[mbressman]

Hey, was wondering if anyone could help me out:

These are the commands I currently have in my firewall for my dd-wrt router:

iptables -t nat -I POSTROUTING -o `get_wanface` -j SNAT --to `nvram get wan_ipaddr`
iptables -I FORWARD -i br1 -m state --state NEW -j ACCEPT
iptables -I FORWARD -i br2 -m state --state NEW -j ACCEPT
iptables -I FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
iptables -I FORWARD -i br1 -o br0 -m state --state NEW -j DROP
iptables -I FORWARD -i br2 -o br0 -m state --state NEW -j DROP
iptables -I FORWARD -i br1 -d `nvram get wan_ipaddr`/`nvram get wan_netmask` -m state --state NEW -j DROP
iptables -I FORWARD -i br2 -d `nvram get wan_ipaddr`/`nvram get wan_netmask` -m state --state NEW -j DROP


Two things:

1) I just want to confirm that the above commands are correct for totally segregating/separating the three wireless neworks I have set up:

First Network:
Wireless Physical Interface ath0 [2.4 GHz] / Physical Interface ath0
Wireless Physical Interface ath1 [5 GHz] / Physical Interface ath1

Second Network:
Virtual Interfaces ath0.1 (2.4 GHz)
Virtual Interfaces ath1.1 (5 GHz)

Third Network:
Virtual Interfaces ath0.2 (2.4 GHz only)


2) I want to know if there's any way to modify this so that the First Network above can access resources/devices on the second and third network (such as shared computers, etc.) without allowing the second or third network to access anything on the first network (the second and third should each be totally walled off from everything and only allow access to the Internet)


Thanks very much!