Guest Wi-Fi with DD-WRT

There are plenty of howtos about that, but none of them seems to match current state of DD-WRT firmware. So I decided to write my own.

1. Go to Wireless → Basic Settings and click on Add button.
2. Name your new network and check Advanced Settings.
3. Switch Network Configuration to Unbridged.
4. Enable Network Isolation and set IP Address and Subnet Mask to something other then your home network.
5. Save & Apply Settings.

You should now see the network, but you will have to manualy set IP address and you will get no internet.

1. Go to Setup → Networking and scroll all the way down to DHCPD section and click Add.
2. Choose your new interface (shuld be something like ath0.1) and tweak the other settings if you want.
3. Save & Apply Settings.

You should now get assigned IP address after connecting to the network. But still no internet.

1. Go to Administration → Commands and save the following commands as Firewall.
2. Save & Apply Settings.

iptables -I FORWARD -i ath0.1 -d `nvram get lan_ipaddr`/`nvram get lan_netmask` -j logdrop
iptables -t nat -I POSTROUTING -o br0 -s 10.0.0.0/24 -j MASQUERADE
iptables -I INPUT -i ath0.1 -j logdrop
iptables -I INPUT -i ath0.1 -p udp --dport 67 -j ACCEPT
iptables -I INPUT -i ath0.1 -p udp --dport 53 -j ACCEPT
iptables -I INPUT -i ath0.1 -p tcp --dport 53 -j ACCEPT

It enables port forwarding, but disable access from guest network to your home network, except DNS and DHCP.

You should now have separate Wi-Fi network with internet access.