Posted: Thu Sep 14, 2017 12:06 Post subject: Isolating private network resources from public network
Hello,
My network setup is below:
MAIN ROUTER - netgear R6250 - connected to internet
---------------
WAN IP: from ISP - LAN IP: 192.168.1.1 - Subnet: 255.255.255.0
---------------
SUB ROUTER 1 - dd-wrt build 21676 - connected to main router
---------------
WAN IP: 192.168.1.100 - LAN IP: 192.168.2.1 - Subnet: 255.255.255.0
---------------
SUB ROUTER 2 - dd-wrt build 21676 - connected to main router
---------------
WAN IP: 192.168.1.101 - LAN IP: 192.168.3.1 - Subnet: 255.255.255.0
---------------
Both sub routers run hotspotsystem for public wifi. The main netgear router is our private network.
When I am connected to the public wifi, I have noticed I am able to connect to resources such as backup drives on the private network.
I was wondering how I can isolate these from the dd-wrt routers so that the public are unable to access the private resources.
If you require more information please do not hesitate to ask.
Joined: 16 Apr 2016 Posts: 307 Location: California
Posted: Fri Sep 15, 2017 8:35 Post subject: Net Isolation and Access Point Isolation
VLANS and Network Segmentation.
BUT, you can also use Access Point Isolation and Net Isolation and make sure they use different IP ranges.
This stops the wireless clients from being able to see any network outside the ip range or each other for that matter. _________________ My Karma ran over your Dogma
SploitWorks Custom Flashed Routers
iptables -I FORWARD -d 192.168.1.102 -j DROP
iptables -I INPUT -d 192.168.1.102 -j DROP
but the address range I wish to block is 192.168.1.100 to 192.168.1.150. (This is the IP range of my private network) Can you suggest a command that will do this? I have tried using the IP range command for iptables in the wiki and this has not worked for me.
...but the address range I wish to block is 192.168.1.100 to 192.168.1.150. (This is the IP range of my private network) Can you suggest a command that will do this?
The command(s) will be much simpler if you first shift the address range of your private network. Move it to a single subnet like 192.168.1.64 to 192.168.1.127, aka 192.168.1.64/26, aka 192.168.1.64/255.255.255.192 . Then your firewall command becomes simply: