Page 2 of 2
Re: Guest Network Setup
Posted: Thu Feb 21, 2013 11:44 am
by pbix
Clients requesting DHCP addresses always use source address of 0.0.0.0 and destination of 255.255.255.255 and protocol=udp. This is the only line you should need.
So in answer to your question when you make these changes and test them your setup will "look correct".
Code: Select all
# Allow DHCP requests
ebtables -I INPUT -i wlan0-1 -p IPv4 --ip-dst 255.255.255.255 --ip-source 0.0.0.0 --ip-proto udp -j ACCEPT
# Require IPs > .128 for guest wifi for QoS purposes
ebtables -A INPUT -p IPv4 -i wlan0-1 --ip-src ! 192.168.1.128/25 -j DROP
Your problems with DNS are caused by your attempt to deny access to your router. There should be no reason to deny access to the router since it is already password protected. There are other reasons besides DNS that clients may need to talk to your router so blocking as you have done may cause other issues in the future.
Re: Guest Network Setup
Posted: Thu Feb 28, 2013 6:30 pm
by kurjak
Hi!
I've tried everything you guys have written, but i still cannot isolate guest wlan. I'm using 1043nd v1.10, 1.5.9
Re: Guest Network Setup
Posted: Fri Mar 01, 2013 11:42 am
by jthg
kurjak wrote:Hi!
I've tried everything you guys have written, but i still cannot isolate guest wlan. I'm using 1043nd v1.10, 1.5.9
What do you get when you type ebtables --list? My result is:
Code: Select all
root@Lagunitas:/etc/config# ebtables --list
Bridge table: filter
Bridge chain: INPUT, entries: 2, policy: ACCEPT
-p IPv4 -i wlan0-1 --ip-src 0.0.0.0 --ip-dst 255.255.255.255 --ip-proto udp -j ACCEPT
-p IPv4 -i wlan0-1 --ip-src ! 192.168.1.128/25 -j DROP
Bridge chain: FORWARD, entries: 2, policy: ACCEPT
-i wlan0-1 -o eth0 -j DROP
-i wlan0-1 -o wlan0 -j DROP
Bridge chain: OUTPUT, entries: 0, policy: ACCEPT
To do this, I have the following in /usr/lib/gargoyle_firewall_util/gargoyle_firewall_util.sh initialize_firewall():
Code: Select all
# Isolate the guest wifi from your LAN.
ebtables -I FORWARD -i wlan0-1 -o wlan0 -j DROP
ebtables -I FORWARD -i wlan0-1 -o eth0 -j DROP
# Allow DHCP requests
ebtables -I INPUT -i wlan0-1 -p IPv4 --ip-dst 255.255.255.255 --ip-source 0.0.0.0 --ip-proto udp -j ACCEPT
# Require IPs > .128 for guest wifi for QoS purposes
ebtables -A INPUT -p IPv4 -i wlan0-1 --ip-src ! 192.168.1.128/25 -j DROP
When I tested before, it looked like the networks were isolated. I will test again next week.
Re: Guest Network Setup
Posted: Sun Mar 03, 2013 6:13 pm
by kurjak
It's working now, GUI messed up the settings ;(
Re: Guest Network Setup
Posted: Mon Apr 01, 2013 2:13 pm
by urosh
Hello.
I have sucessfully set up the guest network. Now I would need to set another nw, that is ment for the printserver. I have done everything and the printserver connects to the router, but I can not connect to it.
Can please somebody gives me what I have to write in the firewall (I think there is the problem) that I can connect to it? It is also mac protected nw.
Thank you
Re: Guest Network Setup
Posted: Sat Aug 23, 2014 11:00 pm
by jh001
Oops, wrong thread