Guest Setup


w11x22

w11x22

Addicted to LI
Member
Hi all
I have created Guest setup (first time) on my N66U Router (running latest ver of RAF)... So my original NW is 10.10.100.1 and Guest is 192.168.2.1... When I connect via Guest I get an IP of 192.168.2.X but I am able to connect to Router setup using 10.10.100.1.... Is this Normal as I should not be able to login to 10.10.100.1 NW while I am connected to 192.168.2.X...
 
Marcel Tunks said:
http://linksysinfo.org/index.php?threads/restrict-access-to-web-ui-on-guest-wifi.68385/

There's a recent thread on this topic.
Click to expand...
Thanks a lot Marcel............... I thought it would be quick and easy fix but by the looks of it, it does not appear that way..... I installed Merlin on my Router and on that if you pick Guest Network to enable then it asks you if you want to give access to Intranet to the Guest or not...... And that's it.....
I will try to give this Thread a read and check but thanks again for the help
 
w11x22, I have gotten some of the "guest network" stuff figured out on Tomato! (with lots of help :) )
We seem to share the same addiction to Tomato and I wanted to make sure you knew that progress had been made!

http://www.linksysinfo.org/index.ph...om-others-without-a-subnet.68455/#post-226708
My post is 2-3 below yours.

http://www.linksysinfo.org/index.ph...om-others-without-a-subnet.68455/#post-227185
This one has some code that might be useful.

This might be enough to help you with your concern. If not, I imagine we are really close now!
 
All he would need to paste in Administration/Scripts/Firewall is this:

Code: 
iptables -I INPUT -i br1 -p tcp -m multiport --dports 22,23,80,161,443 -d 10.10.100.1 -j REJECT --reject-with tcp-reset
iptables -I INPUT -i br1 -p udp -m multiport --dports 22,23,80,161,443 -d 10.10.100.1 -j DROP
iptables -I INPUT -i br1 -p tcp -m multiport --dports 22,23,80,161,443 -d 192.168.2.1 -j REJECT --reject-with tcp-reset
iptables -I INPUT -i br1 -p udp -m multiport --dports 22,23,80,161,443 -d 192.168.2.1 -j DROP

Assuming that his Guest Network is on br1. These rules are blocking every connection coming FROM the
guest network TOWARDS the specified ports on both IP´s of the router. In that example the ports
are for Telnet, SSH, HTTP, SNMP and HTTPS, once for TCP and once for UDP.

But i think judging from the date of the last post before yours he has figured it out by now :)
 
philess said:
All he would need to paste in Administration/Scripts/Firewall is this:

Code: 
iptables -I INPUT -i br1 -p tcp -m multiport --dports 22,23,80,161,443 -d 10.10.100.1 -j REJECT --reject-with tcp-reset
iptables -I INPUT -i br1 -p udp -m multiport --dports 22,23,80,161,443 -d 10.10.100.1 -j DROP
iptables -I INPUT -i br1 -p tcp -m multiport --dports 22,23,80,161,443 -d 192.168.2.1 -j REJECT --reject-with tcp-reset
iptables -I INPUT -i br1 -p udp -m multiport --dports 22,23,80,161,443 -d 192.168.2.1 -j DROP

Assuming that his Guest Network is on br1. These rules are blocking every connection coming FROM the
guest network TOWARDS the specified ports on both IP´s of the router. In that example the ports
are for Telnet, SSH, HTTP, SNMP and HTTPS, once for TCP and once for UDP.

But i think judging from the date of the last post before yours he has figured it out by now :)
Click to expand...
Hi guys
No, I have not figured it out I just had given it up. It is hard to beleive though that a thing which was so easily done (via GUI in Merlin/Stock) seems impossible in Tomato. Merlin with just ONE click and the ISOLATION is achived, thats it..............I have a very basic knowledge of network and following the Trent Post and then lost track of it. I think Trent has achived this by running IPTABLES command etc to make it work. But I am still unable to do this....
Thanks
 
As i said, paste those iptables lines in Administration/Scripts/Firewall, save & reboot the router. And you ARE able to do this.
 
philess said:
As i said, paste those iptables lines in Administration/Scripts/Firewall, save & reboot the router. And you ARE able to do this.
Click to expand...
Finally........................Thanks a million, Philess, it worked..........
I am planing to upgrade to Shibby 109 now. So I would copy paste the same lines same place, right?
Right now I am running RAF (Latest) and no problem not a single reboot in months......
I had problems with all Shibby builts (upto 107) that DHCP would never release the IP and new devices unbale to connect unless I reboot the ROuter... There are threads for this problem in the same forums..
I hope that this problem has been resolved in 109..Will give this a shot
Thanks again guys,,,,,,
 
w11x22 said:
Finally........................Thanks a million, Philess, it worked..........
I am planing to upgrade to Shibby 109 now. So I would copy paste the same lines same place, right?
Right now I am running RAF (Latest) and no problem not a single reboot in months......
I had problems with all Shibby builts (upto 107) that DHCP would never release the IP and new devices unbale to connect unless I reboot the ROuter... There are threads for this problem in the same forums..
I hope that this problem has been resolved in 109..Will give this a shot
Thanks again guys,,,,,,
Click to expand...

Thanks all, as mentioned above all is good and working but with one little problem... I use MAC Filtering on my original NW and that is effecting on my GUEST (Virtual) NW as well.... But I do not want to use MAC Filtering on my Guest NW... Is there ant way I can use MAC Filtering on original NW but not on Guest.... can this be done????
Please advise...
 
w11x22 said:
Thanks all, as mentioned above all is good and working but with one little problem... I use MAC Filtering on my original NW and that is effecting on my GUEST (Virtual) NW as well.... But I do not want to use MAC Filtering on my Guest NW... Is there ant way I can use MAC Filtering on original NW but not on Guest.... can this be done????
Please advise...
Click to expand...

Short answer Yes it can be, but its quite complicated.
 
You must log in or register to reply here.

Back
Top