1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Tomato WRT54GL as client, private subnet

Discussion in 'Tomato Firmware' started by samwell, Aug 4, 2009.

  1. samwell

    samwell Addicted to LI Member

    Hello All, where I live offers free wifi, but they have no hard connections. I need to use my router as a client, to then connect to my physically connected devices. I believe I understand how to do this, however, I'd like my subnet that I set up to not to be visible, or be able to see, any other computers on the hosting router's network. Does anyone know the best way to go about this? Thanks in advance for any help!
  2. fyellin

    fyellin LI Guru Member

    If you set up your router as a wireless client, then you are creating your own private subnet. Outside computers will have no access to your private subnet, except via whatever port forwarding rules you set up. If you turn off "ping" (Advanced > Firewall > Respond to ICMP Ping), then your router won't even be pingable. (Be careful on small networks; many DHCP servers, including tomato, use ping to double check if an IP address is in use or not before leasing it).

    I'm not sure how to make the host network invisible to your private network. Someone with more iptables-fu may be able to help you.
  3. samwell

    samwell Addicted to LI Member

    Thanks for the reply fyellin. The guide I read for setting up my router as a wireless client mentioned this:

    I assumed that meant they would likewise be able to reach me unsolicited, I just assumed my router offered up the information to the hosting router. I am glad to hear that is not the case. I only wanted the host network invisible because that would assure me I was also invisible to them, but if it is one way from client to host network, then I am satisifed.

    Regarding the ping, it is a professionally installed network of hotspots that I am connecting to at the apartment complex, so I am not sure what that would suggest about how they lease IPs. I suppose I'll let the pings come through, no harm in that, that I know of, I just want my network to stay mine.

    Once again, thanks for the reply. You have helped put my mind at ease!

    Edit: Just to clarify, is my source of confusion that routers acting as routers create subnets that can interact with each other, and this is not the case running in client mode?
  4. baldrickturnip

    baldrickturnip LI Guru Member

    my understanding is if you set as a wireless client your wifi card becomes the WAN so you will have the normal firewall between it and the LAN.

    the problem with some of the wifi access points is they require a java login which I am not sure you are able to replicate .
  5. fyellin

    fyellin LI Guru Member

    Actually your router in client mode is doing exactly what most home routers do. The only difference is that in your case the outside network is coming over wireless and your distributing it via wired connections, instead of vice versa.

    The router hides all the computers behind it, and makes it look like there is only one computer there. It's a gross simplification, but the router keeps track of all communications that computers inside the network make with computers outside the network; only those computers are allowed to respond back, and their responses are forwarded to the appropriate computer.

    You are creating a subnet within a subnet. As far as the outer subnet is concerned, there is just one computer there. If a computer inside your subnet sends a packet to google.com, it'll get sent to your router which then sends it to the apartment router when then sends it to Google. Google sends the reply to the apartment router, which sends it to your router, which then forwards it to the right computer. No one knows about the details beyond the next hop.

Share This Page