Multiple SSIDs & Separate Subnets w/v24

Post new topic   Reply to topic    DD-WRT Forum Index -> Broadcom SoC based Hardware
Goto page Previous  1, 2, 3, 4, 5, 6, 7, 8  Next
Author Message
meskaya
DD-WRT Novice


Joined: 08 Oct 2007
Posts: 16

PostPosted: Wed Jun 04, 2008 12:34    Post subject: Reply with quote
Do you have problems when you do a modification and push apply settings button ?

I hope that someone is going to have a look.
Sponsor
sindbad
DD-WRT User


Joined: 18 Jun 2006
Posts: 308
Location: Coswig, S-A, Germany

PostPosted: Wed Jun 04, 2008 15:47    Post subject: Reply with quote
I tested the vintage build from 20 May (9217) and it works . I flashed back to std gen and it has the apply problem. I made a reboot, apply, changed something (Timeserver) and press apply again and it works after that.

The same problem with gen newd from may 21th.

nvram get corerev -> 9

_________________
Wer HF mißt, mißt Mist!

1 AP mit WRT54GL und Tomato 1.13
5 Clients mit WRT54GL dd-wrt v24RC62
1 NSLU2
JN
DD-WRT Guru


Joined: 29 Mar 2007
Posts: 771

PostPosted: Sat Jun 07, 2008 0:36    Post subject: Reply with quote
sindbad wrote:
I use this http://www.wi-fiplanet.com/tutorials/article.php/10724_3714521_1

I got this mostly working with v24 final (build 9513) on a Buffalo WHR-HP-G54, but when I am on a client connected wirelessly to the virtual SSID and try to ping a machine connected by ethernet, occasionally a packet gets through, perhaps 1-3% of packets attempted, so the blockage is not working completely. When I ping in the other direction, I see a similar effect.

I configured as suggested by the tutorial, with these specific settings:

Local IP Address 192.168.0.1
Subnet Mask 255.255.255.0

Virtual Interface wl0.1
AP Isolation Disabled
Unbridged
Multicast forwarding Disabled
IP Address 192.168.1.1
Subnet Mask 255.255.255.0

DNSMasq: Enable
Local DNS: Disable
Additional DNSMasq Options

interface=wl0.1
dhcp-option=wl0.1,3,192.168.1.1
dhcp-option=wl0.1,6,192.168.0.1
dhcp-range=wl0.1,192.168.1.100,192.168.1.249,255.255.255.0,1440m

Commands saved to firewall

iptables -I INPUT -i wl0.1 -m state --state NEW -j logaccept
iptables -I FORWARD -i wl0.1 -o br0 -j logdrop
iptables -I FORWARD -i br0 -o wl0.1 -j logdrop

Any advice?
hehateme
DD-WRT Novice


Joined: 19 Jun 2008
Posts: 7

PostPosted: Tue Jun 24, 2008 22:50    Post subject: Reply with quote
I have a weird issue I can pull a an IP from the virtual interface.

I can access my gmail but not much else

I can ping yahoo but when i try to access it the page just hangs forever loading

i also notice i cant seem to connect to the vap unless im connected to the main wireless network
duncantuna
DD-WRT Novice


Joined: 12 Jun 2006
Posts: 24
Location: Wisconsin, USA

PostPosted: Sun Jul 06, 2008 3:36    Post subject: Reply with quote
It would appear that I have the same problem others have had in this thread. Has a solution been found?

By "same problem" .. I have configured my router running v24 .. using the same directions found here: http://www.dd-wrt.com/wiki/index.php/Dual_SSID_one_for_public_network

DNSMasq Options:
interface=wl0.1
dhcp-option=wl0.1,3,192.168.2.1
dhcp-option=wl0.1,6,192.168.1.1
dhcp-range=wl0.1,192.168.2.100,192.168.2.200,1440m

Firewall Commands
iptables -I INPUT -i wl0.1 -m --state NEW -j logaccept
iptables -I FORWARD -i wl0.1 -o br0 -j logdrop
iptables -I FORWARD -i br0 -o wl0.1 -j logdrop

.. I have painstakingly read and tried some variations to no avail.

I can connect to wl0.1, and I receive an IP in the 192.168.2.x range, so I know that's working.

But I cannot connect to the internet, can't ping the router, can't ping the gateway, zip .. which sounded like the same issue that others were having last month.

Any solution found, yet?
duncantuna
DD-WRT Novice


Joined: 12 Jun 2006
Posts: 24
Location: Wisconsin, USA

PostPosted: Tue Jul 08, 2008 13:04    Post subject: Reply with quote
Sorry, but I have to bump this. I've read a dozen threads on the subject now .. and many have the same issue, able to create a VLAN, connect, get a DHCP address, yet no connection to the internet. -- No ping to the router, either the wl0, nor wl0.1 IPs.

There's gotta be something preventing the conversation from wl0.1 to the WAN.

Little help, please?
cid92
DD-WRT Novice


Joined: 16 Apr 2008
Posts: 32

PostPosted: Tue Jul 08, 2008 15:33    Post subject: Reply with quote
Here is a post I opened a few days ago:

http://www.dd-wrt.com/phpBB2/viewtopic.php?t=34453

The info Wrathchild25 provided worked for me. I had to upgrade to the final v24 for the router. So far everything works with the VAP I setup with one exception - I can ping the primary router IP address and even log onto the router while connected to the VAP. I suspect I either need to check the "isolate AP" box on the VAP or enter in some additional firewall rules but I'm not sure what would need to be entered.
JN
DD-WRT Guru


Joined: 29 Mar 2007
Posts: 771

PostPosted: Wed Jul 09, 2008 1:24    Post subject: Reply with quote
I tried three different sets of iptables commands, all with the same 2%-3% packet leakage when I try to ping from wireless laptop on virtual SSID to wired computer.

Set 1:

iptables -I INPUT -i wl0.1 -m state --state NEW -j logaccept
iptables -I FORWARD -i wl0.1 -o br0 -j logdrop
iptables -I FORWARD -i br0 -o wl0.1 -j logdrop

Set 2:

iptables -I FORWARD -s 192.168.1.0/24 -d 192.168.0.0/24 -j DROP
iptables -I FORWARD -s 192.168.0.0/24 -d 192.168.1.0/24 -j DROP

On this approach I omitted the rule to block configuring the router, which would have been

iptables -I INPUT -s 192.168.1.0/24 -p tcp -m multiport --dport 22,23,80,443 -j REJECT

Set 3:

iptables -I FORWARD -i wl0.1 -d 192.168.0.1 -j logaccept
iptables -I FORWARD -i wl0.1 -d 192.168.0.0/24 -j logdrop

Any advice?
cid92
DD-WRT Novice


Joined: 16 Apr 2008
Posts: 32

PostPosted: Wed Jul 09, 2008 2:55    Post subject: Reply with quote
I get no ping response from any wired computer on my network with the following settings:

Wireless\Basic Settings:
SSID - testvap
SSID Broadcast - Enabled
AP Isolation - Disabled
Network Config - Unbridged
Multicast Forwarding - Disabled
IP - 192.168.222.1
GW - 255.255.255.0

Setup\Networking:
DHCPd
Interface wl0.1: IP 192.168.222.1/255.255.255.0

Administration\Commands\Firewall
iptables -I INPUT -i wl0.1 -m state --state NEW -j logaccept
iptables -I FORWARD -i wl0.1 -o br0 -j logdrop
iptables -I FORWARD -i br0 -o wl0.1 -j logdrop

The issue I have is that when connected to the test VAP signal, I can ping the router. I cannot ping a single machine on the network (I don't get any leaks either) but I can access the router. Need to fix that.
JN
DD-WRT Guru


