1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Guest Setup

Discussion in 'Tomato Firmware' started by w11x22, Apr 24, 2013.

  1. w11x22

    w11x22 Networkin' Nut Member

    Hi all
    I have created Guest setup (first time) on my N66U Router (running latest ver of RAF)... So my original NW is 10.10.100.1 and Guest is 192.168.2.1... When I connect via Guest I get an IP of 192.168.2.X but I am able to connect to Router setup using 10.10.100.1.... Is this Normal as I should not be able to login to 10.10.100.1 NW while I am connected to 192.168.2.X...
     
  2. Marcel Tunks

    Marcel Tunks Networkin' Nut Member

  3. w11x22

    w11x22 Networkin' Nut Member

    Thanks a lot Marcel............... I thought it would be quick and easy fix but by the looks of it, it does not appear that way..... I installed Merlin on my Router and on that if you pick Guest Network to enable then it asks you if you want to give access to Intranet to the Guest or not...... And that's it.....
    I will try to give this Thread a read and check but thanks again for the help
     
  4. Trent Bates

    Trent Bates Serious Server Member

    w11x22, I have gotten some of the "guest network" stuff figured out on Tomato! (with lots of help :) )
    We seem to share the same addiction to Tomato and I wanted to make sure you knew that progress had been made!

    http://www.linksysinfo.org/index.ph...om-others-without-a-subnet.68455/#post-226708
    My post is 2-3 below yours.

    http://www.linksysinfo.org/index.ph...om-others-without-a-subnet.68455/#post-227185
    This one has some code that might be useful.

    This might be enough to help you with your concern. If not, I imagine we are really close now!
     
  5. philess

    philess Networkin' Nut Member

    All he would need to paste in Administration/Scripts/Firewall is this:

    Code:
    iptables -I INPUT -i br1 -p tcp -m multiport --dports 22,23,80,161,443 -d 10.10.100.1 -j REJECT --reject-with tcp-reset
    iptables -I INPUT -i br1 -p udp -m multiport --dports 22,23,80,161,443 -d 10.10.100.1 -j DROP
    iptables -I INPUT -i br1 -p tcp -m multiport --dports 22,23,80,161,443 -d 192.168.2.1 -j REJECT --reject-with tcp-reset
    iptables -I INPUT -i br1 -p udp -m multiport --dports 22,23,80,161,443 -d 192.168.2.1 -j DROP
    Assuming that his Guest Network is on br1. These rules are blocking every connection coming FROM the
    guest network TOWARDS the specified ports on both IP´s of the router. In that example the ports
    are for Telnet, SSH, HTTP, SNMP and HTTPS, once for TCP and once for UDP.

    But i think judging from the date of the last post before yours he has figured it out by now :)
     
  6. w11x22

    w11x22 Networkin' Nut Member

    Hi guys
    No, I have not figured it out I just had given it up. It is hard to beleive though that a thing which was so easily done (via GUI in Merlin/Stock) seems impossible in Tomato. Merlin with just ONE click and the ISOLATION is achived, thats it..............I have a very basic knowledge of network and following the Trent Post and then lost track of it. I think Trent has achived this by running IPTABLES command etc to make it work. But I am still unable to do this....
    Thanks
     
  7. philess

    philess Networkin' Nut Member

    As i said, paste those iptables lines in Administration/Scripts/Firewall, save & reboot the router. And you ARE able to do this.
     
  8. w11x22

    w11x22 Networkin' Nut Member

    Finally........................Thanks a million, Philess, it worked..........
    I am planing to upgrade to Shibby 109 now. So I would copy paste the same lines same place, right?
    Right now I am running RAF (Latest) and no problem not a single reboot in months......
    I had problems with all Shibby builts (upto 107) that DHCP would never release the IP and new devices unbale to connect unless I reboot the ROuter... There are threads for this problem in the same forums..
    I hope that this problem has been resolved in 109..Will give this a shot
    Thanks again guys,,,,,,
     
  9. w11x22

    w11x22 Networkin' Nut Member

    Thanks all, as mentioned above all is good and working but with one little problem... I use MAC Filtering on my original NW and that is effecting on my GUEST (Virtual) NW as well.... But I do not want to use MAC Filtering on my Guest NW... Is there ant way I can use MAC Filtering on original NW but not on Guest.... can this be done????
    Please advise...
     
  10. philess

    philess Networkin' Nut Member

    Short answer Yes it can be, but its quite complicated.
     

Share This Page