SmallNetBuilder Forums
Go Back   SmallNetBuilder Forums > Wireless Networking > Wireless Article Discussions

Reply
 
Thread Tools Search this Thread Display Modes
  #1  
Old 03-27-2012, 11:32 AM
ikecomp ikecomp is offline
New Member
 
Join Date: May 2011
Posts: 29
Thanks: 1
Thanked 2 Times in 2 Posts
ikecomp is just starting out
Default Add Public Access Point (Separate from Private LAN)?

Hi All

Sorry if this is in the wrong section but I thought this was closely related to the article on adding an access point to an existing network. If this belongs elsewhere let me know.

So here's the skinny. I recently upgraded to the Asus RT-N56U from an older Linksys WRT54GL running DD-WRT (it served me well and is still kicking but it was time for the upgrade). At any rate, I have everything running buttery smooth with padavan's firmware on the Asus and the new speeds are nice. However, I want to take advantage of my old linksys to use it as a guest wireless access point.

This isn't hard to do as I've done this before with an old netgear router (configure ip address of old router out of dhcp range of new router, setup different/same ssid depending on needs, connect cable to lan port of old router so it can pull ip address from new router, etc) but my end game is slightly different.

I want the old linksys to be able to pull an internet connection from the Asus (via lan cable) however, I don't want wireless clients connected to the linksys to be able to see my private LAN hosted on the ASUS

I'm certain this is possible and I can do it if given some guidance but I'm not sure where to start. Is there some setting in the old ddwrt to bridge the wireless radio to a different ip address range for wireless clients but still have an internet connection?

Thanks for any help and let me know if I need to provide more information

Last edited by ikecomp; 03-27-2012 at 11:36 AM.
Reply With Quote
  #2  
Old 03-27-2012, 10:28 PM
overdrive31 overdrive31 is offline
Very Senior Member
 
Join Date: Aug 2008
Posts: 350
Thanks: 0
Thanked 20 Times in 20 Posts
overdrive31 is just starting out
Default

Plug the cable coming from the ASUS into the WAN port of the WRT54GL, now be sure the LAN IP of the Linksys is not in the same subnet as the ASUS. If you went the wireless client bridge as WAN route using ddwrt, you would only have wired to share from it, without creating a wireless repeater in ddwrt which will reduce wireless bandwidth in half for clients connecting to it. Both solutions requires the LAN IP subnet of the Linksys to be different from the ASUS routers LAN IP subnet. For instance, if the ASUS is 192.168.1.1, you will want to set the Linksys up with a static WAN IP like 192.168.1.2 and for it's LAN IP to use something like 192.168.2.1
__________________
NETGEAR R7000
TEW-652BRP V1.1R F/W DD-WRT
Reply With Quote
  #3  
Old 03-28-2012, 12:17 PM
ikecomp ikecomp is offline
New Member
 
Join Date: May 2011
Posts: 29
Thanks: 1
Thanked 2 Times in 2 Posts
ikecomp is just starting out
Default

Quote:
Originally Posted by overdrive31 View Post
Plug the cable coming from the ASUS into the WAN port of the WRT54GL, now be sure the LAN IP of the Linksys is not in the same subnet as the ASUS. If you went the wireless client bridge as WAN route using ddwrt, you would only have wired to share from it, without creating a wireless repeater in ddwrt which will reduce wireless bandwidth in half for clients connecting to it. Both solutions requires the LAN IP subnet of the Linksys to be different from the ASUS routers LAN IP subnet. For instance, if the ASUS is 192.168.1.1, you will want to set the Linksys up with a static WAN IP like 192.168.1.2 and for it's LAN IP to use something like 192.168.2.1
Thanks for you response but I tried those and didn't much like those as viable options. Especially the repeater. However, I did find a way to accomplish this and it only cost me a good night's sleep

At any rate this is what I did:

1) Did 30-30-30 reset on my router to erase all previous settings.
2) Logged into the router connected via cable and updated the router IP to be 192.168.2.1 instead of the default 192.168.1.1 and left everything else on the basic settings as default.
3) After the router rebooted, I set up the wireless network (channel, SSID, encryption, etc) and applied the settings
4) Created a separate bridge named br1 for the Wireless connection (on my router the physical adapter is eth1 but may be different on yours. You will need to know this)
5) I gave this bridge (br1) an IP and subnet mask of 192.168.3.1/255.255.255.0
6) I also added a dhcp server for br1. You can find all the instructions for bridging the connection in the link below

http://www.dd-wrt.com/wiki/index.php...e_LAN_and_WLAN

7) Now for the most important part. I had to make sure that anyone connected to this wireless connection could see the internet but not see my main LAN so I had to update the firewall with these commands (also found in the guide above).

iptables -I FORWARD -i br1 -o br0 -m state --state NEW -j DROP
iptables -I FORWARD -i br1 -d `nvram get wan_ipaddr`/`nvram get wan_netmask` -m state --state NEW -j DROP
iptables -I INPUT -i br1 -m state --state NEW -j DROP
iptables -I INPUT -i br1 -p udp --dport 67 -j ACCEPT
iptables -I INPUT -i br1 -p udp --dport 53 -j ACCEPT
iptables -I INPUT -i br1 -p tcp --dport 53 -j ACCEPT

8) unplug the power from the router and then plug the network cable coming from your main router/switch into the WAN port of your secondary router (guest router).

9) Plug the power to the router back in and you should be able to join your new wireless network and have access to the internet but not any of the computers on your main lan. I verified this by trying to ping some of the static pc's on my home network and also tried connecting to some of their shares and none worked. Only the internet.

10)OPTIONAL BUT RECOMMENDED: If you plan to use this as a guest access router, you should set some quality of service for it so that guests can not hog all the bandwidth. I set uplink/downlink to be 1/3 the bandwidth of my main connection. I set this for 192.168.3.0/24 in the netmask section (this is the IP range for br1).

Next, I believe I will explore using this old router as multipupose. I plan to use it as an AP for older G devices in my home as well as creating a separate vlan for guest account access like what I did above. That way my new Asus can be used only for 2.4/5 ghz N devices and the linksys for G devices and guest access.

At any rate, hope this helps someone. In the meantime, I have much slumber to catch up on.

EDIT: Added some missing firewall commands

Last edited by ikecomp; 03-29-2012 at 10:57 AM.
Reply With Quote
Reply

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


All times are GMT -4. The time now is 01:07 AM.


Top 10 Stats
Top Posters* Top Thanked
RMerlin  362
john9527  147
azazel1024  134
stevech  120
htismaqe  99
L&LD  97
sfx2000  77
TonyH  72
AndreyPopov  56
ChristineBCW  54
RMerlin  6019
john9527  374
stevech  349
ryzhov_al  277
TeHashX  232
L&LD  231
RogerSC  199
sinshiva  147
sfx2000  133
joegreat  126
Most Viewed Threads* Hottest Threads*
Old Shellshock...  27517
Old Asuswrt-Merli...  11118
Old Antenna...  3913
Old Simple NAS...  2395
Old Brainstorming...  2203
Old Looking for...  1966
Old RT-AC68P  1880
Old Advice on...  1613
Old RT-AC68U...  1391
Old Asus...  1317
Old Asuswrt-Merli...  90
Old Antenna...  73
Old Advice on...  47
Old Brainstorming...  47
Old Simple NAS...  36
Old Looking for...  35
Old Shellshock...  31
Old Stable...  25
Old Issues...  24
Old WiFi Rates  23


Powered by vBulletin® Version 3.7.3
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
© 2006-2014 Pudai LLC All Rights Reserved.