1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Isolating Wired from Wireless

Discussion in 'Tomato Firmware' started by roadkill, Oct 16, 2007.

  1. roadkill

    roadkill Super Moderator Staff Member Member

    have anyone here tried separating Wireless from Wired with Tomato?

    I modified some script I found and plan to test it on the weekend, any comments are welcome.

    Create new NVram values for dhcp
    Remove Wireless interface from the LAN bridge
    Init Script
    Wan Up Sript
    DNSmasq custom config Advanced -> DHCP / DNS -> Dnsmasq Custom Configuration
    I haven't found the right syntax for DNSmasq yet but it's working with manual addresses.
     
  2. roadkill

    roadkill Super Moderator Staff Member Member

    someone tried to achieve the same?
    because looks it like it's working...
     
  3. Victek

    Victek Network Guru Member

    roadkill, I think one of the dhcp stops working when I did time ago. It works in your case?

    Cheers.
     
  4. roadkill

    roadkill Super Moderator Staff Member Member

    yes the dnsmasq look like it's running this is what I used in the configuration
    follow up: dnsmasq wireless dhcp server is confirmed to be working good
    any advices on how to get QOS working here will be more than welcome because I have no idea how to do that. :biggrin:
     
  5. roadkill

    roadkill Super Moderator Staff Member Member

    howto separate LAN/WLAN with a OpenVPN server.

    Create new NVram values for DHCP server
    Init Script
    Firewall Script:
    Wan Up Script:
    DNSmasq custom config
    Advanced -> DHCP / DNS -> Dnsmasq Custom Configuration
     
  6. humba

    humba Network Guru Member

    I think

    interface br1

    instead of

    listen-address=10.0.0.1

    would give the same results.

    And for those who are wondering about the iptables lines, I figure the following is happening:

    $(expr $(iptables -L INPUT|wc -l) - 2)

    returns the number of lines in the INPUT chain minus 2.

    You could get funky now and create another tap interface, tied it to br1 and start openvpn a second time on another port, thus allowing vpn access to the wireless lan (probably not terribly useful though). Too bad we can't have openvpn to route traffic to different interfaces in function of who connects - but perhaps a creative use of iptables would permit rerouting of vpn traffic based on the address that the connecting host gets - but I'm getting way ahead of myself here.
     
  7. humba

    humba Network Guru Member

    By the way.. is there a particular reason why you added a second bridge?
    And you didn't by any chance arrive at a scenario during your tests where the wlan lamp was up, the interface was up, but the wlan was nowhere to be found?

    @edit: I did some more tinkering and noted another curious behavior:

    If I add
    Code:
    ifconfig eth1 down
    brctl delif br0 eth1
    to my init script, once the router is up, the wlan is on and working, and bridged to br0 (connecting clients get an ip address from vlan0).

    And if we look at /etc/nas.conf (haven't found manpage for it yet and google returns network attached storage all over when searching for nas) - it the first line contains

    nas -P /var/run/nas.pid -l br0 -H 34954

    and thus a reference to br0 and I wonder if that's really what it ought to be if we detach eth1 from br0.
     
  8. roadkill

    roadkill Super Moderator Staff Member Member

    I used that OpenVPN via an open wireless access point where OpenVPN client get connected and don't get access to the net until using OpenVPN client.
     
  9. williswasabi

    williswasabi Guest

    Actually, I think the expr with iptables -L bit is to remove the 2 header lines from count of lines in the output so that it gets inserted at the end. Run iptables -L yourself to see what I mean. This just seems an extraordinarily roundabout way to get the same result as "iptables -A {chain} {rulespec}". Of course, now I'll go try it and be proved wrong. :)
     
  10. pedroporco

    pedroporco Guest

    Hi, im trying this configuration on Tomato Firmware v1.27vpn3.6.4b664ba6 WRT54G
    but i can´t get it working. Wireless clients gets the same addres as wired clients.

    anyone could help me?

    thanks!!!
     

Share This Page