1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

2 virtual lan's, multiple ssid'a etc

Discussion in 'Tomato Firmware' started by ulyan, Jul 2, 2012.

  1. ulyan

    ulyan Networkin' Nut Member

    Hi everyone,

    As I have an E3000 router I decided to test the multiple ssid feature, that the great developers incorporated :D. So I have my primary lan 192.168.1.x with the wireless SSID's (2,4 Ghz / 5 Ghz), the ones that conect all my home devices. Then I created a secondary lan 192.168.2.x and I have binded two new SSID's newly created named xxx-guest. I aslo create a virtual lan for this new Ip block. I'll post the screenshots:

    Untitled.jpg Untitled2.jpg Untitled3.jpg

    My question is, as I have the media server activated, my printer and the samba services to share a hard drive, can I guarantee somehow that the user from the secondary lan can't acess my rousources on the first lan ?

    Thank you.

    (Do the mac filtering only apply to the base SSID or to the virtual ones aswell ?)
  2. shibby20

    shibby20 Network Guru Member

    bridges are separated, well no one frm 192.168.2.x hasn`t access to 192.168.1.x and vice versa. If you want grand access from 2nd bridge to 1st bridge you have to use LAN Access page. BUT...

    all hosts from 192.168.2.x have access to router resorces (dlna, samba etc). Blocking samba shares for 2nd bridge is easy. Just add to custom configuration:
    hosts allow = 192.168.1.

    this will grant access only for hosts from 1st bridge. With DLNA we have a problem because this is a broadcast signal. You can try set a static port, ie 11922 (zero is a randon port) and add to firewall a rule to block packages from br1 on dest port of dlna:
    iptables -I INPUT -i br1 -p tcp --dport 11922 -j REJECT

    i write this from my mind well i could make some type ;)

    i`m not sure but IMO for all wlan`s

    Best Regards.

Share This Page