Multiple SSIDs & Separate Subnets w/v24

Post new topic   Reply to topic    DD-WRT Forum Index -> Broadcom SoC based Hardware
Goto page Previous  1, 2, 3, 4, 5, 6, 7, 8  Next
Author Message
Bird333
DD-WRT Guru


Joined: 07 Jun 2006
Posts: 809

PostPosted: Wed Nov 07, 2007 16:44    Post subject: Reply with quote
Are you saying if you set your laptop to a static IP you can't get internet access? Run these commands and report the output

Code:
ping www.google.com


Code:
tracert www.google.com
Sponsor
septicdeath
DD-WRT Novice


Joined: 07 Nov 2007
Posts: 15

PostPosted: Wed Nov 07, 2007 17:02    Post subject: sorry bout that Reply with quote
Sorry, when I set the dd-wrt to a static device (I have 3 static IP's from Cox) it stops passing traffic. The second I change the config to dynamic it works. I discovered it by figuring I foobar'd something and reseting it to factory defaults. I did this and happened to have my ping running to a outside address in the background. As the device rebooted in default dhcp, my laptop got a wired dhcp assignment and started hitting my destination, so I rebuilt my config again, and again no traffic. So I defaulted again and configured one piece at a time, right at the first step, changing dhcp to static it fails. I have my cisco device working, Im going to move it to the IP that the dd-wrt is having issues with and see if its me or them. Essentially right now, since I have 3 ip's (1-voip, 2 house networks) I used to seperate my network from the guest network by having two routers on two ip's, which is why I was so excited that I could configure this device to do 2 networks on 1 device, it seemed nice, cause then after I get that working, I can buy another dd-wrt device and wds my dual network... Will report once I move the dd-wrt to a different IP behind my cable modem. Maybe's its arp locked to some other mac?, I could clone it, but then I would down my backup network while I mess with it.
septicdeath
DD-WRT Novice


Joined: 07 Nov 2007
Posts: 15

PostPosted: Thu Nov 08, 2007 2:14    Post subject: v24 RC3, going to RC4 next Reply with quote
Worked with cox and had to have a area arp table flushed and now the router works. I actually tried this configuration. I have wired network and primary wlan working. Both assign the 192.168.5.0 network via dhcp correctly. The virtual network is configured like this post. I started with WPA and couldnt authenticate. then I knocked it down to wep and it still wouldnt connect. Next I tried it with no encryption. Still wont connect to the virtual network (which should be getting a 192.168.3.0 ip address).

interface=wl0.1
dhcp-option=wl0.1,3,192.168.3.1
dhcp-option=wl0.1,6,192.168.5.1
dhcp-range=wl0.1,192.168.3.100,192.168.3.249,255.255.255.0,1440m

it seems that if I change the virtual wlan from unbridged to bridged it magically can connect. But I want this virtual lan to be issolated from all other networks delivered via this router.

Will try going to RC4 now that I have the static part of the router working.

will update.
Thanks for the help and interest.


Last edited by septicdeath on Thu Nov 08, 2007 8:16; edited 2 times in total
septicdeath
DD-WRT Novice


Joined: 07 Nov 2007
Posts: 15

PostPosted: Thu Nov 08, 2007 2:19    Post subject: as it sits Reply with quote
changing the virtual wlan from unbridged to bridged did nothing for letting me connect to the second network. Im going to try the rc4 upgrade as last effort.
Bird333
DD-WRT Guru


Joined: 07 Jun 2006
Posts: 809

PostPosted: Thu Nov 08, 2007 3:26    Post subject: Reply with quote
Be sure you have the options posted in the correct box on the services tab. I originally had them in the wrong box. Are you saying you can't get a laptop to associate at all with the VAP? Run 'ipconfig' and report what your wireless IP address is on your laptop.
septicdeath
DD-WRT Novice


Joined: 07 Nov 2007
Posts: 15

PostPosted: Thu Nov 08, 2007 5:08    Post subject: correct Reply with quote
If encryption is on, I cant authenticate to the virtual WLAN at all (wep, wpa personal tkip, etc,etc).

When I turn off encryption, I can connect, but no 192.168.3.x ip is assigned. And the connection gets the 169.x.x.x default ip address.
septicdeath
DD-WRT Novice


Joined: 07 Nov 2007
Posts: 15

PostPosted: Sat Nov 10, 2007 22:09    Post subject: same arena Reply with quote
bird333, thanks for all the help.

I really havent gotten this configuration working, but I have 2 linksys routers with dd-wrt rc4 on them and thought I better make sure that I can do what I am trying to do. I did search but didnt find it or used the wrong keywords.

