Guest Network Setup

General discussion about Gargoyle, OpenWrt or anything else even remotely related to the project

Moderator: Moderators

Post Reply
pbix
Developer
Posts: 1373
Joined: Fri Aug 21, 2009 5:09 pm

Re: Guest Network Setup

Post by pbix »

Clients requesting DHCP addresses always use source address of 0.0.0.0 and destination of 255.255.255.255 and protocol=udp. This is the only line you should need.

So in answer to your question when you make these changes and test them your setup will "look correct".

Code: Select all

   # Allow DHCP requests
   ebtables -I INPUT -i wlan0-1 -p IPv4 --ip-dst 255.255.255.255 --ip-source 0.0.0.0 --ip-proto udp -j ACCEPT

   # Require IPs > .128 for guest wifi for QoS purposes
   ebtables -A INPUT -p IPv4 -i wlan0-1 --ip-src ! 192.168.1.128/25 -j DROP
Your problems with DNS are caused by your attempt to deny access to your router. There should be no reason to deny access to the router since it is already password protected. There are other reasons besides DNS that clients may need to talk to your router so blocking as you have done may cause other issues in the future.
Linksys WRT1900ACv2
Netgear WNDR3700v2
TP Link 1043ND v3
TP-Link TL-WDR3600 v1
Buffalo WZR-HP-G300NH2
WRT54G-TM
Top
kurjak
Posts: 20
Joined: Sat Jul 31, 2010 11:52 am

Re: Guest Network Setup

Post by kurjak »

Hi!
I've tried everything you guys have written, but i still cannot isolate guest wlan. I'm using 1043nd v1.10, 1.5.9
Top
jthg
Posts: 8
Joined: Tue Feb 05, 2013 12:21 pm

Re: Guest Network Setup

Post by jthg »

kurjak wrote:Hi!
I've tried everything you guys have written, but i still cannot isolate guest wlan. I'm using 1043nd v1.10, 1.5.9
What do you get when you type ebtables --list? My result is:

Code: Select all

root@Lagunitas:/etc/config# ebtables --list
Bridge table: filter

Bridge chain: INPUT, entries: 2, policy: ACCEPT
-p IPv4 -i wlan0-1 --ip-src 0.0.0.0 --ip-dst 255.255.255.255 --ip-proto udp -j ACCEPT 
-p IPv4 -i wlan0-1 --ip-src ! 192.168.1.128/25 -j DROP 

Bridge chain: FORWARD, entries: 2, policy: ACCEPT
-i wlan0-1 -o eth0 -j DROP 
-i wlan0-1 -o wlan0 -j DROP 

Bridge chain: OUTPUT, entries: 0, policy: ACCEPT
To do this, I have the following in /usr/lib/gargoyle_firewall_util/gargoyle_firewall_util.sh initialize_firewall():

Code: Select all

	# Isolate the guest wifi from your LAN.
	ebtables -I FORWARD -i wlan0-1 -o wlan0 -j DROP
	ebtables -I FORWARD -i wlan0-1 -o eth0 -j DROP

	# Allow DHCP requests
	ebtables -I INPUT -i wlan0-1 -p IPv4 --ip-dst 255.255.255.255 --ip-source 0.0.0.0 --ip-proto udp -j ACCEPT
              
	# Require IPs > .128 for guest wifi for QoS purposes
        ebtables -A INPUT -p IPv4 -i wlan0-1 --ip-src ! 192.168.1.128/25 -j DROP
When I tested before, it looked like the networks were isolated. I will test again next week.
Top
kurjak
Posts: 20
Joined: Sat Jul 31, 2010 11:52 am

Re: Guest Network Setup

Post by kurjak »

It's working now, GUI messed up the settings ;(
Top
urosh
Posts: 1
Joined: Mon Apr 01, 2013 2:10 pm

Re: Guest Network Setup

Post by urosh »

Hello.

I have sucessfully set up the guest network. Now I would need to set another nw, that is ment for the printserver. I have done everything and the printserver connects to the router, but I can not connect to it.

Can please somebody gives me what I have to write in the firewall (I think there is the problem) that I can connect to it? It is also mac protected nw.

Thank you
Top
jh001
Posts: 6
Joined: Sun Feb 19, 2012 6:44 pm

Re: Guest Network Setup

Post by jh001 »

Oops, wrong thread
Top
Post Reply

Return to “General Discussion”