similar issues [1-5] but couldn't get it to work. I was only able to make Fonera work as an AP/repeater on the same subnet.

From what I understand (and tried), I don't need to do much on the main router (ISP one, can't do much there anyway). On the Fonera (running r40750 as recommended here [6]), I've tried using both static configs (e.g., 192.168.1.2 for the fonera, with the correct DNS and gateway) or Automatic Configurations via DHCP for the WAN part. For the LAN part I've defined a different network (e.g., 192.168.2.0/24), activate DHCP on that network and tried different things, from setting the gateway and DNS to the main router (e.g., 192.168.1.1) or to the Fonera (192.168.2.1) and variations of that but it never works.

As soon as I activate that, if I connect to the dd-wrt WiFi (via Fonera), I get configurations via DHCP on the expected network (192.168.2.x/24) but never internet access. I cannot access the DD-WRT admin panel over that to the 192.168.2.1 nor ping it [maybe that's expected], can only access it from the other end, by connecting to the main network and using the IP assigned to the Fonera on the main network and port 8080 - 192.168.1.2:8080.

So, my questions are:
1) Is this configuration doable with this kind of equipment + software?
2) I so, what am I missing? Some NAT/Routing config + IPTables rules?

Thanks a lot!

1 - https://www.mbreviews.com/cascading-routers/
2 - https://www.wikihow.com/Cascade-Routers#Connecting-Ethernet-to-Internet-.28LAN-to-WAN.29
3 - https://forum.dd-wrt.com/phpBB2/viewtopic.php?p=1096036
4 - https://superuser.com/questions/633751/routers-will-not-cascade
5 - https://forums.tomshardware.com/threads/the-ultimate-modem-router-setup-thread.1303081/
6 - https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=321284
Sponsor
egc
DD-WRT Guru


Joined: 18 Mar 2014
Posts: 12837
Location: Netherlands

PostPosted: Sun May 29, 2022 19:32    Post subject: Reply with quote
Connect WAN from fonera to LAN of ISP

Upgrade to a recent build current is 48971

After upgrade hit the reset button.

After reset set new user name and password.

Set Local IP to 192.168.2.1.

Reboot

That should be all that should be necessary to get Internet access.

If it works we deal with the isolation afterwards

_________________
Routers:Netgear R7000, R6400v1, R6400v2, EA6900 (XvortexCFE), E2000, E1200v1, WRT54GS v1.
Install guide R6400v2, R6700v3,XR300:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
Install guide R7800/XR500: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
Forum Guide Lines (important read):https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087
kernel-panic69
DD-WRT Guru


Joined: 08 May 2018
Posts: 14126
Location: Texas, USA

PostPosted: Sun May 29, 2022 22:14    Post subject: Reply with quote
Some further reading that doesn't seem to be included in your list.

https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=329469

https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=325092

Both of those are referenced here:

https://forum.dd-wrt.com/wiki/index.php/Fonera

More wikis:

https://wiki.dd-wrt.com/wiki/index.php/Category:LaFonera_%28en%29

Current release:

https://download1.dd-wrt.com/dd-wrtv2/downloads/betas/2022/05-26-2022-r48971/fonera/

_________________
"Life is but a fleeting moment, a vapor that vanishes quickly; All is vanity"
Contribute To DD-WRT
Pogo - A minimal level of ability is expected and needed...
DD-WRT Releases 2023 (PolitePol)
DD-WRT Releases 2023 (RSS Everything)

----------------------
Linux User #377467 counter.li.org / linuxcounter.net
PandMonium
DD-WRT Novice


Joined: 29 May 2022
Posts: 7

PostPosted: Sun May 29, 2022 22:38    Post subject: Reply with quote
egc wrote:
Connect WAN from fonera to LAN of ISP

Upgrade to a recent build current is 48971

After upgrade hit the reset button.

After reset set new user name and password.

Set Local IP to 192.168.2.1.

Reboot

That should be all that should be necessary to get Internet access.

If it works we deal with the isolation afterwards


Thanks! I've done this, just delayed the first step so I could connect to the admin panel via wifi.

I am able to connect to the WiFi (dd-wrt network) but I'm offered (and accept) an IP on the main network (192.168.1.0/24 + main network configs) by one of the existing DHCP servers there. I am then able to reach the Internet while connected to the dd-wrt but accessing 192.168.2.1 gets me to the admin panel of the main router (similar to 192.168.1.1) - I guess it is just working as a simple AP to the main network. Thus I have no idea how to access the Fonera now.

Any ideas on what I should try next?
On a side-node, flashed the above-mentioned version (latest) and it is working but a funny thing is that the WLAN led never seems to blink now Laughing

kernel-panic69 wrote:

Some further reading that doesn't seem to be included in your list.

https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=329469

https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=325092

Both of those are referenced here:

https://forum.dd-wrt.com/wiki/index.php/Fonera

More wikis:

https://wiki.dd-wrt.com/wiki/index.php/Category:LaFonera_%28en%29

Current release:

https://download1.dd-wrt.com/dd-wrtv2/downloads/betas/2022/05-26-2022-r48971/fonera/

Thanks! Will take a look tomorrow.
kernel-panic69
DD-WRT Guru


Joined: 08 May 2018
Posts: 14126
Location: Texas, USA

PostPosted: Sun May 29, 2022 22:46    Post subject: Reply with quote
The wifi LED will not blink since the current driver doesn't have the code to support it (see links). Does it have the ability to enable and disable the WAN port? I can't recall if these have one or two ethernet ports, but if the firmware is anything like the TL-WA901 devices, you should be able to set the ethernet port (if there is only one) as WAN port; the default is disabled and assigned to the same bridged as the wifi interface, if memory serves.
_________________
"Life is but a fleeting moment, a vapor that vanishes quickly; All is vanity"
Contribute To DD-WRT
Pogo - A minimal level of ability is expected and needed...
DD-WRT Releases 2023 (PolitePol)
DD-WRT Releases 2023 (RSS Everything)

----------------------
Linux User #377467 counter.li.org / linuxcounter.net
PandMonium
DD-WRT Novice


Joined: 29 May 2022
Posts: 7

PostPosted: Mon May 30, 2022 15:29    Post subject: Reply with quote
Yes, the first option under basic setup is precisely the WAN port. By default it is "Disabled" and by using it this way (as suggested by egc) it works as you described I guess - I can connect to the WiFi, get to the internet but I'm on the same subnet, even if I defined the LAN IP of the Fonera as 192.168.2.1/24. I also lose the ability to get to the Fonera admin panel since 192.168.2.1 seems to also open the web admin panel from my main router now (192.168.1.1).

I can setup the WAN interface (this Fonera has a single eth port) with Static or DHCP, I've tried both using the main network credentials but after that the connectivity goes away and I am only able to reach the Fonera by the WAN address over port 8080. If I disconnect the cable then I will get an IP on 192.168.2.0/24 and can access the Fonera over 192.168.2.1.

Attached are the options I get on the Fonera (basic setup).
kernel-panic69
DD-WRT Guru


Joined: 08 May 2018
Posts: 14126
Location: Texas, USA

PostPosted: Mon May 30, 2022 16:32    Post subject: Reply with quote
Did you change the operating mode from "router" to "gateway" on the Setup -> Advanced Routing tab?
_________________
"Life is but a fleeting moment, a vapor that vanishes quickly; All is vanity"
Contribute To DD-WRT
Pogo - A minimal level of ability is expected and needed...
DD-WRT Releases 2023 (PolitePol)
DD-WRT Releases 2023 (RSS Everything)

----------------------
Linux User #377467 counter.li.org / linuxcounter.net
PandMonium
DD-WRT Novice


Joined: 29 May 2022
Posts: 7

PostPosted: Mon May 30, 2022 20:50    Post subject: Reply with quote
Nop, I have it all with default settings (gateway) after reset just like egc requested. Previously I've tried that in a much older build but without much luck.

