akopps
DD-WRT Novice
Joined: 13 May 2015
Posts: 18
|
 Posted: Sun May 24, 2015 8:46 Post subject: Re: Wireless Access Point |
 |
| badboy1653 wrote: |
I have connected an ethernet cable from the router1 (router 192.168.1.1) LAN port to router2 (AccessPoint 192.168.2.1) WAN port. Everything seems to be working.
|
I am confused by what you have done so far. When you add a wireless router to your LAN, but want to use it as a wireless access point, then the connection between your router (regardless of it being a plain router or a wireless router) and the wireless access point should be done by connecting two LAN ports. You seem to imply that you connected your wireless access point wire to your router's WAN port. If that's the case, how do you even access the internet if your router's wan port is not connected to a wan?
| Quote: |
I want to "disable" this access so devices on router1 CANNOT be accessed from router2 AND I want to be able to access devices on router2 with devices from router1.
Is this possible? and if so, how would I go about doing this?
Thanks. |
If you try hard enough, anything is possible. Personally, I would stop using router1 (which appears to be as the "access point") in the plain access point mode. Use it as a second router to a different subnet.
Let me explain, if your primary subnet is say 192.168.1.0/255.255.255.0, then on your wireless router1's WAN port, assign an IP address, let's say 192.168.1.10, and plug the router1 WAN port into the LAN side of the router2. Now, on the lan side of the router1, create a second subnet with address 192.168.2.0/255.255.255.0 (the specific subnet addresses I used are not important. What's important is that they should be distinct and belong to the "private" ip address pool). Assign a static IP address to the router1 on router1's LAN side. Let's say 192.168.2.1. Now, all devices connected to the router1's wired or wireless LAN side should use 192.168.2.1 as the default gateway. Your router1 should use router2's IP address as router1's default gateway (let's say router2's LAN-side IP is 192.168.1.1, then router1 should use that as its default gateway).
Finally, and this is critical, add a static route on router2 so that it knows how to access the devices on the 192.168.2.0/255.255.255.0 subnet. The static route should specify the 192.168.2.0/255.255.255.0 as the destination, and router1's WAN IP address as the gateway (which I mentioned to be 192.168.1.10 above).
So now the router1 is a router for the 192.168.2.0 subnet, not a NAT host, so make sure to disable NAT function in the router1's firmware. If this router1 is running dd-wrt, then change its mode of function from access point, or whatever, to router, which should kill NAT.
As the final setup, setup a firewall on the router1, using whatever setup steps the firmware offers you, to block the IP addresses from the 192.168.1.0 subnet from accessing router1's lan. Make sure you exclude the router2's LAN IP address from that rule, because without excluding router2's IP the devices on router1's LAN won't be able to access the internet.
Alternatively, you can also setup the router1 as a NAT host for its 192.168.2.0 LAN. The problem with doing that is that the connections of the machines from the 192.168.2.0 subnet to the internet will be NAT'd at least twice, once at router1, and once at router2, which seems to add unnecessary complexity and fragility.
Whether the devices on the 192.168.2.0 LAN should use router1's DHCP service or router2's DHCP service (which some kind of path-through on router1) is up to you. |
|
