[SOLVED]netgear r6300v1 WAP with guest network setup

Post new topic   Reply to topic    DD-WRT Forum Index -> Broadcom SoC based Hardware
Author Message
Spotting6528
DD-WRT Novice


Joined: 25 Mar 2023
Posts: 7

PostPosted: Sat Mar 25, 2023 5:31    Post subject: [SOLVED]netgear r6300v1 WAP with guest network setup Reply with quote
Hello, I have tried to setup the above by following the wiki here and this guide here. While my regular network functions normally and my guest network has working internet and DNS, I am able to reach clients on my regular network from my guest network. I'm unsure why this is, the only major difference was that I connected my physical 2.4ghz radio as the guest network provider instead of creating a virtual AP.
Sponsor
egc
DD-WRT Guru


Joined: 18 Mar 2014
Posts: 12837
Location: Netherlands

PostPosted: Sat Mar 25, 2023 6:39    Post subject: Reply with quote
What build are you using?

When using a virtual interface on a WAP you have to use iptables rules to isolate the VAP manually

See my attached notes for some pointers



DDWRT Virtual Access Point Public-5.pdf
 Description:

Download
 Filename:  DDWRT Virtual Access Point Public-5.pdf
 Filesize:  575.31 KB
 Downloaded:  45 Time(s)


_________________
Routers:Netgear R7000, R6400v1, R6400v2, EA6900 (XvortexCFE), E2000, E1200v1, WRT54GS v1.
Install guide R6400v2, R6700v3,XR300:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
Install guide R7800/XR500: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
Forum Guide Lines (important read):https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087
Spotting6528
DD-WRT Novice


Joined: 25 Mar 2023
Posts: 7

PostPosted: Sat Mar 25, 2023 16:26    Post subject: Reply with quote
I am running r51729.
No virtual AP. Instead I'm just trying to use the physical 2.4ghz radio. These are my current commands saved to firewall:
iptables -t nat -I POSTROUTING -o br0 -j SNAT --to $(nvram get lan_ipaddr)
iptables -I FORWARD -i wl0 -d $(nvram get lan_ipaddr)/$(nvram get lan_netmask) -m state --state NEW -j REJECT
iptables -I INPUT -i wl0 -m state --state NEW -j REJECT
iptables -I INPUT -i wl0 -p udp --dport 67 -j ACCEPT
iptables -I INPUT -i wl0 -p udp --dport 53 -j ACCEPT
iptables -I INPUT -i wl0 -p tcp --dport 53 -j ACCEPT

With this, I am still able to access my main network LAN clients from my guest network.

The only bridge on my network is br0, which has the my LAN ethernet and vlan2 on it (since WAN is disabled).
egc
DD-WRT Guru


Joined: 18 Mar 2014
Posts: 12837
Location: Netherlands

PostPosted: Sat Mar 25, 2023 16:36    Post subject: Reply with quote
You should be able to use the physical radio like that as long as it is unbridged so on its own subnet with its own DHCP server

It helps if you show screenshots and output of :
iptables -vnL FORWARD
iptables -vnL INPUT
iptables -t nat -vnL

_________________
Routers:Netgear R7000, R6400v1, R6400v2, EA6900 (XvortexCFE), E2000, E1200v1, WRT54GS v1.
Install guide R6400v2, R6700v3,XR300:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
Install guide R7800/XR500: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
Forum Guide Lines (important read):https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087
Spotting6528
DD-WRT Novice


Joined: 25 Mar 2023
Posts: 7

PostPosted: Sat Mar 25, 2023 17:31    Post subject: Reply with quote
Thank you, here are the commands and their output:

iptables -vnL FORWARD:

Chain FORWARD (policy ACCEPT 49 packets, 13414 bytes)
pkts bytes target prot opt in out source destination
0 0 REJECT all -- wl0 * 0.0.0.0/0 192.168.2.0/24 state NEW reject-with icmp-port-unreachable

iptables -vnL INPUT:

Chain INPUT (policy ACCEPT 429 packets, 83785 bytes)
pkts bytes target prot opt in out source destination
0 0 ACCEPT tcp -- wl0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:53
0 0 ACCEPT udp -- wl0 * 0.0.0.0/0 0.0.0.0/0 udp dpt:53
0 0 ACCEPT udp -- wl0 * 0.0.0.0/0 0.0.0.0/0 udp dpt:67
0 0 REJECT all -- wl0 * 0.0.0.0/0 0.0.0.0/0 state NEW reject-with icmp-port-unreachable

iptables -t nat -vnL:

Chain PREROUTING (policy ACCEPT 103 packets, 8579 bytes)
pkts bytes target prot opt in out source destination

Chain INPUT (policy ACCEPT 71 packets, 3861 bytes)
pkts bytes target prot opt in out source destination

Chain OUTPUT (policy ACCEPT 7 packets, 431 bytes)
pkts bytes target prot opt in out source destination

Chain POSTROUTING (policy ACCEPT 1 packets, 60 bytes)
pkts bytes target prot opt in out source destination
16 1047 SNAT all -- * br0 0.0.0.0/0 0.0.0.0/0 to:192.168.2.2

192.168.2.0/24 is my main subnet (the same subnet the router and the AP are on).
ho1Aetoo
DD-WRT Guru


Joined: 19 Feb 2019
Posts: 2927
Location: Germany

PostPosted: Sat Mar 25, 2023 17:46    Post subject: Reply with quote
And which IP address and which subnet does the WLAN interface have?

