Ethernet isolation

Post new topic   Reply to topic    DD-WRT Forum Index -> Advanced Networking
Author Message
ds25
DD-WRT Novice


Joined: 21 Aug 2016
Posts: 2

PostPosted: Sun Aug 21, 2016 0:44    Post subject: Ethernet isolation Reply with quote
Hi all

The issue of port isolation seems to be reasonably well covered across this and other DD-WRT sites, so either I'm missing something obvious, or I'm just not fully understanding what is happening in the setup. I would rate my knowledge as average to good at best.

I'm trying to isolate a specific device on my router, so that it can access the internet but not the rest of my network, including the router (and also that the rest of my network cannot access the specific device). The device will always use a specific LAN port, so I'm happy to isolate using MAC, IP or port, whichever gets the job done.

I use a Lynksys WRT54GL running DD-WRT v24-sp2 (07/22/09) mini. I have successfully created a VLAN and a DHCPD dishes out addresses in the correct ranges for my private network (192.168.1.2-100) my guest wifi (192.168.2.1-100) and the port I want to isolate (192.168.3.1). When I try to isolate that port by using firewall commands, I get either one of two problems:

1) the device can see the internet, AND the rest of my network, or
2) the device cannot see the internet or anything on my network.

The commands I am using are:
#iptables -I FORWARD -i vlan2 -o vlan+ -j DROP
#iptables -I FORWARD -i vlan+ -o vlan2 -j DROP
#iptables -I FORWARD -i vlan2 -o vlan1 -j ACCEPT
#iptables -I FORWARD -i vlan1 -o vlan2-j ACCEPT

VLAN2 is the VLAN that the port I want to isolate resides in.

VLAN1 is, I believe, the VLAN that has access to the WAN (i.e. internet). I am basing that on the setting in the Setup -> Networking -> Port Setup section of the GUI. However, in the VLANS setup page I see that my other ethernet ports are set to VLAN0. On that same page, VLAN2 is set to bridge "none".

I have tried all combinations of bridging the VLAN and changing the firewall rule to allow VLAN0, but no joy.

Any ideas what I'm doing wrong here? Happy to post pictures of specific setup pages if that helps. Interestingly, my guest wifi is successfully isolated from my home network, but I cannot figure how I did that (some time ago).

Any help greatly appreciated! Thanks
Sponsor
ds25
DD-WRT Novice


Joined: 21 Aug 2016
Posts: 2

PostPosted: Sat Aug 27, 2016 19:41    Post subject: Reply with quote
125 views and no replies.... Crying or Very sad
Mile-Lile
DD-WRT Guru


Joined: 24 Feb 2013
Posts: 1634
Location: Belgrade

PostPosted: Sun Aug 28, 2016 6:43    Post subject: Reply with quote
no one is sure because you have very old build... even recent builds works different... first thing to get help is to update to very recent build... kernel, net filter modules... everything can be different from build to build and can produce different behaviour...
Display posts from previous:    Page 1 of 1
Post new topic   Reply to topic    DD-WRT Forum Index -> Advanced Networking All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum