2 Routers and iptables

Discussion in 'Tomato Firmware' started by Ramorous, May 23, 2011.

  1. Ramorous

    Ramorous Addicted to LI Member

    I have 2 tomato routers. One is connected to the wan the other to a port on the first. I would like to not allow the second router to access the LAN of the first router. What would be the best way to achieve this? Still want devices on router 2 to access the Internet.

    Wan ---- router ( --- router 2 (
  2. xtacydima

    xtacydima LI Guru Member

    I am sure there might be a better or another way to do this, but would adding an access restriction rule to not allow access to the ip address of the first work sufficiently?

    That should be easy enough so users behind the second router can't tinker with the settings of the first router.
  3. ntest7

    ntest7 Network Guru Member

    On the second router:
    - connect the second router WAN to a LAN port on the first router
    - set the second router to a different network number, ie. (you can use a /26 if you want, but it's clearer what you're doing if you just use separate /24s).

    Add to scripts/firewall on the second router:
    iptables -I wanout -d -j REJECT

    Second router will have full internet access and full access to its own LAN, but no access to the first LAN or first router.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice