[Herc]

Hi all,

I have been using dd-wrt for some time now but I hav just purchased one of these Momento UPNP WIFI photo frames. Nice bit of kit, however it doesn't like WPA2 Personal Mixed auth. I use that because I want to keep wireless pretty secure as I have a buffalo HP router and share my connection with my Mom down the road..... so I created a virtual wlan but it won't let me have any other auth apart from none as we know they usually have to match to the physical interface.......ok so I created a open connection thats hidden and has MAC control lists. Still not very secure so I have broken the connection to the internet.....but now what i want to do is only allow upnp traffic from the wlan (br1) to the LAN (br0?)
Is this possible? here is my startup and iptables as followed from another tutorial, the bits hashed are the things I have tried unfortunately im rubbish with ip tables.

# Set some important values:
nvram set dnsmasq_enable=1
if [ "`nvram get dhcpfwd_enable`" = "0" ]; then
nvram set dns_dnsmasq=1
nvram set dhcp_dnsmasq=1
nvram set auth_dnsmasq=1
fi

# Create bridge br1, move the virtual wireless interface to it,
# and setup the interface's IP address:
brctl addbr br1
brctl delif br0 wl0.1
brctl addif br1 wl0.1
ifconfig br1 192.168.2.1 netmask 255.255.255.0
ifconfig br1 up

# Properly setup NAS
killall nas

# Main:
nas -P /tmp/nas.wl0lan.pid -H 34954 -l br0 \
-i eth1 -A -m 132 -k "`nvram get wl0_wpa_psk`" \
-s "`nvram get wl0_ssid`" -w 6 \
-g "`nvram get wl0_wpa_gtk_rekey`"

# Virtual:
nas -P /tmp/nas.wl0.1lan.pid -l br1 -H 34954

# Make sure br1 has access to the internet:
#iptables -I INPUT -i br1 -m state --state NEW -j logaccept
#iptables -I FORWARD -i br1 -o `nvram get wan_ifname` -m state --state NEW -j ACCEPT
# Keep the two wireless networks from talking to each other:
#iptables -I FORWARD -i br0 -o br1 -j ACCEPT
#iptables -I FORWARD -i br1 -o 192.168.1.58 -j ACCEPT
#iptables -A INPUT -s 192.168.1.0/24 -p tcp &#-106;dport 2869 -j ACCEPT
#iptables -A INPUT -s 192.168.1.0/24 -p udp &#-106;dport 1900 -j ACCEPT
#iptables -A FORWARD -p udp -i br1 -o br0 -j ACCEPT
#iptables -A FORWARD -p tcp -i br1 -o br0 -j ACCEPT

#iptables -I FORWARD -i br0 -o br1 -j ACCEPT
#iptables -I FORWARD -i br1 -o br0 -j ACCEPT
# Keep br1 from accessing the router:
iptables -I INPUT -i br1 -p tcp --dport telnet -j REJECT --reject-with tcp-reset
iptables -I INPUT -i br1 -p tcp --dport ssh -j REJECT --reject-with tcp-reset
iptables -I INPUT -i br1 -p tcp --dport www -j REJECT --reject-with tcp-reset
iptables -I INPUT -i br1 -p tcp --dport https -j REJECT --reject-with tcp-reset

Apologies for the long post guys.

[Sash]

info's missing

read:

[Herc]

Sorry guys:
Firmware: DD-WRT v24-sp2 (05/21/09) vpn
Router Model: Buffalo WHR-HP-G54
Is that enough info?