Discussion in 'Tomato Firmware' started by alienrex, Jul 28, 2010.

  1. alienrex

    alienrex LI Guru Member

    Is it possible to make separate LAN range for guest (for LAN and WIFI access)? So users with known MAC would got access to my LAN, other got guest access via DHCP (they can access to internet, but not my LAN resources).

    I'm looking for two SSID alternatives (as Tomato don't support it).
  2. rhester72

    rhester72 Network Guru Member

    MAC spoofing is so trivial as to be not funny, so this wouldn't really offer any real protection except by the extremely non-technical. That having been said, you could probably pull something like this off with extremely clever dnsmasq custom rules (basically pinning different dnsmasq rules to MAC-defined classes) and iptables rules (to "firewall" the guest network from the local one). You'd also have to use some fake-VLAN tricks using ipconfig to add a different subnet to br0 for the guests.

    All in all, it can be done, but it would be rather brittle and tricky.

  3. fubdap

    fubdap LI Guru Member