On broadcom routers, the interface names are also strange, WLAN is actually an eth* interface.
Spotting6528
DD-WRT Novice


Joined: 25 Mar 2023
Posts: 7

PostPosted: Sat Mar 25, 2023 17:51    Post subject: Reply with quote
Thank you, how do I find that out? If WLAN is the guest network then it is on wl0 (eth1) with 192.168.3.1/24.
egc
DD-WRT Guru


Joined: 18 Mar 2014
Posts: 12837
Location: Netherlands

PostPosted: Sat Mar 25, 2023 18:03    Post subject: Reply with quote
Show screenshots of setup page and wireless page etc.
_________________
Routers:Netgear R7000, R6400v1, R6400v2, EA6900 (XvortexCFE), E2000, E1200v1, WRT54GS v1.
Install guide R6400v2, R6700v3,XR300:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
Install guide R7800/XR500: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
Forum Guide Lines (important read):https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087
ho1Aetoo
DD-WRT Guru


Joined: 19 Feb 2019
Posts: 2927
Location: Germany

PostPosted: Sat Mar 25, 2023 18:13    Post subject: Reply with quote
@egc

i don't have a broadcom router, but i think i saw once that the bridge table shows "eth1 eth2 wl0.1 wl1.1"?

Maybe try with eth1 as interface

https://forum.dd-wrt.com/phpBB2/files/screenshot_2023_02_17_233312_161.jpg
Spotting6528
DD-WRT Novice


Joined: 25 Mar 2023
Posts: 7

PostPosted: Sat Mar 25, 2023 18:48    Post subject: Reply with quote
Here, I thought this might be easier to read.


Networking.pdf
 Description:

Download
 Filename:  Networking.pdf
 Filesize:  254.81 KB
 Downloaded:  31 Time(s)


Routing.pdf
 Description:

Download
 Filename:  Routing.pdf
 Filesize:  272.4 KB
 Downloaded:  22 Time(s)


Setup.pdf
 Description:

Download
 Filename:  Setup.pdf
 Filesize:  257.24 KB
 Downloaded:  23 Time(s)

Spotting6528
DD-WRT Novice


Joined: 25 Mar 2023
Posts: 7

PostPosted: Sat Mar 25, 2023 18:50    Post subject: Reply with quote
And the rest. Let me know if you need anything else.


Services.pdf
 Description:

Download
 Filename:  Services.pdf
 Filesize:  272.91 KB
 Downloaded:  31 Time(s)


Advanced Wireless Settings.pdf
 Description:

Download
 Filename:  Advanced Wireless Settings.pdf
 Filesize:  331.48 KB
 Downloaded:  41 Time(s)


Wireless.pdf
 Description:

Download
 Filename:  Wireless.pdf
 Filesize:  237.73 KB
 Downloaded:  40 Time(s)

egc
DD-WRT Guru


Joined: 18 Mar 2014
Posts: 12837
Location: Netherlands

PostPosted: Sat Mar 25, 2023 18:55    Post subject: Reply with quote
ho1Aetoo wrote:
@egc

i don't have a broadcom router, but i think i saw once that the bridge table shows "eth1 eth2 wl0.1 wl1.1"?

Maybe try with eth1 as interface

https://forum.dd-wrt.com/phpBB2/files/screenshot_2023_02_17_233312_161.jpg


Certainly to make it complicated wl0 is usually eth1 and wl1 is usually eth2 which is totally different from Atheros Sad

_________________
Routers:Netgear R7000, R6400v1, R6400v2, EA6900 (XvortexCFE), E2000, E1200v1, WRT54GS v1.
Install guide R6400v2, R6700v3,XR300:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
Install guide R7800/XR500: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
Forum Guide Lines (important read):https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087
egc
DD-WRT Guru


Joined: 18 Mar 2014
Posts: 12837
Location: Netherlands

PostPosted: Sat Mar 25, 2023 19:09    Post subject: Reply with quote
I reviewed your setup and it is looking good.
It looks like the only alteration you have to make is to use eth1 instead of wl0 and Bob's your uncle Smile

_________________
Routers:Netgear R7000, R6400v1, R6400v2, EA6900 (XvortexCFE), E2000, E1200v1, WRT54GS v1.
Install guide R6400v2, R6700v3,XR300:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
Install guide R7800/XR500: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
Forum Guide Lines (important read):https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087
Spotting6528
DD-WRT Novice


Joined: 25 Mar 2023
Posts: 7

PostPosted: Sun Mar 26, 2023 1:44    Post subject: Reply with quote
egc wrote:
I reviewed your setup and it is looking good.
It looks like the only alteration you have to make is to use eth1 instead of wl0 and Bob's your uncle Smile


Thank you so much, that did indeed fix the problem! I guess I should have realized that earlier when you mentioned interfaces.
Display posts from previous:    Page 1 of 1
Post new topic   Reply to topic    DD-WRT Forum Index -> Broadcom SoC based Hardware All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum