Author Topic: Access Point-Internet Only Guest Access  (Read 1549 times)

jjj123

  • Calf
  • *
  • Posts: 4
Access Point-Internet Only Guest Access
« on: December 16, 2013, 04:07:05 pm »
Purchased a new WZR-600DHP for work. I need to setup one ssid that has access to the LAN and another that has internet only access.

I am plugging the WAN port of the Buffalo into my network switch. I can access my LAN and the internet but have not been able figure out how to block one ssid from accessing my LAN.

I'm new to DD-WRT, any help would be greatly appreciated.

Thanks!

joma90

  • VIP
  • *
  • Posts: 565
  • Life would be easy if we only had the source code!
    • Let me show you how to google
Re: Access Point-Internet Only Guest Access
« Reply #1 on: December 16, 2013, 09:14:02 pm »
I'm not a expert on DD-WRT nor have i tried this but if i did i would look at this.
http://www.dd-wrt.com/wiki/index.php/Multiple_WLANs

Also ask there forums for help. I will try this if i can find my spare router and post my how to do it steps. This is IF i can find my spare router.
Units I own: TS-XL, TS-WXL, LS-WVL, TS-RXL,  TS5400, TS-RVHL,

I don't work for Buffalo but i do love there products enough to help people

jjj123

  • Calf
  • *
  • Posts: 4
Re: Access Point-Internet Only Guest Access
« Reply #2 on: December 17, 2013, 09:56:30 am »
I followed this doc: http://en.faq.buffalo-global.com/app/answers/detail/a_id/14623/kw/guest%20network

When I connect to the new ssid I created I get an IP address from the new DHCP that was created, and I cannot ping my LAN, BUT I can not get out to the internet either. There has to be one more step that is either not listed or I missed.

Thanks

jjj123

  • Calf
  • *
  • Posts: 4
Re: Access Point-Internet Only Guest Access
« Reply #3 on: December 17, 2013, 10:43:34 am »
When I added the command:

iptables -t nat -I POSTROUTING -o `get_wanface` -j SNAT --to `nvram get wan_ipaddr`

My guest wlan gets internet access, but it can also get access to the entire network plugged into the WAN port. What I need to for the guest WLAN to only get to the internet without getting to other computers on my LAN.

I have thge WAN port of the WZR-600DHP plugged into my LAN network switch. It is getting a IP through my DHCP server and is using its own DHCP for wifi clients. I would be ok with changing the configuration if needed.

Thanks for any help.

jjj123

  • Calf
  • *
  • Posts: 4
Re: Access Point-Internet Only Guest Access
« Reply #4 on: December 18, 2013, 05:15:01 pm »
I figured it out. For anyone that comes across this problem the command is:

iptables -I FORWARD -i br1 -d `nvram get wan_ipaddr`/`nvram get wan_netmask` -m state --state NEW -j DROP