as a side note Google works ok..... that's how I found it......even though I remembered writing about it... didn't have a clue where it had gone off to.
Google can be your friend
Joined: 18 Mar 2014 Posts: 12908 Location: Netherlands
Posted: Mon Oct 23, 2017 11:06 Post subject:
When using a different subnet for a VAP on a WAP (i.e. unbridged) I think you also have to do the natting yourself to get internet acces by adding this to the firewall:
When using a different subnet for a VAP on a WAP (i.e. unbridged) I think you also have to do the natting yourself to get internet acces by adding this to the firewall:
I'm no expert but that's all I use on my WAP which also has VLAN.
Probably shouldn't use Net Isolation on the VLAN & WAP....at least turn it off to see what you have.
Might be better to isolate with other rules.
I don't use it on mine but I only have 2 ports config in the 192.168.1.0 strictly used as a switch for debricking my screwups.
Net Isolation does not always work as you might expect on a WAP or when used if br1,br2, br.. also in the config
Then with the additional firewall rules I made sure all the "Guest" will behave well
Code:
iptables -I FORWARD -i wl0.1 -d `nvram get lan_ipaddr`/`nvram get lan_netmask` -m state --state NEW -j DROP
iptables -I FORWARD -i wl1.1 -d `nvram get lan_ipaddr`/`nvram get lan_netmask` -m state --state NEW -j DROP
iptables -t nat -I POSTROUTING -o br0 -j SNAT --to `nvram get lan_ipaddr`
At the end I think one could have setup a NEW bridge and configure that ... however this was more straight forward ... using many build-in options.
Many thanks to the volunteers, who make the DD-WRT community what it is!