Posted: Fri Oct 20, 2017 15:47 Post subject: How do I Disable web GUI for 3 of my 4 vlans?
Hi DD-WRT folks. I need your help and advice concerning the VLAN setup I have.
There is Nothing wrong with the way it routes traffic, and all subnets can get the internet. I simply want to stop the the people on VLAN2, VLAN3, and VLAN4 (ports 1,2, and 3 respectively) from being able to access the DD-WRT web management GUI pages. leaving VLAN5 on port4 as a port that can be used to access the GUI interface of the router.
If it helps, To set up the VLANs
I followed [url=https://www.dd-wrt.com/wiki/index.php/VLAN_Detached_Networks_(Separate_Networks_With_Internet)]this set of instructions[/url]
Edit:
I have just noticed that if I am on 192.168.7.1 I can get the ddwrt administration GUI if I type into a browser 192.168.7.1, also on 8.1, 9.1, and 6.1 but also 1.1.
Hoping someone can help as it would help me make a great system perfect.
I have searched for a solution to this but can find very little about it and, what I can find on the subject explains very little about the commands they say to use. I followed one set of instructions and it cut the internet for all the vlans and locked up the GUI interface so I am hoping for answers which also explain what each command or instruction is actually going to achieve
Just to be certain. I am clear. I just want the gui accessible on port 4 VLAN 5 from the address 192.168.9.1 if possible
Thanks very much for any help you can offer
... Sorry Alozaros that did not work
here is what i put in
iptables -I INPUT -i VLAN -p tcp --dport 80 -j REJECT
iptables -I INPUT -i VLAN -p tcp --dport 80 -m mac --mac-source F4:6D:04:4E:F0:F3 -j ACCEPT
It is exactly the same as if I had not entered that.
There is no difference
Oh wait
it was a glitch
neither of those solutions worked
but my method of inputting the commands was to go to the GUI and enter them in
administration > commands
text box
then saved them to firewall
It must be something to do with my method
is there another way?
Something is DEFINITELY wrong with this setup as none of these suggestions work. I must be doing something wrong
When first setting up vlan I put this into the command box
iptables -I FORWARD -i vlan+ -o vlan+ -j DROP
iptables -I FORWARD -i vlan+ -o vlan1 -j ACCEPT
iptables -I FORWARD -i vlan1 -o vlan+ -j ACCEPT
That, I am told, is the instruction to separate the VLANs
Now I want to stop all but VLAN number 5 being able to access the gui
so i now put this in and save it to firewall.
iptables -I INPUT -i VLAN+ -p tcp --dport http -m state --state NEW -j REJECT
iptables -I INPUT -i VLAN5 -p tcp --dport http -m state --state NEW -j ACCEPT
As I understand it.
I must also put the first set of instructions in again at the same time
so what I am putting into the command box and saving to the firewall and then rebooting the router is this
Every time i try to bridge the VLANS I lose all connectivity to the router with no internet and no web GUI. I think I should learn more about DD-WRT myself instead of troubling the forumes. I will do more research and work it out. Thanks for all your help. I deeply appreciate your time spent helping me, but I think what I will do is use a Draytek Vigor with its own firmware to set up the VLAN stuff.
I will use the netgear with DDWRT as wireless interfaces behind the Draytek. I think that would be the quickest way and then it gives me time to experiment with DD-WRT further.
Joined: 13 Aug 2013 Posts: 6866 Location: Romerike, Norway
Posted: Sun Oct 22, 2017 19:16 Post subject:
You only have vlan 0 and 1. There is no vlan 5.
This should configure the vlans:
nvram set vlan2hwname=`nvram get vlan0hwname`
nvram set vlan3hwname=`nvram get vlan0hwname`
nvram set vlan4hwname=`nvram get vlan0hwname`
nvram set vlan5hwname=`nvram get vlan0hwname`
nvram set vlan2ports="1 5"
nvram set vlan3ports="2 5"
nvram set vlan4ports="3 5"
nvram set vlan5ports="4 5"
nvram commit
reboot