Joined: 06 Feb 2010 Posts: 7401 Location: Little Rock
Posted: Thu Aug 05, 2010 22:01 Post subject:
Also which build number did you settle on? and did you make sure to do a hard reset after the flash? my wl520gU looks right on the VLAN port arrangement.
Also which build number did you settle on? and did you make sure to do a hard reset after the flash? my wl520gU looks right on the VLAN port arrangement.
I'm using the latest (7/16/10) version of brainslayer usb_generic.
I followed this guide for the flash:
http://sites.google.com/site/wl520gu/
and did the erase nvram command after flashing.
That VLAN port arrangement you have is exactly what I had before trying to configure it. The GUI did nothing to match what the console commands from wikis showed that I should have, so I did it manually.
Could I essentially start from scratch by using the erase nvram command, reflash the same firmware, then issue the erase nvram command again to get back to defaults?
Maybe I'll try the eko builds?
Joined: 06 Feb 2010 Posts: 7401 Location: Little Rock
Posted: Fri Aug 06, 2010 0:28 Post subject:
Hrm interesting, about the latest Brain build, i have been reading about VLAN probs...but this problem has to do with the VLAN tab not being there, no matter.
I would try, telnet or ssh in, issue the
erase nvram
reboot
Then go to 192.168.1.1 and set user and pass, as soon as you are into the dd-wrt webgui, go to the administration panel > Firmware upgrade and load this
Also select to go back to defaults, and flash. Wait of course till it is finished, then as soon as you can access the webgui at 192.168.1.1 set a user/pass again, this will only be temporary, and close the browser, telnet should be enabled by default, then telnet in, issue the
I'll try those steps tomorrow.
...I had just downloaded that firmware after you posted earlier as well
Should I be able to do what I want in the GUI only? I have no problems telneting in, but I like using the GUI so I can see what I have when clicking through. I noticed that with the iptables rules too where if I enter them in the console I won't see them in the GUI which I understand, but I like to have that quick visual:D
I need some clarification before I move on with setting up these VLANs....
First thing I did was followed buddee's post above and flashed the listed firmware. When all was said and done I went into the GUI on the VLAN page and set "port1" as "vlan2" with assign to bridge as "none".
Then, I went over to the networking page under port setup > network configuration vlan2, I checked "unbridged", have NAT enabled, gave it an IP and set DHCP. I then rebooted.
Now, connecting via telnet when I run the nvram show | grep vlan.ports command I once again only see the original vlan configuration with vlan0 having ports 1-5* and vlan1 with ports 0&5. No listing of vlan2.
Shouldn't I see my GUI changes here?
What I can say is that connecting to port1, and only port1, does give me an IP from my vlan2 subnet as intended.
Lastly, I'm assuming it's normal when viewing the iptables via console that the source and destinations don't show interfaces? It only lists either IPs or "anywhere"? If I didn't use the GUI how would I even know what the actual rule was?
---edit: well...I just tripped over this command:
iptables -vnL FORWARD that will list the interfaces.
....stay with me here...I'm reading as much as I can to learn this
Thanks for helping me clear this up
Last edited by Nucleus111 on Fri Aug 06, 2010 15:49; edited 1 time in total
So, I have been playing around with this and came across another issue where I can ping across the vlan in the one direction using the firewall rule posted by phuzi0n, but I can't map a drive???? Is this even possible?
This is the rule:
iptables -I FORWARD -i vlan2 -o br0 -m state --state NEW -j DROP
More so, I added a VAP leaving it bridged, then going under networking and adding a new bridge, br1, for interface wl0.1. Without adding any firewall rules, I can only ping in one direction; from br0. Which is exactly what the rule above is doing for vlan2???
More so, I added a VAP leaving it bridged, then going under networking and adding a new bridge, br1, for interface wl0.1. Without adding any firewall rules, I can only ping in one direction; from br0. Which is exactly what the rule above is doing for vlan2???
Yes, the default iptables rules for a new bridge are different than for a new VLAN. The VLAN gets full access, the bridge only gets internet access.
Did you do anything to allow the ping on the clients? Most OS's have software firewalls that block access from other subnets, so you'll either need to disable their firewalls or poke holes. _________________ Read the forum announcements thoroughly! Be cautious if you're inexperienced.
Available for paid consulting. (Don't PM about complicated setups otherwise)
Looking for bricks and spare routers to expand my collection. (not interested in G spec models)
Yes, the default iptables rules for a new bridge are different than for a new VLAN. The VLAN gets full access, the bridge only gets internet access.
I'm realizing that, so I added this and it seemed to do the trick:
iptables -I FORWARD -i br1 -o br0 -j ACCEPT
phuzi0n wrote:
Did you do anything to allow the ping on the clients? Most OS's have software firewalls that block access from other subnets, so you'll either need to disable their firewalls or poke holes.
I needed to play with iptables as stated above.
I really am trying to learn this and I've been playing around for a few days now. I have big plans for this 8)
phuzi0n-
Should I be able to map a drive across vlans because even with no firewall rules it's not working. (yes, I'm positive the share works )
This is probably totally unrelated, but I gotta post it.
XP Pro to XP Pro, one wired on br0 and the other wireless on br1. Just like that I can ping no problem. But...if I plug in a wired connection to the laptop that is receiving wifi on br1 I can no longer ping???? I can go back and forth with the network cable in/out to replicate every time! The only thing I can say is the wired network on the laptop is 172.16.x.x and the wifi is 192.168.3.x and br0 is 192.168.1.1.
This is probably totally unrelated, but I gotta post it.
XP Pro to XP Pro, one wired on br0 and the other wireless on br1. Just like that I can ping no problem. But...if I plug in a wired connection to the laptop that is receiving wifi on br1 I can no longer ping???? I can go back and forth with the network cable in/out to replicate every time! The only thing I can say is the wired network is 172.16.x.x and the wifi is 192.168.3.x
The OS's default gateway changes and so it starts sending traffic out the Ethernet connection instead of the WLAN. If you're plugging it into VLAN2 which is restricted then this is perfectly normal.
If you have the firewall wide open on the router and the clients (ie. disable XP's firewall for now) and you try to map a drive by IP (avoid hostnames for now), then it should work. _________________ Read the forum announcements thoroughly! Be cautious if you're inexperienced.
Available for paid consulting. (Don't PM about complicated setups otherwise)
Looking for bricks and spare routers to expand my collection. (not interested in G spec models)
The OS's default gateway changes and so it starts sending traffic out the Ethernet connection instead of the WLAN. If you're plugging it into VLAN2 which is restricted then this is perfectly normal.
The ethernet connection is actually not on the router at all, but external to it. There were no restrictions within the firewall. But, if the ping request was received on the wifi shouldn't it reply via wifi?
phuzi0n wrote:
If you have the firewall wide open on the router and the clients (ie. disable XP's firewall for now) and you try to map a drive by IP (avoid hostnames for now), then it should work.
I did use IPs, but they still wouldn't map. I was only able to ping both ways, even by name. I'll have to look into it again.
The OS's default gateway changes and so it starts sending traffic out the Ethernet connection instead of the WLAN. If you're plugging it into VLAN2 which is restricted then this is perfectly normal.
The ethernet connection is actually not on the router at all, but external to it. There were no restrictions within the firewall. But, if the ping request was received on the wifi shouldn't it reply via wifi?
Nope, that's not how routing works. If the ping comes from subnet that is directly attached to the PC (one of its interfaces has an IP within that subnet) then it will be routed back out that interface. If it comes from a subnet not directly connected then it will be routed to the default gateway to be routed. In your case this new gateway is another router that doesn't have any connection at all to the original subnet that the ping came from. _________________ Read the forum announcements thoroughly! Be cautious if you're inexperienced.
Available for paid consulting. (Don't PM about complicated setups otherwise)
Looking for bricks and spare routers to expand my collection. (not interested in G spec models)