I bought the 2nd router to take advantage of extending the signal provided by the first router. Now that I am working on getting the first router to supply 2 seperate and isolated networks, can the 2nd router be used to extend both of the networks from the first device at the same time, thanks in advance.
Bird333
DD-WRT Guru


Joined: 07 Jun 2006
Posts: 809

PostPosted: Sun Nov 11, 2007 12:13    Post subject: Reply with quote
Sorry you are having so much trouble. I don't think one router can extend two networks. That may be something that gets added in the future though.
septicdeath
DD-WRT Novice


Joined: 07 Nov 2007
Posts: 15

PostPosted: Fri Nov 23, 2007 8:53    Post subject: well.. Reply with quote
I went out and bought 2 linksys wrt54gl's with a 1gb mmc mod so that eventually I can addon all the plugins and cool addons.

Is there any other documentation that I might be able to compare or look at. I've tried your instructions and cant get it to function. My last attempt on a newly flashed router (with v24 rc4 vpn).

I have successfully got the first wireless network working (192.68.0.1) with wpa/personal, but I cant get the virtual wlan (10.1) to work with any security at all. For testing purposes, I turned off security and now can connect to the 2md wireless network, however its getting assigned 192.168.0.100-192.168.0.149 IP addresses, which it shouldnt be doing. Maybe there is something I can post of my config that rings a bell with someone.

here's what I got:

WAN Connection : Static

Router IP: 192.168.0.1/24
GW: 192.168.0.1
DHCP type: DHCP Server
start ip : 192.168.0.100
users: 50

Use DNSMasq for DHCP (CHECKED)
Use DNSMasq for DNS (CHECKED)
DHCP-Authoratative (CHECKED)

SERVICES MANAGEMENT

Used Domain (WAN)

DNSMasq (ENABLED)
Local DNS (DISABLED)

Additional DNSMasq Options

interface=wl0.1
dhcp-option=wl0.1,3,192.168.2.1
dhcp-option=wl0.1,6,192.168.0.1
dhcp-range=wl0.1,192.168.2.100,192.168.2.149,255.255.255.0,440m



FIREWALL
iptables -I INPUT -i wl0.1 -m state --state NEW -j logaccept
iptables -I FORWARD -i wl0.1 -o br0 -j logdrop
iptables -I FORWARD -i br0 -o wl0.1 -j logdrop
#
# to limit 2nd network options
#
#iptables -I FORWARD -i wl0.1 -o vlan1 -j logdrop
#iptables -I FORWARD -i wl0.1 -o vlan1 -p tcp --dport 22 -j logaccept # ssh
#iptables -I FORWARD -i wl0.1 -o vlan1 -p tcp --dport 21 -j logaccept # ftp
#iptables -I FORWARD -i wl0.1 -o vlan1 -p tcp --dport 80 -j logaccept # http
#iptables -I FORWARD -i wl0.1 -o vlan1 -p tcp --dport 443 -j logaccept # https
#iptables -I FORWARD -i wl0.1 -o vlan1 -p tcp --dport 465 -j logaccept # smtps
#iptables -I FORWARD -i wl0.1 -o vlan1 -p tcp --dport 993 -j logaccept # imaps
#iptables -I FORWARD -i wl0.1 -o vlan1 -p tcp --dport 995 -j logaccept # pop3s
#iptables -I FORWARD -i wl0.1 -o vlan1 -p tcp --dport 5190 -j logaccept # aim
#iptables -I FORWARD -i wl0.1 -o vlan1 -p tcp --dport 1863 -j logaccept # msn
#iptables -I FORWARD -i wl0.1 -o vlan1 -p tcp --dport 5050 -j logaccept # yahoo
#iptables -I FORWARD -i wl0.1 -o vlan1 -p tcp --dport 8080 -j logaccept # https
#iptables -I FORWARD -i wl0.1 -o vlan1 -p tcp --dport 5222 -j logaccept # xmpp
#iptables -I FORWARD -i wl0.1 -o vlan1 -p tcp --dport 5269 -j logaccept # xmpp
#iptables -I FORWARD -i w10.1 -o vlan1 -p tcp --dport 3389 -j logaccept # Remote desktop TCP
#iptables -I FORWARD -i w10.1 -o vlan1 -p udp --dport 3389 -j logaccept # Remote desktop UDP
#
# above are ports allowed by firewall
#


Thanks for any help.
bent
DD-WRT User


Joined: 24 Jun 2007
Posts: 50

PostPosted: Fri Nov 23, 2007 10:00    Post subject: Reply with quote
What is actually the difference in having the virtual wlan bridged or unbridged? I have setup my virtual wlan following the instructions in this thread which uses a bridged virtual wlan:

http://www.dd-wrt.com/phpBB2/viewtopic.php?t=16652

As far as I can tell my virtual wlan is isolated from the LAN an physical wlan also in this case?