What do you suggest I should try?
Thanks!
DWCruiser
DD-WRT User


Joined: 15 Aug 2016
Posts: 223
Location: Melbourne, Australia

PostPosted: Mon May 30, 2022 21:40    Post subject: Reply with quote
PandMonium wrote:
...
What do you suggest I should try?


Given that you know DD-WRT and wanting to be in more control of your home network, here is one from left field.

Put your ISP modem/router in bridge mode; connect its LAN port to your own router's WAN port as per egc's advice.

This way, the ISP's device acts as no more than passing the traffic along to your router which in turn does all the functions of a router. You will have total control of your internal network and flows of traffic.

Not sure if your Fonera 2100A would cut the mustard but something like Netgear R7800 running DD-WRT would definitely slice it. Like a knife through butter.

You'll learn a lot by doing that way. And my bet is that you will, down the track, wish you'd done it earlier.

Good luck.

_________________
Life is a journey; travel alone makes it less enjoyable and lonely.
kernel-panic69
DD-WRT Guru


Joined: 08 May 2018
Posts: 14126
Location: Texas, USA

PostPosted: Mon May 30, 2022 21:48    Post subject: Reply with quote
I honestly don't know what you mean by using the main network credentials or the entire scenario, I don't think the firmware image for this device is neutered to the point you can't set it up the way you are intending. Resetting to defaults would set it as a wired AP with WAN disabled in router mode. Only option I can think of is trying a hard reset (nvram erase && reboot via telnet/ssh) and start completely fresh in case there are some leftover nvram variable gremlins that could be wreaking havoc, but not knowing 100% your entire configuration via screenshots, I'm only able to grasp at straws.
_________________
"Life is but a fleeting moment, a vapor that vanishes quickly; All is vanity"
Contribute To DD-WRT
Pogo - A minimal level of ability is expected and needed...
DD-WRT Releases 2023 (PolitePol)
DD-WRT Releases 2023 (RSS Everything)

----------------------
Linux User #377467 counter.li.org / linuxcounter.net
PandMonium
DD-WRT Novice


Joined: 29 May 2022
Posts: 7

PostPosted: Tue May 31, 2022 17:10    Post subject: Reply with quote
Hey all, thanks again for all the feedback.

This is not my home network but a small friend's shop and thus I would prefer not changing a lot in the ISP equipment as I may not be close by to provide support (plus they are normally shit/crippled/locked).

Basically it is a small place with a normal internet connection provided by the ISP. They provide a (Thomson) modem/router to the client and it just works (ethernet/wifi). Recently I discovered that, for some reason, they sometimes give WiFi access to clients/strangers, which obviously makes me sweat. Tried to show how insecure that is by printing things over the network and scanning it. Obviously, having decent equipment (L3 managed switch with VLANs and APs) would be awesome but is not an option at all, so I wondered if at least this old Fonera could be of some use. The ISP equipment does not provide a guest network option, which I doubt isolates much apart from having a different SSID.

In summary, I was wondering if I could provide a different network with the Fonera (dd-wrt) which could go to the outside but not reach other clients in the main router's network (iptables blocking anything to that range except the gateway?).

I will attach also the prints of the dd-wrt configuration menus, which are all default after flashing but indeed could have some issues, could try the nvram erase if you recommend it, kernel-panic69).
PandMonium
DD-WRT Novice


Joined: 29 May 2022
Posts: 7

PostPosted: Tue May 31, 2022 17:12    Post subject: Reply with quote
remaining attachments
the-joker
DD-WRT Developer/Maintainer


Joined: 31 Jul 2021
Posts: 2146
Location: All over YOUR webs

PostPosted: Tue May 31, 2022 18:15    Post subject: Reply with quote
It seems that Im again going back to my trusted unbridged VAP setup with Net/AP isolation and with full internet access setup with an extra DHCP subnet, as a suggestion.

See this reply

Fully isolated from main LAN, and clients connected to it cant ping each other.

Simple setup, 100% UI driven, no complications, works reliably.

_________________
Saving your retinas from the burn!🔥
DD-WRT Inspired themes for routers
DD-WRT Inspired themes for the phpBB Forum
DD-WRT Inspired themes for the SVN Trac & FTP site
Join in for a chat @ #style_it_themes_public:matrix.org or #style_it_themes:discord

DD-WRT UI Themes Bug Reporting and Discussion thread

Router: ANus RT-AC68U E1 (recognized as C1)
kernel-panic69
DD-WRT Guru


Joined: 08 May 2018
Posts: 14126
Location: Texas, USA

PostPosted: Tue May 31, 2022 20:36    Post subject: Reply with quote
This device has only one ethernet port, which can serve as WAN/LAN. Using a VAP here is not required. Wondering if this is a configuration issue or an issue with how this device handles ethernet port as WAN enabled. br0 should only have wlan0 assigned and WAN port should be eth0 when the WAN is enabled in gateway mode. It could be clients overriding the DNS configuration and not connectivity related.
_________________
"Life is but a fleeting moment, a vapor that vanishes quickly; All is vanity"
Contribute To DD-WRT
Pogo - A minimal level of ability is expected and needed...
DD-WRT Releases 2023 (PolitePol)
DD-WRT Releases 2023 (RSS Everything)

----------------------
Linux User #377467 counter.li.org / linuxcounter.net
PandMonium
DD-WRT Novice


Joined: 29 May 2022
Posts: 7

PostPosted: Sat Jun 11, 2022 16:49    Post subject: Reply with quote
Hey again, ended up reverting to r42819 (2020) since the newest versions were slow/unstable (as described here https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=326636&sid=40dc8033571148ce3902b9b00eb2afcd )

the-joker wrote:
It seems that Im again going back to my trusted unbridged VAP setup with Net/AP isolation and with full internet access setup with an extra DHCP subnet, as a suggestion.

See this reply

Fully isolated from main LAN, and clients connected to it cant ping each other.

Simple setup, 100% UI driven, no complications, works reliably.

Thanks! I don't mind something similar but as kernel-panic69 stated this is a very limited router with only one ethernet port so probably I don't need anything that fancy.
I have eth0 and ath0 to play with (and br0 by default).

kernel-panic69 wrote:

This device has only one ethernet port, which can serve as WAN/LAN. Using a VAP here is not required. Wondering if this is a configuration issue or an issue with how this device handles ethernet port as WAN enabled. br0 should only have wlan0 assigned and WAN port should be eth0 when the WAN is enabled in gateway mode. It could be clients overriding the DNS configuration and not connectivity related.


I just reflashed with the previous firmware (to make it stable) and erased nvram && reboot. After that by default I have WAN disabled, it is working on gateway mode (not router) and, as you said, br0 has both eth0 and ath0 under networking.

I don't seem to be able to figure how to achieve much with it, since if I just change the local IP to 192.168.2.1/24 and apply *without* a cable on eth0, it will work as expected (connecting to Fonera WiFi gets me on that network and I can go to the web admin panel). If I connect the cable (fonera eth0 to main ISP router) it will start acting as an AP i guess, albeit a bit weird because I may get an IP on 192.168.2.1 or after a bit, credentials given by one of my main network DHCP servers (on 192.168.1.0/24). I can go to the internet but can't reach the fonera web admin panel anymore to test anything else...

I guess I probably should unbridge something under Networking or play with advanced routing instead of just messing with "Basic setup" then?

Cheers and sorry for the slow response but was away for some days.
Goto page 1, 2  Next Display posts from previous:    Page 1 of 2
Post new topic   Reply to topic    DD-WRT Forum Index -> Atheros WiSOC based Hardware All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum