Posted: Fri Mar 12, 2010 3:26 Post subject: WLAN separate from LAN on v24-sp2 (10/10/09)
I want to isolate my wired lan from my wifi lan so I can setup a free hotspot without wifi users being able to access our local wired network. It's a Buffalo WHR-G300N and it has DD-WRT at v24-sp2 (10/10/09) std.
BUT, every guide I see tells me to go to Setup > VLANs, but the VLAN tab does not exist. It does exist on an old DD-WRT V24 RC7, but not on the router I want to do this on.
Anyone have step by step instructions on setting this up on my configuration? Or, what I have to do different using the instructions in the guide at the link above.
Bonus question. Once I get that working, I want a wifi user to go to a TOS page and click ACCEPT button. I heard nocatsplash does not work well or at all with this version. Any ideas?
BUT, every guide I see tells me to go to Setup > VLANs, but the VLAN tab does not exist. It does exist on an old DD-WRT V24 RC7, but not on the router I want to do this on.
You should have taken a look at the other guide that that one links to twice...
http://www.dd-wrt.com/wiki/index.php/Separate_LAN_and_WLAN _________________ Read the forum announcements thoroughly! Be cautious if you're inexperienced.
Available for paid consulting. (Don't PM about complicated setups otherwise)
Looking for bricks and spare routers to expand my collection. (not interested in G spec models)
Posted: Thu Dec 09, 2010 20:55 Post subject: same issue
I also have a whr-hp-g300n and read the http://www.dd-wrt.com/wiki/index.php/Separate_LAN_and_WLAN
and WAP article, but still unable to connect to internet via wifi. Wired works, DHCP dnsmasq works with wifi and I can manage ddwrt over wifi using the internal lan ip. I have tried multiple combos of iptables including:
Allow br1 access to br0, the WAN, and any other subnets (required if SPI firewall is on)
iptables -I FORWARD -i br1 -m state --state NEW -j ACCEPT
iptables -I FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
Restrict br1 from accessing br0's subnet but pass traffic through br0 to the internet (for WAP's - WAN port disabled)
iptables -I FORWARD -i br1 -d `nvram get lan_ipaddr`/`nvram get lan_netmask` -m state --state NEW -j DROP
Enable NAT for traffic being routed out br0 so that br1 has connectivity (for WAP's - WAN port disabled)
iptables -t nat -I POSTROUTING -o br0 -j SNAT --to `nvram get lan_ipaddr` _________________ Read the forum announcements thoroughly! Be cautious if you're inexperienced.
Available for paid consulting. (Don't PM about complicated setups otherwise)
Looking for bricks and spare routers to expand my collection. (not interested in G spec models)
I re-tried those 4, in order but still to no avail.
I did:
iptables -I FORWARD -i br1 -m state --state NEW -j ACCEPT
iptables -I FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
with SPI on and not on.
I have defaulted the device 3 times and retried, the images look like a earlier release than Firmware: DD-WRT v24SP2-EU-US (08/19/10) std
Telnet/SSH to the router and check the output of these commands.
iptables -t nat -I POSTROUTING
iptables -vnL FORWARD _________________ Read the forum announcements thoroughly! Be cautious if you're inexperienced.
Available for paid consulting. (Don't PM about complicated setups otherwise)
Looking for bricks and spare routers to expand my collection. (not interested in G spec models)
Telnet/SSH to the router and check the output of these commands.
iptables -t nat -I POSTROUTING
iptables -vnL FORWARD
Errr, major typo there... It should have been this.
iptables -t nat -vnL POSTROUTING _________________ Read the forum announcements thoroughly! Be cautious if you're inexperienced.
Available for paid consulting. (Don't PM about complicated setups otherwise)
Looking for bricks and spare routers to expand my collection. (not interested in G spec models)
If for some reason it doesn't work then check if the rule was added using the debug command from my last post. _________________ Read the forum announcements thoroughly! Be cautious if you're inexperienced.
Available for paid consulting. (Don't PM about complicated setups otherwise)
Looking for bricks and spare routers to expand my collection. (not interested in G spec models)
the full version did not work either. I'm not sure what debug command you are referencing but I did this article: http://www.dd-wrt.com/phpBB2/viewtopic.php?t=37215 and only received a timestamp and:
\
Code:
\
with no information (only code tags). This is after I reflashed unit and did the wlan & seperate lan & WAP articles, again. On the setup it took multiple times on applying or rebooting for commands to take. Is there an alternate device that I can use with these articles?[/code]
Any hardware should work with the guide. _________________ Read the forum announcements thoroughly! Be cautious if you're inexperienced.
Available for paid consulting. (Don't PM about complicated setups otherwise)
Looking for bricks and spare routers to expand my collection. (not interested in G spec models)