Posted: Thu Mar 19, 2015 20:44 Post subject: Multiple WLANS with different gateways (IPtables problem)
I have a TP-Link TL-WDR4300 with DD-WRT Firmware v24-sp2 (03/25/13) and the following scenario:
One Cisco ISA500 router, with different vlans: vlan1 for office use, vlan2 for VoIP, vlan3 for DMZ, vlan4 for guest access. WDR4300 as AP with WAN port disabled and port 1 is connected to ISA500.
So, currently on the AP, I have two wlans, Office WLAN on br0 (ath0) and Guest WLAN on br1 (ath0.1).
br0 has no DHCP, it works with no problems with our office lan using ISA500 as gateway with lan subnet 192.168.100.x/24
br1 has dhcp on 192.168.101.x/24, gateway 192.168.101.1 and dns configured via dnsmasq, AP is 192.168.101.250. It assigns guest clients IP and GW, but no internet access since I dont know what IPTABLES rules I have to use.
There are rules that allows dhcp and dns on br1, but I wasnt able to allow traffic from br1 to eth0 so my ISA500 can handle the internet traffic and security.
These are the rules that currently are on the firewall script:
I'm trying to ping via telnet my ISA500 and another host on the 192.168.101.x/24 subnet and I have no reply.
Just in case is not clear, both ISA500 interfaces (192.168.100.1 and 192.168.101.1) are in the same L2 switch. I have a test host via lan with 192.168.101.22 and it can reach 192.168.101.1. AP (192.168.100.250 & 192.168.101.250) is on that switch and can reach 192.168.100.x but still nothing to 192.168.101.x
Posted: Fri Mar 20, 2015 15:49 Post subject: Made it!
Finally I was able to reach my goal
I was thinking that if eth0 is the interface that connects at L2 both networks 192.168.100.x/24 and 192.168.101.x/24 the only way was to assign another IP to eth0
So, i added a line to my startup script
Code:
ifconfig br0:2 192.168.101.250
Then I changed the br1 IP address to 192.168.102.250
