Separate LAN and WLAN (light)
From DD-WRT Wiki
(Difference between revisions)
Revision as of 21:23, 7 March 2018 (edit) Jeremywh7 (Talk | contribs) m (Separate LAN and WLANv2 moved to Separate LAN and WLAN (light): v2 insinuates that it replaces "Separate LAN and WLAN") ← Previous diff |
Current revision (21:28, 7 March 2018) (edit) (undo) Jeremywh7 (Talk | contribs) m |
||
Line 1: | Line 1: | ||
==Introduction== | ==Introduction== | ||
- | This is | + | This is a 'light' version of [[Separate_LAN_and_WLAN]], so if more detail is needed, refer there. |
==Device used== | ==Device used== | ||
- | + | Buffalo WHR-HP-G300N (Atheros device: some menus may vary on Broadcom), build 27506 (07/09/15) std | |
- | + | ||
- | + | ||
- | + | ||
- | + | ||
- | ( | + | |
==Screenshots== | ==Screenshots== | ||
[[Image:SeparateWIFIfromLANv2_01.png]] | [[Image:SeparateWIFIfromLANv2_01.png]] | ||
- | |||
[[Image:SeparateWIFIfromLANv2_02.png]] | [[Image:SeparateWIFIfromLANv2_02.png]] | ||
- | |||
[[Image:SeparateWIFIfromLANv2_03.png]] | [[Image:SeparateWIFIfromLANv2_03.png]] | ||
- | |||
[[Image:SeparateWIFIfromLANv2_04.png]] | [[Image:SeparateWIFIfromLANv2_04.png]] | ||
- | |||
[[Image:SeparateWIFIfromLANv2_05.png]] | [[Image:SeparateWIFIfromLANv2_05.png]] | ||
==Firewall Script== | ==Firewall Script== | ||
- | + | Finally, copy and paste this to the ''Admin->Commands'' section, then click ''Save Firewall'': | |
<pre>#Allow guest bridge access to Internet | <pre>#Allow guest bridge access to Internet | ||
iptables -I FORWARD -i br1 -m state --state NEW -j ACCEPT | iptables -I FORWARD -i br1 -m state --state NEW -j ACCEPT |
Current revision
Contents |
[edit] Introduction
This is a 'light' version of Separate_LAN_and_WLAN, so if more detail is needed, refer there.
[edit] Device used
Buffalo WHR-HP-G300N (Atheros device: some menus may vary on Broadcom), build 27506 (07/09/15) std
[edit] Screenshots
[edit] Firewall Script
Finally, copy and paste this to the Admin->Commands section, then click Save Firewall:
#Allow guest bridge access to Internet iptables -I FORWARD -i br1 -m state --state NEW -j ACCEPT iptables -I FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu #Allow br0 (LAN) access to br1 (WLAN) iptables -I FORWARD -i br0 -o br1 -m state --state NEW -j ACCEPT #Block access from br1 (WIRELESS) to br0 (LAN) iptables -I FORWARD -i br1 -o br0 -m state --state NEW -j DROP #NAT to make Internet work iptables -t nat -I POSTROUTING -o br0 -j SNAT --to `nvram get lan_ipaddr` #Enable NAT on the WAN port to correct a bug in builds over 17000 iptables -t nat -I POSTROUTING -o `get_wanface` -j SNAT --to `nvram get wan_ipaddr` #Deny access to local router services from Guest (240.x br1) network iptables -I INPUT -i br1 -p tcp --dport telnet -j REJECT --reject-with tcp-reset iptables -I INPUT -i br1 -p tcp --dport ssh -j REJECT --reject-with tcp-reset #iptables -I INPUT -i br1 -p tcp --dport www -j REJECT --reject-with tcp-reset iptables -I INPUT -i br1 -p tcp --dport https -j REJECT --reject-with tcp-reset
[edit] References & Credits
- Separate_LAN_and_WLAN - The existing guide
- V24: WLAN separate from LAN, with independent DHCP - A similar guide, updated for build v24
- WLAN separate from LAN, with independent dhcp, etc - Command line method (old)
- Multiple WLANs - For unbridging virtual wireless interfaces
Categories: Interfaces | Wlan | Lan | Basic tutorials