2 routers, 2 networks

Discussion in 'Tomato Firmware' started by Deleted member 23868, Jun 26, 2011.

  1. My setup:
    * WRT54GSv4 running Tomato ND 1.28 + speedmod 120, WPA2 + AES
    * Netgear MRT814v2 802.11b router on stock FW, open ("Free Public WiFi")

    Cable modem -> WRT54GS WAN port
    WRT54GS issuing DHCPs to 192.168.1.0/24

    WRT54GS port 4 -> Netgear WAN port, static IP assigned 192.168.1.254
    Netgear issuing DHCPs to 192.168.2.0/24

    Clients connected to the Netgear are thus double-NATted to the internet

    Question: How do I keep the Netgear clients from accessing computers on the WRT54GS network? (192.168.1.1/24) This line in Firewall is not doing the job:

    iptables -A INPUT -s 192.168.1.254 -d 192.168.1.0/24 -j DROP
     
  2. WRobertE

    WRobertE Addicted to LI Member

    It sounds like you need to create a new VLAN on the WRT54GSv4 running Tomato and connect the Netgear MRT814v2 to the port on the WRT54GS you've isolated for use with that VLAN.

    There are numerous posts on this forum and on the dd-wrt web site describing how to do this. Just search for "VLAN".

    For example, here's one from the dd-wrt web site that should get you going:
    http://www.dd-wrt.com/wiki/index.php/Switched_Ports
     
  3. mpegmaster

    mpegmaster Addicted to LI Member

    WRT54GS port 4 -> Netgear WAN port, static IP assigned 192.168.1.254
    Netgear issuing DHCPs to 10.10.10.0/24

    This would be out of range for the Cable modem -> WRT54GS WAN port
    WRT54GS issuing DHCPs to 192.168.1.0/24

    I.E. not drill-able...


    Cheers!
     
  4. This does not seem like it would work, because 192.168.1.0/24 and 192.168.2.0/24 should be in different subnets already.

    I will try the vlan solution when I get a chance. I suppose that ports in a vlan are not subject to firewall between one another, which is why I need to create a vlan2 for my extra router... so it will be checked against firewall rules?

    Thanks for the help.
     
  5. WRobertE

    WRobertE Addicted to LI Member

    Sorry...I'm not sure what you're asking here...

    Here's another site that might help:
    http://catsmacsandhacks.blogspot.com/2010/09/how-to-vlan-your-network-with-tomato.html

    A few important points...
    1. You WON'T use the WAN port on the Netgear MRT814v2. Instead, connect one of the LAN ports on the Netgear MRT814v2 to the port on the WRT54GSv4 you're using for the new VLAN. This eliminates the double-NAT situation you have in your current setup.
    2. You'll need to disable DHCP on the Netgear MRT814v2 since it will now be getting IP addresses from the WRT54GSv4. The configuration on the WRT54GSv4 sets up a separate DHCP server for the new VLAN so the Netgear shouldn't be assigning IP addresses.
     
  6. Thanks guys. I followed the advice here:
    http://tomatousb.org/tut:two-isolated-separate-lan-subnets

    Everything is working great, except the provided QoS command doesn't work, it throws a syntax error. No big deal: I just used the GUI to classify everything to/from 10.0.0.0/24 to Lowest.

    Whoever Josh is in my neighborhood, I'm sure he now appreciates the "Free Public WiFi" from my house.
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice