Separate Wireless from Wired Clients???

Discussion in 'Tomato Firmware' started by roadkill, Mar 26, 2007.

  1. roadkill

    roadkill Super Moderator Staff Member Member

    I'm trying to set the LAN to 192.168.1.x netmask
    and the WLAN to 10.0.0.x netmask

    how can I separate WLAN from LAN using VLANs is there a proper way?
    I played with it a little but made no good results...
  2. ifican

    ifican Network Guru Member

    I cant find anywhere that allows you to within the firmware however you should beable to write a script to change the vlan of the wlan. Though i think your are going to have to use static ip's as i dont know how you would implement another dhcp server just for the wireless. Oh, and unless you are looking to do something out of the ordinary you could enable ap isolation and keep your wireless clients from accessing your lan that way.
  3. digitalgeek

    digitalgeek Network Guru Member

  4. roadkill

    roadkill Super Moderator Staff Member Member

    no can't do that in Tomato...
  5. ifican

    ifican Network Guru Member

    Agreed there is no "setting" but i have read plenty of threads where someone created a second vlan via the command line or a script. Now the question would be can you do this with the WLAN and not just another interface.
  6. roadkill

    roadkill Super Moderator Staff Member Member

    I need to know how to break br0 which is all the web clients afaik
    to wired and wireless
    ip addr add eth1 dev vlan2 brd +
    /usr/sbin/iptables -I POSTROUTING -t nat -o vlan2 -d eth1 -j MASQUERADE
    I have two more question first - will this work?
    and the second one how can I run an independant dhcp server on the vlan?
  7. fastpakr

    fastpakr Network Guru Member

    ap isolation separates wireless clients from each other, but not from wired.
  8. roadkill

    roadkill Super Moderator Staff Member Member

    okay I just added a little dnsmasq options to allow wlan to received different dhcp address scope very nice but still I have a route to the original wired network which I have to filter using access restrictions... I would like to have separate vlan for each connection...
    any help will be more than welcome...
  9. Partizan

    Partizan Network Guru Member

    I am interested in this also. Trying to set a WIFI hotspot, but don't want the wireless clients to snoop around my lan.

    Any help much appreciated
  10. roadkill

    roadkill Super Moderator Staff Member Member