Joined: 29 Mar 2007
Posts: 771

PostPosted: Thu Jul 10, 2008 1:14    Post subject: Reply with quote
cid92 wrote:
The issue I have is that when connected to the test VAP signal, I can ping the router. I cannot ping a single machine on the network (I don't get any leaks either) but I can access the router. Need to fix that.
Which version of DD-WRT are you on (include build number). I wouldn't care if I can ping the router as long as I can stop the packet leaking. BTW, to see the leaking, I need to leave the ping command run long enough to try 100 or so packets, then I see two or three leak in a row usually.
cid92
DD-WRT Novice


Joined: 16 Apr 2008
Posts: 32

PostPosted: Thu Jul 10, 2008 16:19    Post subject: Reply with quote
On my WRT54G v2 I'm running the v24_9517_VINT_std. On my WAP54G v2 I'm running the v24_9517_VINT_micro.

I have now setup two additional VAP's but have not fully tested ping from either yet. I'd still like to find a way to lock down ping to the router as well as prevent access to the main router from the VAP's. I figure this is a command for the firewall but I simply do not know the commands to make it work.
JN
DD-WRT Guru


Joined: 29 Mar 2007
Posts: 771

PostPosted: Mon Jul 14, 2008 2:53    Post subject: Reply with quote
I upgraded to V24 TNG build 9856 standard on my Buffalo WHR-HP-G54 and reconfigured the same way to have a virtual SSID, hoping to fix the packet leaking issue on V24 final 9513 and find that when a client connects to the virtual SSID it cannot access the internet. This is even if I take out the IP tables rules altogether. I configured the other settings as I had done in the older build, according to the tutorial.

What builds does this feature work properly in? The last build I saw work properly is RC7. Should I go back to that one? Ever since V24 final came out and I thought I should upgrade to final, I've had nothing but problems that seem to be getting worse with newer builds. First its packet leaking, then it don't work at all.
JN
DD-WRT Guru


Joined: 29 Mar 2007
Posts: 771

PostPosted: Mon Jul 21, 2008 0:04    Post subject: Reply with quote
I switched to V24 Final build 9526 and eliminated the leaking package problem, but I have a new problem to take its place - some internet requests from the virtual SSID do not go out properly. See http://www.dd-wrt.com/phpBB2/viewtopic.php?t=35245
betabuster
DD-WRT Novice


Joined: 19 Jul 2008
Posts: 2

PostPosted: Mon Jul 21, 2008 1:20    Post subject: Virtual Wireless SSID Dropping Connection Reply with quote
WRT54Gv4 running DD-WRT v24 (05/24/2008) std (SVN revision 9526) is dropping my Virtual Interface wl0.1 SSID [Guest] "guest account".

The connection will work for about 30sec to 1min then drop. The connection is secured w/ WPA2 personal mixed. I have tried several wireless devices and the problem is repeated on all, 2 iPhone's and 2 laptop's.

Why is this happening and how do I fix this issue?

Also, I have no problems/drops with the Physical Interface wl0 - SSID. Thanks in advance for any replies.
S4F4M
DD-WRT Novice


Joined: 26 Jul 2008
Posts: 2

PostPosted: Sat Jul 26, 2008 18:08    Post subject: Reply with quote
Thanks for the great software! Just got it set-up on my WRT-54GS (v1.1) with the vintage bin.

Working on multiple SSIDs (WPA2 for lappy and WEP for TiVo).

QUESTION:
Does anyone know if there are COMMANDS to throttle the bandwidth for the virtual SSID?

I looked, but only saw instructions for FON; not sure if it would work (what is "DEV=tun0"?; I assume that my DEV is not tun0, right?)

Would the following command work just for wl0.1 (where I could adjust the DOWNLINK and UPLINK numbers)?
DEV="tun0"
# change UP/DOWNLINK values (in kbps) to alter hotspot users up/download speeds
DOWNLINK="1024"
UPLINK="256"
Goto page Previous  1, 2, 3, 4, 5, 6, 7, 8  Next Display posts from previous:    Page 4 of 8
Post new topic   Reply to topic    DD-WRT Forum Index -> Broadcom SoC based Hardware All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum