Kalábovi

Kalábovic wikina

Uživatelské nástroje

Nástroje pro tento web


pitel:projekty:ddwrtguestwifi

Rozdíly

Zde můžete vidět rozdíly mezi vybranou verzí a aktuální verzí dané stránky.

Odkaz na výstup diff

pitel:projekty:ddwrtguestwifi [17. 10. 2015, 13.15:50]
pitel vytvořeno
pitel:projekty:ddwrtguestwifi [17. 10. 2015, 13.17:41] (aktuální)
pitel typos
Řádek 1: Řádek 1:
 +====== Guest Wi-Fi with DD-WRT ======
 +There are plenty of howtos about that, but none of them seems to match current state of DD-WRT firmware. So I decided to write my own.
  
 +{{ https://​imgs.xkcd.com/​comics/​standards.png |xkcd}}
 +
 +<​note>​This guide is written for **DD-WRT v3.0-r27944 std (10/​09/​15)** running on **TP-LINK TL-WR1043ND**.</​note>​
 +
 +===== Adding virtual interface =====
 +  - Go to //​Wireless//​ → //Basic Settings// and click on //Add// button.
 +  - Name your new network and check //Advanced Settings//.
 +  - Switch //Network Configuration//​ to //​Unbridged//​.
 +  - Enable //Network Isolation// and set //IP Address// and //Subnet Mask// to something other then your home network.
 +  - //Save// & //Apply Settings//.
 +
 +{{ iface.png }}
 +
 +You should now see the network, but you will have to manualy set IP address and you will get no internet.
 +
 +===== DHCP =====
 +  - Go to //Setup// → //​Networking//​ and scroll all the way down to //DHCPD// section and click //Add//.
 +  - Choose your new interface (shuld be something like ''​ath0.1''​) and tweak the other settings if you want.
 +  - //Save// & //Apply Settings//.
 +
 +{{ dhcp.png }}
 +
 +You should now get assigned IP address after connecting to the network. But still no internet.
 +
 +===== Firewall =====
 +  - Go to //​Administration//​ → //​Commands//​ and save the following commands as //​Firewall//​.
 +  - //Save// & //Apply Settings//.
 +
 +<code bash>
 +iptables -I FORWARD -i ath0.1 -d `nvram get lan_ipaddr`/​`nvram get lan_netmask` -j logdrop
 +iptables -t nat -I POSTROUTING -o br0 -s 10.0.0.0/24 -j MASQUERADE
 +iptables -I INPUT -i ath0.1 -j logdrop
 +iptables -I INPUT -i ath0.1 -p udp --dport 67 -j ACCEPT
 +iptables -I INPUT -i ath0.1 -p udp --dport 53 -j ACCEPT
 +iptables -I INPUT -i ath0.1 -p tcp --dport 53 -j ACCEPT
 +</​code>​
 +
 +<note important>​Replace ''​10.0.0.0'',​ ''​ath0.1''​ and maybe ''​br0''​ with your settings!</​note>​
 +
 +It enables port forwarding, but disable access from guest network to your home network, except DNS and DHCP.
 +
 +You should now have separate Wi-Fi network with internet access.
/var/www/wiki/data/pages/pitel/projekty/ddwrtguestwifi.txt · Poslední úprava: 17. 10. 2015, 13.17:41 autor: pitel