Best regards,

Bent
flypaper
DD-WRT User


Joined: 28 Nov 2007
Posts: 84

PostPosted: Thu Nov 29, 2007 2:52    Post subject: Reply with quote
Just wanted to say thanks for this tutorial now that I finally registered.
Bird333
DD-WRT Guru


Joined: 07 Jun 2006
Posts: 809

PostPosted: Thu Nov 29, 2007 17:33    Post subject: Reply with quote
bent wrote:
What is actually the difference in having the virtual wlan bridged or unbridged? I have setup my virtual wlan following the instructions in this thread which uses a bridged virtual wlan:

http://www.dd-wrt.com/phpBB2/viewtopic.php?t=16652

As far as I can tell my virtual wlan is isolated from the LAN an physical wlan also in this case?

Best regards,

Bent


I am not an expert but I think this command 'brctl delif br0 wl0.1' actually manually creates an unbridged interface for 'wl0.1'. Even though in the gui you have set it to 'bridged'; the command removes it from the bridge.


Last edited by Bird333 on Thu Nov 29, 2007 20:25; edited 1 time in total
Bird333
DD-WRT Guru


Joined: 07 Jun 2006
Posts: 809

PostPosted: Thu Nov 29, 2007 17:35    Post subject: Re: well.. Reply with quote
septicdeath wrote:
I went out and bought 2 linksys wrt54gl's with a 1gb mmc mod so that eventually I can addon all the plugins and cool addons.

Is there any other documentation that I might be able to compare or look at. I've tried your instructions and cant get it to function. My last attempt on a newly flashed router (with v24 rc4 vpn).


Thanks for any help.


Can you get normal repeater or repeater bridge modes working with encryption? What are your wireless settings?
bent
DD-WRT User


Joined: 24 Jun 2007
Posts: 50

PostPosted: Thu Nov 29, 2007 19:42    Post subject: Reply with quote
Bird333 wrote:
I am not an expert but I think this command 'brctl delif br0 wl0.1' actually manually creates and unbridged interface for 'wl0.1'. Even though in the gui you have set it to 'bridged'; the command removes it from the bridge.

Of course, you are right: the commands actually remove the virtual wlan (wl0.1) from the standard bridge (br0) and places it on a new bridge (br1).

Thanks for the hint!

Bent
flypaper
DD-WRT User


Joined: 28 Nov 2007
Posts: 84

PostPosted: Fri Nov 30, 2007 23:23    Post subject: Reply with quote
Okay, I'm using tutorial along with a WDS setup. I mention WDS because the problem doesn't occur when WDS isn't setup... Anyway, the whole thing works great until I put in these firewall rules:
Code:
iptables -I FORWARD -i wl0.1 -o vlan1 -j logdrop
iptables -I FORWARD -i wl0.1 -o vlan1 -p tcp --dport 22 -j logaccept # ssh
iptables -I FORWARD -i wl0.1 -o vlan1 -p tcp --dport 80 -j logaccept # http
iptables -I FORWARD -i wl0.1 -o vlan1 -p tcp --dport 443 -j logaccept # https
iptables -I FORWARD -i wl0.1 -o vlan1 -p tcp --dport 465 -j logaccept # smtps
iptables -I FORWARD -i wl0.1 -o vlan1 -p tcp --dport 993 -j logaccept # imaps
iptables -I FORWARD -i wl0.1 -o vlan1 -p tcp --dport 995 -j logaccept # pop3s
iptables -I FORWARD -i wl0.1 -o vlan1 -p tcp --dport 5190 -j logaccept # aim
iptables -I FORWARD -i wl0.1 -o vlan1 -p tcp --dport 1863 -j logaccept # msn
iptables -I FORWARD -i wl0.1 -o vlan1 -p tcp --dport 5050 -j logaccept # yahoo
iptables -I FORWARD -i wl0.1 -o vlan1 -p tcp --dport 5222 -j logaccept # xmpp
iptables -I FORWARD -i wl0.1 -o vlan1 -p tcp --dport 5269 -j logaccept # xmpp


Once I do that, wireless users on my PRIVATE network can't get IP addresses, but the PUBLIC network is completely unaffected. I wish I knew more about iptables, but does anyone have an idea?
Goto page Previous  1, 2, 3, 4, 5, 6, 7, 8  Next Display posts from previous:    Page 2 of 8
Post new topic   Reply to topic    DD-WRT Forum Index -> Broadcom SoC based Hardware All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum