separate wireless interfaces and limit bandwidth

Post new topic   Reply to topic    DD-WRT Forum Index -> Advanced Networking
View previous topic :: View next topic  
Author Message
xhuntersh
DD-WRT Novice


Joined: 06 May 2015
Posts: 5
PostPosted: Wed May 06, 2015 16:47    Post subject: separate wireless interfaces and limit bandwidth Reply with quote
hi,

I am fairly new to dd wrt,

following some tuts I managed to create 3 wireless interfaces with different subnets (bridges)


created 3 bridges (br1[10.1.2.1],br2[10.1.3.1],br3[10.1.4.1]) and assigned them to each wireless interfaces.




everything works fine, but here is my problem is,

1. I was under the impression this startup command would limit access between "br2" and "br1 & 0[lan]".

Code:
iptables -I FORWARD -i br0 -o br2 -m state --state NEW -j DROP
iptables -I FORWARD -i br2 -o br0 -m state --state NEW -j DROP
iptables -I FORWARD -i br2 -o br1 -m state --state NEW -j DROP
iptables -I FORWARD -i br1 -o br2 -m state --state NEW -j DROP


however they all seem to have complete access to each other?

2. How can I prevent access to the web GUI from "ONLY" br2 & br3 ?

3. How can I limit the bandwidth (not prioritize) for "ONLY" br3 (guest network), no specific ip/mac, but everyone under the subenet of 10.1.4.*?

thanks
Back to top View user's profile Send private message
Sponsor
xhuntersh
DD-WRT Novice


Joined: 06 May 2015
Posts: 5
PostPosted: Wed May 06, 2015 17:20    Post subject: Reply with quote
I managed 1 & 2 with the following in the firewall command not startup Smile

Code:
iptables -I FORWARD -i br0 -o br2 -m state --state NEW -j DROP
iptables -I FORWARD -i br2 -o br0 -m state --state NEW -j DROP
iptables -I FORWARD -i br0 -o br3 -m state --state NEW -j DROP
iptables -I FORWARD -i br3 -o br0 -m state --state NEW -j DROP
iptables -I FORWARD -i br2 -o br1 -m state --state NEW -j DROP
iptables -I FORWARD -i br1 -o br2 -m state --state NEW -j DROP
iptables -I FORWARD -i br3 -o br1 -m state --state NEW -j DROP
iptables -I FORWARD -i br1 -o br3 -m state --state NEW -j DROP
iptables -I INPUT -i br2 -p tcp --dport telnet -j REJECT --reject-with tcp-reset
iptables -I INPUT -i br2 -p tcp --dport ssh -j REJECT --reject-with tcp-reset
iptables -I INPUT -i br2 -p tcp --dport www -j REJECT --reject-with tcp-reset
iptables -I INPUT -i br2 -p tcp --dport https -j REJECT --reject-with tcp-reset
iptables -I INPUT -i br3 -p tcp --dport telnet -j REJECT --reject-with tcp-reset
iptables -I INPUT -i br3 -p tcp --dport ssh -j REJECT --reject-with tcp-reset
iptables -I INPUT -i br3 -p tcp --dport www -j REJECT --reject-with tcp-reset
iptables -I INPUT -i br3 -p tcp --dport https -j REJECT --reject-with tcp-reset


only question 3 remains,

thanks
Back to top View user's profile Send private message
jfish99
DD-WRT User


Joined: 25 Aug 2011
Posts: 112
PostPosted: Wed May 06, 2015 21:05    Post subject: Reply with quote
modify ip range bridge assignment and bandwidth limit to reflect your setup


Code:
TCA="tc class add dev br1"
TFA="tc filter add dev br1"
TQA="tc qdisc add dev br1"
SFQ="sfq perturb 10"
tc qdisc del dev br1 root
tc qdisc add dev br1 root handle 1: htb
tc class add dev br1 parent 1: classid 1:1 htb rate 1024kbit
$TQA parent 1:1 handle 10: $SFQ
$TFA parent 1:0 prio 2 protocol ip handle 10 fw flowid 1:1
iptables -t mangle -A POSTROUTING -d 192.168.200.0/24 -j MARK --set-mark 10
TCAU="tc class add dev imq0"
TFAU="tc filter add dev imq0"
TQAU="tc qdisc add dev imq0"
insmod imq
insmod ipt_IMQ
ip link set imq0 up
tc qdisc del dev imq0 root
tc qdisc add dev imq0 root handle 1: htb
tc class add dev imq0 parent 1: classid 1:1 htb rate 512kbit
$TQAU parent 1:1 handle 10: $SFQ
$TFAU parent 1:0 prio 2 protocol ip handle 10 fw flowid 1:1
iptables -t mangle -A PREROUTING -s 192.168.200.0/24 -j MARK --set-mark 10
iptables -t mangle -A PREROUTING -j IMQ --todev 0
Back to top View user's profile Send private message
xhuntersh
DD-WRT Novice


Joined: 06 May 2015
Posts: 5
PostPosted: Fri May 08, 2015 12:23    Post subject: Reply with quote
thanks, it seems to be working Smile
Back to top View user's profile Send private message
Display posts from previous:    Page 1 of 1
Post new topic   Reply to topic    DD-WRT Forum Index -> Advanced Networking All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum