Kalábovi

Kalábovic wikina

Uživatelské nástroje

Nástroje pro tento web


pitel:projekty:ddwrtguestwifi

Rozdíly

Zde můžete vidět rozdíly mezi vybranou verzí a aktuální verzí dané stránky.

Odkaz na výstup diff

pitel:projekty:ddwrtguestwifi [17. 10. 2015, 13.15:50]
pitel vytvořeno
pitel:projekty:ddwrtguestwifi [17. 10. 2015, 13.17:41] (aktuální)
pitel typos
Řádek 1: Řádek 1:
 +====== Guest Wi-Fi with DD-WRT ======
 +There are plenty of howtos about that, but none of them seems to match current state of DD-WRT firmware. So I decided to write my own.
  
 +{{ https://imgs.xkcd.com/comics/standards.png |xkcd}}
 +
 +<note>This guide is written for **DD-WRT v3.0-r27944 std (10/09/15)** running on **TP-LINK TL-WR1043ND**.</note>
 +
 +===== Adding virtual interface =====
 +  - Go to //Wireless// → //Basic Settings// and click on //Add// button.
 +  - Name your new network and check //Advanced Settings//.
 +  - Switch //Network Configuration// to //Unbridged//.
 +  - Enable //Network Isolation// and set //IP Address// and //Subnet Mask// to something other then your home network.
 +  - //Save// & //Apply Settings//.
 +
 +{{ iface.png }}
 +
 +You should now see the network, but you will have to manualy set IP address and you will get no internet.
 +
 +===== DHCP =====
 +  - Go to //Setup// → //Networking// and scroll all the way down to //DHCPD// section and click //Add//.
 +  - Choose your new interface (shuld be something like ''ath0.1'') and tweak the other settings if you want.
 +  - //Save// & //Apply Settings//.
 +
 +{{ dhcp.png }}
 +
 +You should now get assigned IP address after connecting to the network. But still no internet.
 +
 +===== Firewall =====
 +  - Go to //Administration// → //Commands// and save the following commands as //Firewall//.
 +  - //Save// & //Apply Settings//.
 +
 +<code bash>
 +iptables -I FORWARD -i ath0.1 -d `nvram get lan_ipaddr`/`nvram get lan_netmask` -j logdrop
 +iptables -t nat -I POSTROUTING -o br0 -s 10.0.0.0/24 -j MASQUERADE
 +iptables -I INPUT -i ath0.1 -j logdrop
 +iptables -I INPUT -i ath0.1 -p udp --dport 67 -j ACCEPT
 +iptables -I INPUT -i ath0.1 -p udp --dport 53 -j ACCEPT
 +iptables -I INPUT -i ath0.1 -p tcp --dport 53 -j ACCEPT
 +</code>
 +
 +<note important>Replace ''10.0.0.0'', ''ath0.1'' and maybe ''br0'' with your settings!</note>
 +
 +It enables port forwarding, but disable access from guest network to your home network, except DNS and DHCP.
 +
 +You should now have separate Wi-Fi network with internet access.
/var/www/wiki/data/pages/pitel/projekty/ddwrtguestwifi.txt · Poslední úprava: 17. 10. 2015, 13.17:41 autor: pitel