SmallNetBuilder Forums
Go Back   SmallNetBuilder Forums > Wireless Networking > Wireless Article Discussions

Reply
 
Thread Tools Search this Thread Display Modes
  #1  
Old 03-27-2012, 11:32 AM
ikecomp ikecomp is online now
New Member
 
Join Date: May 2011
Posts: 29
Thanks: 1
Thanked 2 Times in 2 Posts
ikecomp is just starting out
Default Add Public Access Point (Separate from Private LAN)?

Hi All

Sorry if this is in the wrong section but I thought this was closely related to the article on adding an access point to an existing network. If this belongs elsewhere let me know.

So here's the skinny. I recently upgraded to the Asus RT-N56U from an older Linksys WRT54GL running DD-WRT (it served me well and is still kicking but it was time for the upgrade). At any rate, I have everything running buttery smooth with padavan's firmware on the Asus and the new speeds are nice. However, I want to take advantage of my old linksys to use it as a guest wireless access point.

This isn't hard to do as I've done this before with an old netgear router (configure ip address of old router out of dhcp range of new router, setup different/same ssid depending on needs, connect cable to lan port of old router so it can pull ip address from new router, etc) but my end game is slightly different.

I want the old linksys to be able to pull an internet connection from the Asus (via lan cable) however, I don't want wireless clients connected to the linksys to be able to see my private LAN hosted on the ASUS

I'm certain this is possible and I can do it if given some guidance but I'm not sure where to start. Is there some setting in the old ddwrt to bridge the wireless radio to a different ip address range for wireless clients but still have an internet connection?

Thanks for any help and let me know if I need to provide more information

Last edited by ikecomp; 03-27-2012 at 11:36 AM.
Reply With Quote
  #2  
Old 03-27-2012, 10:28 PM
overdrive31 overdrive31 is offline
Very Senior Member
 
Join Date: Aug 2008
Posts: 350
Thanks: 0
Thanked 20 Times in 20 Posts
overdrive31 is just starting out
Default

Plug the cable coming from the ASUS into the WAN port of the WRT54GL, now be sure the LAN IP of the Linksys is not in the same subnet as the ASUS. If you went the wireless client bridge as WAN route using ddwrt, you would only have wired to share from it, without creating a wireless repeater in ddwrt which will reduce wireless bandwidth in half for clients connecting to it. Both solutions requires the LAN IP subnet of the Linksys to be different from the ASUS routers LAN IP subnet. For instance, if the ASUS is 192.168.1.1, you will want to set the Linksys up with a static WAN IP like 192.168.1.2 and for it's LAN IP to use something like 192.168.2.1
__________________
NETGEAR R7000
TEW-652BRP V1.1R F/W DD-WRT
Reply With Quote
  #3  
Old 03-28-2012, 12:17 PM
ikecomp ikecomp is online now
New Member
 
Join Date: May 2011
Posts: 29
Thanks: 1
Thanked 2 Times in 2 Posts
ikecomp is just starting out
Default

Quote:
Originally Posted by overdrive31 View Post
Plug the cable coming from the ASUS into the WAN port of the WRT54GL, now be sure the LAN IP of the Linksys is not in the same subnet as the ASUS. If you went the wireless client bridge as WAN route using ddwrt, you would only have wired to share from it, without creating a wireless repeater in ddwrt which will reduce wireless bandwidth in half for clients connecting to it. Both solutions requires the LAN IP subnet of the Linksys to be different from the ASUS routers LAN IP subnet. For instance, if the ASUS is 192.168.1.1, you will want to set the Linksys up with a static WAN IP like 192.168.1.2 and for it's LAN IP to use something like 192.168.2.1
Thanks for you response but I tried those and didn't much like those as viable options. Especially the repeater. However, I did find a way to accomplish this and it only cost me a good night's sleep

At any rate this is what I did:

1) Did 30-30-30 reset on my router to erase all previous settings.
2) Logged into the router connected via cable and updated the router IP to be 192.168.2.1 instead of the default 192.168.1.1 and left everything else on the basic settings as default.
3) After the router rebooted, I set up the wireless network (channel, SSID, encryption, etc) and applied the settings
4) Created a separate bridge named br1 for the Wireless connection (on my router the physical adapter is eth1 but may be different on yours. You will need to know this)
5) I gave this bridge (br1) an IP and subnet mask of 192.168.3.1/255.255.255.0
6) I also added a dhcp server for br1. You can find all the instructions for bridging the connection in the link below

http://www.dd-wrt.com/wiki/index.php...e_LAN_and_WLAN

7) Now for the most important part. I had to make sure that anyone connected to this wireless connection could see the internet but not see my main LAN so I had to update the firewall with these commands (also found in the guide above).

iptables -I FORWARD -i br1 -o br0 -m state --state NEW -j DROP
iptables -I FORWARD -i br1 -d `nvram get wan_ipaddr`/`nvram get wan_netmask` -m state --state NEW -j DROP
iptables -I INPUT -i br1 -m state --state NEW -j DROP
iptables -I INPUT -i br1 -p udp --dport 67 -j ACCEPT
iptables -I INPUT -i br1 -p udp --dport 53 -j ACCEPT
iptables -I INPUT -i br1 -p tcp --dport 53 -j ACCEPT

8) unplug the power from the router and then plug the network cable coming from your main router/switch into the WAN port of your secondary router (guest router).

9) Plug the power to the router back in and you should be able to join your new wireless network and have access to the internet but not any of the computers on your main lan. I verified this by trying to ping some of the static pc's on my home network and also tried connecting to some of their shares and none worked. Only the internet.

10)OPTIONAL BUT RECOMMENDED: If you plan to use this as a guest access router, you should set some quality of service for it so that guests can not hog all the bandwidth. I set uplink/downlink to be 1/3 the bandwidth of my main connection. I set this for 192.168.3.0/24 in the netmask section (this is the IP range for br1).

Next, I believe I will explore using this old router as multipupose. I plan to use it as an AP for older G devices in my home as well as creating a separate vlan for guest account access like what I did above. That way my new Asus can be used only for 2.4/5 ghz N devices and the linksys for G devices and guest access.

At any rate, hope this helps someone. In the meantime, I have much slumber to catch up on.

EDIT: Added some missing firewall commands

Last edited by ikecomp; 03-29-2012 at 10:57 AM.
Reply With Quote
Reply

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


All times are GMT -4. The time now is 01:56 AM.


Top 10 Stats
Top Posters* Top Thanked
RMerlin  356
stevech  134
john9527  129
azazel1024  129
hggomes  84
noric  83
sfx2000  75
L&LD  69
AndreyPopov  60
Trip  60
RMerlin  5781
stevech  338
john9527  282
ryzhov_al  272
TeHashX  228
L&LD  207
RogerSC  195
sinshiva  146
joegreat  126
sfx2000  124
Most Viewed Threads* Hottest Threads*
Old Asuswrt-Merli...  14701
Old Asuswrt-Merli...  12801
Old My...  5509
Old Most stable...  4844
Old RT-AC87R (U)...  4029
Old Thinking of...  3997
Old [HOW TO]...  3021
Old Can't trust...  2626
Old RT-N66U...  2597
Old New...  2329
Old Asuswrt-Merli...  122
Old Asuswrt-Merli...  76
Old My...  56
Old [HOW TO]...  50
Old RT-AC87R (U)...  39
Old USB N...  37
Old Most stable...  30
Old New...  28
Old Second new...  27
Old Hi, RT-ac87R...  26


Powered by vBulletin® Version 3.7.3
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
© 2006-2014 Pudai LLC All Rights Reserved.