Posted: Fri Jan 30, 2015 1:18 Post subject: DHCP issues on guest wifi
I have setup a guest ssid along side my trusted side ssid. I use IP tables to control access to the internal resources from the guest ssid, everything works fine besides the ip addressing from the dhcp. Clients on the guest ssid sometimes will obtain an address then lose it sometime later, some other clients will connect but won't obtain an address at all. How can i fix this?
Here is the iptables
#Enable NAT on the WAN port
iptables -t nat -I POSTROUTING -o `get_wanface` -j MASQUERADE
#Allow br1vap to access DHCP on the router
iptables -I INPUT -i br1 -p udp --dport 67 -j ACCEPT
#Allow br1vap to access DNS on the router
iptables -I INPUT -i br1 -p udp --dport 53 -j ACCEPT
iptables -I INPUT -i br1 -p tcp --dport 53 -j ACCEPT
#Block br1vap from accessing internal stuff
iptables -I FORWARD -i br1 -d 192.168.2.0/24 -j DROP
iptables -I FORWARD -i br1 -d 192.168.4.0/24 -j DROP
iptables -I FORWARD -i br1 -d 192.168.10.0/24 -j DROP
iptables -I FORWARD -i br1 -o br0 -m state --state NEW -j DROP
Here is what i have for dhcp settings for the guest ssid:
The br1 is the bridge for the guest network WL.01 and i have WL0 and WL1 which are internal ssid's. Are you saying that the firewall rules should be based on the WL.01 instead?
The WL0 is the 2.4GHZ Radio, WL1 is the 5GHZ Radio and the WL0.1 is the virtual interface (guest ssid)
If i recall correctly i used this site http://www.wi-fiplanet.com/tutorials/article.php/10724_3714521_2 to aid me in creating this guest ssid. All other instructions i believe said to do what you are suggesting and that didn't work for me. The way it is now worked but it seems intermittent
I tested one client machine and so it seems to connect right up. I'll let it stay connected for a while in order to see what happens. I used a few different sites to come up with the configuration i have, all the elements work minus the DHCP in a regular basis but given the changes above that may resolve it all.
I tested one client machine and so it seems to connect right up. I'll let it stay connected for a while in order to see what happens. I used a few different sites to come up with the configuration i have, all the elements work minus the DHCP in a regular basis but given the changes above that may resolve it all.
If the lease expires then the client can connect anymore. When i run a ipconfig on the client i see a autonet address 169.x.x.x. Most times if you look at the SSID list on the client it says limited access.
This occurs for all clients that connect to the guest SSID only, all other SSID's work fine.
I managed to get a client on that guest SSID i saw that it had the correct IP for the guest subnet. The internet worked fine so i did a ipconfig/release on it then i did a ipconfig/flushdns and lastly ipconfig/renew
After i did the renew the client can't won't get an ip anymore so i think the issue is with the DHCP
In most cases i have seen it will say connected to the guest SSID but if i do a ipconfig then i will see an autonet address so to me that seems like a DHCP issue
same issues with Feb 16, 2015 build 26285M build on AC68. i tried all possible additional options + iptables nothing can get the guest wifi to connect. if i setup everything on a vlan and use one of the ports on the router it works without any issues. only Wifi vlan does not work. Had to revert to a previous build r25527 for it to work.
I have the ac68u and i only have one build available to my model according to the router database http://www.dd-wrt.com/site/support/router-database so i guess i'm screwed on the this guest wi-fi issue?
