Help with access restrictions for guest network

General discussion about Gargoyle, OpenWrt or anything else even remotely related to the project

Moderator: Moderators

Post Reply
psycik
Posts: 74
Joined: Mon Mar 21, 2011 3:27 pm

Help with access restrictions for guest network

Post by psycik »

I have a guest network that is nat'd through 192.168.10.5.

I'd like to allow guest access to the internet and machines in the .30 - .39 range.

In tghe restrictions I have:
Rules applies to : only the following host 192.168.10.5
Schedule all day, every day
Restricted resources all network access (unticked) set to block only:
then 192.168.10.2-192.168.10.30
and 192.168.10.40-192.168.10.254

All the others are set to block all.

THe firewall rules I see are as follows, that doesn't actually look like its doing anything.

Code: Select all

Chain egress_restrictions (1 references)
target     prot opt source               destination
egress_whitelist  all  --  anywhere             anywhere
CONNMARK   all  --  anywhere             anywhere            CONNMARK xset 0x20000000/0xff000000
CONNMARK   tcp  --  anywhere             anywhere            tcp dpt:ntp CONNMARK and 0xdfffffff
CONNMARK   udp  --  anywhere             anywhere            udp dpt:ntp CONNMARK and 0xdfffffff
CONNMARK   tcp  --  anywhere             anywhere            tcp dpt:ssmtp CONNMARK and 0xdfffffff
CONNMARK   udp  --  anywhere             anywhere            udp dpt:465 CONNMARK and 0xdfffffff
CONNMARK   tcp  --  Cam-NVR              anywhere            CONNMARK or 0x40000000
CONNMARK   udp  --  Cam-NVR              anywhere            CONNMARK or 0x40000000
REJECT     all  --  anywhere             anywhere            connmark match 0x60000000/0xff000000 reject-with i                     cmp-port-unreachable
CONNMARK   all  --  anywhere             anywhere            CONNMARK and 0xffffff
CONNMARK   all  --  anywhere             anywhere            destination IP range 192.168.10.2-192.168.10.30 CO                     NNMARK or 0x10000000
CONNMARK   all  --  anywhere             anywhere            destination IP range 192.168.10.40-192.168.10.254                      CONNMARK or 0x10000000
CONNMARK   all  --  NazgulGuest          anywhere            CONNMARK or 0x80000000
REJECT     all  --  anywhere             anywhere            connmark match 0x90000000/0xff000000 reject-with i                     cmp-port-unreachable
CONNMARK   all  --  anywhere             anywhere            CONNMARK and 0xffffff
I'm on 1.6.2 Gargoyle
Top
tapper
Moderator
Posts: 1076
Joined: Sun Oct 13, 2013 5:49 pm
Location: Stoke-on-trent UK

Re: Help with access restrictions for guest network

Post by tapper »

Hi mate if your router has more than 4 mg of flash you mite want to try updateing to the 1.9.x builds.
http://lantisproject.com/gargoyle_ispyisail/
If you take a back up you can flash back if it does not work out for you. You can not save settings when updating.
Linksys WRT3200ACM
NETGEAR Nighthawk R7800
NETGEAR R6260
Top
psycik
Posts: 74
Joined: Mon Mar 21, 2011 3:27 pm

Re: Help with access restrictions for guest network

Post by psycik »

tapper wrote:Hi mate if your router has more than 4 mg of flash you mite want to try updateing to the 1.9.x builds.
http://lantisproject.com/gargoyle_ispyisail/
If you take a back up you can flash back if it does not work out for you. You can not save settings when updating.
I'll have to try again, but I had reasosn from not upgrading. Specifically the use of the VLAN on my WAN port to make our fibre internet go.

On some newer hardware I had (TP Link WR0143ND on 2.1 the vlans would be ignored). I haven't tried it on an older 1.6 version hardware which is what I'm currently running.
Top
Post Reply

Return to “General Discussion”