Need dd-wrt configuration to isolate wireless router from local LAN...
Alex Hewitt
hewitt_tech at comcast.net
Mon Dec 22 17:41:25 EST 2008
Drew Van Zandt wrote:
> Method (1): Put the wireless router outside the wired router.
> Method (2): Add something like:
> iptables -I INPUT -d 192.168.1.0/255.255.255.0
> <http://192.168.1.0/255.255.255.0> -j DROP
> and (to allow the wired router as a destination):
> iptables -I INPUT -d 192.168.1.1 <http://192.168.1.1> -j ACCEPT
>
> You might need to do that second method to the nat table instead of
> the default table, that's all from memory so the syntax is probably
> not quite right.
>
> --DTVZ
>
> On Thu, Dec 11, 2008 at 3:53 PM, Alex Hewitt <hewitt_tech at comcast.net
> <mailto:hewitt_tech at comcast.net>> wrote:
>
> This might not have an easy answer but I want to setup a wireless
> router
> inside an existing LAN. I want to be able to let users connect to the
> wireless router but not be able to access systems on the LAN that the
> wireless router will be installed on. So the scenario is:
>
> Internet Connection
> .
> .
> Existing router (192.168.1.1
> <http://192.168.1.1>)
> .
> .
> Wireless router (192.168.2.1
> <http://192.168.2.1> or any private network)
>
> A user connecting to the wireless router would get an address such as
> 192.168.2.100 <http://192.168.2.100> and they could ping or
> otherwise see machines on the
> 192.168.1. <http://192.168.1.>* network. I've got dd-wrt v2.4
> micro edition running on a
> WRT54G V5 wireless router. The main router is a LinkSys RV042
> model. Is
> there a simple way to stop users connected on the wireless router from
> accessing systems on the main LAN? One way to achieve this would be to
> add a switch between the ISP's equipment and the RV042 but I'd like to
> make sure that any wireless connections couldn't chew up too much
> bandwidth.
>
> -Alex
>
> _______________________________________________
> gnhlug-discuss mailing list
> gnhlug-discuss at mail.gnhlug.org <mailto:gnhlug-discuss at mail.gnhlug.org>
> http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
>
>
Just a followup. I used the second method. Drew's suggested iptables
commands were correct except for the table that needed to be updated
which turned out to be the "FORWARD" table in OpenWRT. Also making the
iptables rules persist requires modifying a file "/etc/firewall.user".
Initially I miss-understood how this was to be done because the
documentation suggested that merely executing firewall.user would make
the iptables rules persist across reboots and power cycling. In fact you
need to add your new rules to the firewall.user script which gets run
every time the router is rebooted.
-Alex
More information about the gnhlug-discuss
mailing list