distributed GUEST Wi-Fi

Post new topic   Reply to topic    DD-WRT Forum Index -> General Questions
View previous topic :: View next topic  
Author Message
piffi
DD-WRT Novice


Joined: 14 Jul 2025
Posts: 9
PostPosted: Mon Jul 14, 2025 10:23    Post subject: distributed GUEST Wi-Fi Reply with quote
Hello everyone,

My intention is to set up a distributed GUEST Wi-Fi network with Internet-only access, isolated from my main LAN and Wi-Fi network. Since the area to be covered is quite large, I have multiple routers connected to each other via Ethernet cable, which are already configured to provide my main Wi-Fi.

Each of these routers has a DD-WRT firmware version installed, and their WAN ports are all disabled. This is because Internet access is provided by a main router (ISP-owned) with IP: 192.168.1.14, which acts as the gateway and also runs the DHCP server for the main network.

On the first router of this distributed network, I have installed firmware version: DD-WRT v3.0-r58389 std (09/20/24). I have configured a Virtual Access Point (VAP) named wl1.1 with IP address: 192.168.20.22 and SSID: wi-fi_GUEST.

I have enabled DNSMasq and added the following "Additional DNSMasq Options":

dhcp-option=wl1.1,3,192.168.20.22
dhcp-option=wl1.1,6,192.168.1.14,8.8.8.8

Furthermore, in the "DHCPD (Multiple DHCP Server)" section, I have configured DHCP for 192.168.20.22/24 starting from 100 with a max of 50 users.

Finally, in the startup script, I have configured these commands:

iptables -I INPUT -i wl1.1 -p udp --dport 67 -j ACCEPT # DHCP Client
iptables -I INPUT -i wl1.1 -p udp --dport 53 -j ACCEPT # DNS
iptables -I INPUT -i wl1.1 -p tcp --dport 53 -j ACCEPT # DNS

iptables -I FORWARD -i wl1.1 -d 192.168.1.0/24 -j DROP # Block access to main LAN
iptables -I FORWARD -i wl1.1 -d 192.168.1.14 -j ACCEPT # Allow access to ISP gateway for Internet
iptables -t nat -I POSTROUTING -o br0 -j SNAT --to $(nvram get lan_ipaddr) # NAT for guest traffic

This standalone wi-fi_GUEST network seems to be working correctly. However, I now don't know how to configure the other routers so that their wi-fi_GUEST networks (generated by their respective Virtual Access Points) also utilize the DHCP server from the first router (192.168.20.22).

Can you help me with this? Or do you have other ideas to achieve the same result?

Thanks everyone.
Back to top View user's profile Send private message
Sponsor
Display posts from previous:    Page 1 of 1
Post new topic   Reply to topic    DD-WRT Forum Index -> General Questions All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum