[michilson]

This seems to not be working in the R52330 (4/11/23) Builds.

Can anyone please help with what has changed I orginally had this working back a while ago but recently updated the firmware and forgot to do a backup. Here's the post of when I had it working and the process to do this.

https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=331015&highlight=

When I assign a Port on the back of the router to a Vlan I dont see that Vlan in the Bridge options. Can someone help with how to do this in the Codes, and where it needs to go.

Basically I have a separate network with a WiFi access point that I want on a 192.168.6.# network. Before the the updates I had this working that this port used the multilpe DHCP and issued those IP's after the update isn't doing this anymore. everything is getting a 192.168.1.# IP. Seems like it's not assigning the Port to a VLAN and to the correct Bridge.

Thanks!

[blkt]

From an old build it is best to reset and manually reconfigure then create a new backup for build r52330 if needed.

https://forum.dd-wrt.com/phpBB2/viewtopic.php?p=1282848#1282848 Notice new cpu port tagging, to see bridge.

[michilson]

Yep, understand that I did reset to Default but when I go through my steps listed in the pervious post. I don't get the same response on the new builds. So somewhere along the lines things have changed and the expected input isn't the same. That's the problem I believe.

So for example in the old build in the SwitchConfig tab I would add a VLAN lets say (VLAN5) assign it to the port(3) I'd like to separate. Then switch to the Networking tab and under the Bridge (BR1) settings assign a bridge to that VLAN(5). When I try those steps now I only get (ETH0, ETH1, ETH2, ETH3, VLAN1, VLAN2) for interface options. I dont see the newely created VLAN5. Even after saving and applying settings.

What I'm looking for is to assign port 3 to a separate network allow it access to the internet but not to items on ports 1, 2, & 4 or WIFI for the 4ghz, 5ghz1, 5ghz2. under a 192.168.6.# IP address.

[ho1Aetoo]

Post a screenshots of the "switch config tab"

[michilson]

Here is the Switch config tab and the Network Tab

[ho1Aetoo]

you have to configure it like this

[michilson]

[michilson]

So my IP camera's seem to be connecting to the internet also on the 192.168.6.# network. However the router doesn't seem to be handing out DHCP data to other smart home devices on the 192.168.6.# Network.

I have the devices and mac address's in the Services tab with correct IP addresses.

Here's how I have the Network Configured.


We go from Port 3 to a Network Switch (Isolated to just port 3) There's a access point on the switch that all the Smart home things should be accessing. The Wifi is up I can see it but when I Try to connect it's not connecting or giving internet.

Also running these commands on Startup.

# block anything that falls through (just a precaution)
iptables -I FORWARD -i br+ -o br+ -j DROP

# deny iot network access to any other networks
iptables -I FORWARD -i br1 -o br+ -j DROP

# allow private network access to any other networks
iptables -I FORWARD -i br0 -o br+ -j ACCEPT

# push RELATED/ESTABLISHED rule back to top of chain
iptables -D FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -I FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT

[michilson]

I have to activate the JFFS2 for Client Lease DB That solved the problem of it not assigning the IP's.

[Alozaros]

# block anything that falls through (just a precaution)
iptables -I FORWARD -i br+ -o br+ -j DROP

# deny iot network access to any other networks
iptables -I FORWARD -i br1 -o br+ -j DROP

# allow private network access to any other networks
iptables -I FORWARD -i br0 -o br+ -j ACCEPT

Those 3 rules are funny...

1 rule - drops communication on forward chain on any bridge (br+ means any)
2 rule - this is already done by the first rule...
3 rule - accepts communication on br0 from any bridge...but you have the top one and this 1st
is with I on the top of the chain, but must be with A on the end of the chain..

as well... do you need WAN to NAT redirection on your isolated network ??

[ho1Aetoo]

at the end of the chain the rule is useless, before that all packages are already dropped

[Alozaros]