Open GoogleCodeExporter opened 9 years ago
GoogleCodeExporter
commented
9 years ago Easy =)
Just turn on two options:
* Isolation between Guest AP and LAN?
* Set AP Clients Isolated?Original comment by serge...@gmail.com on 10 Nov 2014 at 5:31
GoogleCodeExporter
commented
9 years ago Aehm I think you didn't understand my problem :D
In ACCESS POINT MODE there is only one option for guest ap it's set ap client
isolated and there is no effect, guest can ping ssh to my lan network
In router options you said only work in the lan created by the router and not
in MY lan who is the wan of the router
Original comment by joffrey...@gmail.com on 10 Nov 2014 at 5:39
GoogleCodeExporter
commented
9 years ago Ok.
It is not possible to make it in ACCESS POINT MODE on the device. Firewall is
off in this mode, so there are no way to control traffic between interfaces.
I think it is possible configure devices if they are connected in ROUTER mode.
There are several ways actually it can be done, one of them is:
Some rules should be added to iptables which will mark packets from guest
interfaces on the device with guest access. On the gateway device additional
iptables rules should drop packets marked with "guest" to local network.Original comment by serge...@gmail.com on 10 Nov 2014 at 8:16
GoogleCodeExporter
commented
9 years ago [deleted comment]Ok,
I try to identified the interface who had GUEST in SSID and do rules for that
interface but it doesn't work :/
Maybe you have a better solution with "iptables rules should drop packets
marked with "guest" to local network."
How can we drop packets marked with guest ?
There is the rules I created and who doesn't work :
iptables -I FORWARD 1 -i ra1 -d 192.168.10.0/24 -j DROP -m state --s
tate ESTABLISHED,NEW,RELATEDOriginal comment by joffrey...@gmail.com on 12 Nov 2014 at 8:34
GoogleCodeExporter
commented
9 years ago Maybe I do, but I'm not sure. To understand it let's clarify the details.
From posts above I understood:
1) You've got some router. It has some ip address (let it be 192.168.10.1).
This address is used as the gateway to the internet.
2) You've got other device - RT-N14U. Clients connected to this device should
be in the same network - 192.168.10.0/24. Clients connected to lan ports and
Main Wlan should have access both to local network and internet. Clients
connected to Guest Wlan should have access to the internet only.
Is it correct? If so, how are these devices connected - with wire or wireless?Original comment by serge...@gmail.com on 12 Nov 2014 at 6:01
GoogleCodeExporter
commented
9 years ago [deleted comment]
So.:
I have a network : 192.168.10.0/24
Gateway is 192.168.10.254
This is my LAN network
The. Router wifi must be connected in the network and cann't replace the
gateway
So rtn14u router wifi add an network 192.168.1.0/24 for wifi access , he saw
WAN is 192.168.10.0/24
Wan of wifi router is also MY LAN
I want two wifi access :
A normal access with access to my lan (10.0)
A guest access with no access to my lan (10.0) just web access
Wifi access is in 192.168.1.0 network because of rtn14u wifi router
If you don't understand I will do a scheme of my network ^^
Original comment by joffrey...@gmail.com on 12 Nov 2014 at 6:15
GoogleCodeExporter
commented
9 years ago I don't know if it is possible to limit access to 192.168.10.0/24 from guest
clients in this configuration. As all packets will be natted to gateway address
in 192.168.1.0/24, so 192.168.10.254 won't know how to filter them.
I suggest you to turn off dhcp on RT-N14U and use one of the LAN ports instead
of WAN port to connect to 192.168.10.254. (Assign static ip to RT-N14U from
192.168.10.0/24).
In order to filter needed interfaces use eatables. See documentation and some
examples on http://ebtables.netfilter.org/examples/basic.html#allOriginal comment by serge...@gmail.com on 12 Nov 2014 at 8:07
GoogleCodeExporter
commented
9 years ago mmm I find something working with that :D
But that's not stable if we had nothing in wan port we can't acceed to the web
page router configuration..
So i tried to configure when wan is connected and after connect lan and testing
That work but I need to improve stability :D
there is really no way to use ebtable in AccessPoint mode ? :/
Thank for your helpOriginal comment by joffrey...@gmail.com on 13 Nov 2014 at 11:16
GoogleCodeExporter
commented
9 years ago You are welcome.
Firmware logic (rc) in AccessPoint mode disables firewall, nat, upnp, and wan
port is bridged. But you can initialise tables and use ebtables.Original comment by serge...@gmail.com on 13 Nov 2014 at 5:28
GoogleCodeExporter
commented
9 years ago [deleted comment]thank
I find a working situation with ebtables
that my rules:
/home/root # ebtables -A FORWARD -i ra1 -j DROP
/home/root #
/home/root # ebtables -I FORWARD 1 -i ra1 -d 00:22:24:cd:1c:04 -j ACCEPT
/home/root # ebtables -I FORWARD 1 -i ra1 -d 00:09:0d:53:73:bd -j ACCEPT
/home/root #
/home/root # ebtables -I FORWARD 1 -i ra1 -d ff:ff:ff:ff:ff:ff -j ACCEPT
one for dhcp, one for gateway, one for broadcast and its working :D
BUTTTTTT :(
This morning I see my ebtables had been reseted so I must re-enter rules, can
we save rules in the startup config like cisco router ?
Original comment by joffrey...@gmail.com on 14 Nov 2014 at 9:41
GoogleCodeExporter
commented
9 years ago put these commands to /etc/storage/post_iptables_script.sh. I'm not sure it is
called in AP Mode, so if don't work use /etc/storage/started_script.sh
when done execute:
# mtd_storage.sh saveOriginal comment by serge...@gmail.com on 14 Nov 2014 at 6:44
GoogleCodeExporter
commented
9 years ago Oh I find that this afternoon and it seems to be Working very well
Appreciate your help and sorry for my english I m french !
Thank for all
This custom firmware improve a lot this wifi router
Bye bye and tks Again
Original comment by joffrey...@gmail.com on 14 Nov 2014 at 7:05
Original issue reported on code.google.com by
joffrey...@gmail.comon 10 Nov 2014 at 11:18