Drew Van Zandt wrote: > Method (1): Put the wireless router outside the wired router. > Method (2): Add something like: > iptables -I INPUT -d 192.168.1.0/255.255.255.0 > <http://192.168.1.0/255.255.255.0> -j DROP > and (to allow the wired router as a destination): > iptables -I INPUT -d 192.168.1.1 <http://192.168.1.1> -j ACCEPT > > You might need to do that second method to the nat table instead of > the default table, that's all from memory so the syntax is probably > not quite right. > > --DTVZ > > On Thu, Dec 11, 2008 at 3:53 PM, Alex Hewitt <hewitt_t...@comcast.net > <mailto:hewitt_t...@comcast.net>> wrote: > > This might not have an easy answer but I want to setup a wireless > router > inside an existing LAN. I want to be able to let users connect to the > wireless router but not be able to access systems on the LAN that the > wireless router will be installed on. So the scenario is: > > Internet Connection > . > . > Existing router (192.168.1.1 > <http://192.168.1.1>) > . > . > Wireless router (192.168.2.1 > <http://192.168.2.1> or any private network) > > A user connecting to the wireless router would get an address such as > 192.168.2.100 <http://192.168.2.100> and they could ping or > otherwise see machines on the > 192.168.1. <http://192.168.1.>* network. I've got dd-wrt v2.4 > micro edition running on a > WRT54G V5 wireless router. The main router is a LinkSys RV042 > model. Is > there a simple way to stop users connected on the wireless router from > accessing systems on the main LAN? One way to achieve this would be to > add a switch between the ISP's equipment and the RV042 but I'd like to > make sure that any wireless connections couldn't chew up too much > bandwidth. > > -Alex > > _______________________________________________ > gnhlug-discuss mailing list > gnhlug-discuss@mail.gnhlug.org <mailto:gnhlug-discuss@mail.gnhlug.org> > http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/ > > Just a followup. I used the second method. Drew's suggested iptables commands were correct except for the table that needed to be updated which turned out to be the "FORWARD" table in OpenWRT. Also making the iptables rules persist requires modifying a file "/etc/firewall.user". Initially I miss-understood how this was to be done because the documentation suggested that merely executing firewall.user would make the iptables rules persist across reboots and power cycling. In fact you need to add your new rules to the firewall.user script which gets run every time the router is rebooted.
-Alex _______________________________________________ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/