Need dd-wrt configuration to isolate wireless router from local LAN...

Alex Hewitt hewitt_tech at comcast.net
Thu Dec 11 16:28:21 EST 2008 

Drew Van Zandt wrote:
> Method (1): Put the wireless router outside the wired router.
> Method (2): Add something like:
> iptables -I INPUT -d 192.168.1.0/255.255.255.0 
> <http://192.168.1.0/255.255.255.0> -j DROP
> and (to allow the wired router as a destination):
> iptables -I INPUT -d 192.168.1.1 <http://192.168.1.1> -j ACCEPT
>
> You might need to do that second method to the nat table instead of 
> the default table, that's all from memory so the syntax is probably 
> not quite right.
>
> --DTVZ
>
> On Thu, Dec 11, 2008 at 3:53 PM, Alex Hewitt <hewitt_tech at comcast.net 
> <mailto:hewitt_tech at comcast.net>> wrote:
>
>     This might not have an easy answer but I want to setup a wireless
>     router
>     inside an existing LAN. I want to be able to let users connect to the
>     wireless router but not be able to access systems on the LAN that the
>     wireless  router will be installed on. So the scenario is:
>
>                          Internet Connection
>                                      .
>                                      .
>                          Existing router (192.168.1.1
>     <http://192.168.1.1>)
>                                      .
>                                      .
>                           Wireless router (192.168.2.1
>     <http://192.168.2.1> or any private network)
>
>     A user connecting to the wireless router would get an address such as
>     192.168.2.100 <http://192.168.2.100> and they could ping or
>     otherwise see machines on the
>     192.168.1. <http://192.168.1.>* network. I've got dd-wrt v2.4
>     micro edition running on a
>     WRT54G V5 wireless router. The main router is a LinkSys RV042
>     model.  Is
>     there a simple way to stop users connected on the wireless router from
>     accessing systems on the main LAN? One way to achieve this would be to
>     add a switch between the ISP's equipment and the RV042 but I'd like to
>     make sure that any wireless connections couldn't chew up too much
>     bandwidth.
>
>     -Alex
>
>     _______________________________________________
>     gnhlug-discuss mailing list
>     gnhlug-discuss at mail.gnhlug.org <mailto:gnhlug-discuss at mail.gnhlug.org>
>     http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
>
>
Thanks. I might need to use my WRT54GL rather than the WRT54G for this 
because the micro version of dd-wrt is very spartan whereas the GL 
version looks like a more complete Linux system.

-Alex

More information about the gnhlug-discuss mailing list