Assign different IP ranges for eth and wifi

Post new topic   Reply to topic    DD-WRT Forum Index -> Advanced Networking
Author Message
Tremor
DD-WRT Novice


Joined: 14 Sep 2018
Posts: 1

PostPosted: Fri Sep 14, 2018 0:27    Post subject: Assign different IP ranges for eth and wifi Reply with quote
I've a netgear WNDR4000 with latest DD-WRT firmware. My scenario is: only 1 host will connect with ethernet, all other hosts will connect via wifi. I want to assign static IP to eth host. I won't know what will be host's MAC address. I'm using dnsmasq with this config:
Code:

dhcp-range:wifi,192.168.0.30,192.168.0.199,8h
dhcp-range=eth,192.168.0.10,192.168.0.10,8h


But it doesn't work. For wifi it assign correct range ip, for eth it always gives me 192.168.0.27.
I tried br0 or using interface=* before each dhcp-range command. I restarted dnsmasq service as well, but it didn't work!


I don't want to change anything on host pc, I was wondering if I could assign a static IP with dnsmasq.
Sponsor
@m0eb@
DD-WRT User


Joined: 26 Dec 2015
Posts: 289

PostPosted: Mon Sep 17, 2018 16:10    Post subject: Reply with quote
1. You could create a new bridge in Setup>>Networking.
2. Then allocate the ethernet to this bridge. Give the bridge a new subnet IP like 192.168.2.1
3. At the bottom of the same page, under DHCPD - give a start IP address (eg 192.168.2.50) and under max, type 1. This means the DHCPD will allocate only one IP address.

4. Add the following lines to the Firewall
Code:
iptables -t nat -I POSTROUTING -o `get_wanface` -j SNAT --to `nvram get wan_ipaddr`
iptables -I FORWARD -i br1 -m state --state NEW -j ACCEPT
iptables -I FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
iptables -t nat -I POSTROUTING -o br0 -j SNAT --to `nvram get lan_ipaddr`
iptables -I INPUT -i br1 -p udp --dport 67 -j ACCEPT
iptables -I INPUT -i br1 -p udp --dport 53 -j ACCEPT
iptables -I INPUT -i br1 -p tcp --dport 53 -j ACCEPT


For better understanding of the firewall lines, please refer to the "Separate_LAN_and_WLAN" wiki.
https://wiki.dd-wrt.com/wiki/index.php/Separate_LAN_and_WLAN

Try it out and report...
egc
DD-WRT Guru


Joined: 18 Mar 2014
Posts: 12834
Location: Netherlands

PostPosted: Mon Sep 17, 2018 16:47    Post subject: Reply with quote
That wiki is rather old a lot can be done via the GUI nowadays and DDWRT is in most cases smart enough so that you do not need all those firewall rules (less is more Smile )

The only rule you still need, I think, is:
Code:
iptables -t nat -I POSTROUTING -o br0 -j SNAT --to `nvram get lan_ipaddr`

But that is only necessary if you are using the router as a Wireless Access Point

_________________
Routers:Netgear R7000, R6400v1, R6400v2, EA6900 (XvortexCFE), E2000, E1200v1, WRT54GS v1.
Install guide R6400v2, R6700v3,XR300:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
Install guide R7800/XR500: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
Forum Guide Lines (important read):https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087
@m0eb@
DD-WRT User


Joined: 26 Dec 2015
Posts: 289

PostPosted: Mon Sep 17, 2018 17:39    Post subject: Reply with quote
egc wrote:
That wiki is rather old a lot can be done via the GUI nowadays and DDWRT is in most cases smart enough so that you do not need all those firewall rules (less is more Smile )

The only rule you still need, I think, is:
Code:
iptables -t nat -I POSTROUTING -o br0 -j SNAT --to `nvram get lan_ipaddr`

But that is only necessary if you are using the router as a Wireless Access Point


That is there ... 4th line.
I did not separate the br0 and br1 here because that has no purpose. He probably will need to access the router from this LAN port.
Display posts from previous:    Page 1 of 1
Post new topic   Reply to topic    DD-WRT Forum Index -> Advanced Networking All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum