No internet access on Guest wireless (BR1)

Post new topic   Reply to topic    DD-WRT Forum Forum Index -> Senao Devices
Author Message
gimosuby
DD-WRT Novice


Joined: 22 Feb 2013
Posts: 3

PostPosted: Mon Feb 25, 2013 20:14    Post subject: No internet access on Guest wireless (BR1) Reply with quote
I have a EnGenius (ECB3500), flashed it to DD-WRT and bought activation. I'm trying to create an Access Point with regular and guest access.

My gateway to internet is 10.10.10.1 (255.255.255.0)

Disabled WAN on router and set up LAN IP as 10.10.10.41. (255.255.255.0)
(Router only has one port)

"Assign WAN Port to Switch" is checked.

Set up Ath0 wireless, and Ath0.1 (For Guest access).

Ath0 works great, client can access gets IP from main DHCP server and can access internet, however Ath0.1 does not work. Client get IP from DHCP server on DD-WRT router, but no internet access. Can anyone help me out?

This is what I did so far:

Followed these instructions (http://www.dd-wrt.ca/wiki/index.php/Multiple_WLANs)

Created a bridge: br1 with IP: 192.168.2.1 (255.255.255.0)

Asigned ath0.1 to br1, and created DHCP server.
Set DNSMasq options as follows:

# Enables DHCP on br1
interface=br1
# Set the default gateway for br1 clients
dhcp-option=br1,3,192.168.2.1
# Set the DHCP range and default lease time of 24 hours for br1 clients
dhcp-range=br1,192.168.2.100,192.168.2.150,255.255.255.0,24h


I then connected to Ath0.1 fine, got an IP from DHCP, but cannot access internet.

Went to Administration/Commands and saved to Firewall:

#Restrict br1 from accessing br0's subnet but pass traffic through br0 to the internet (for WAP's - WAN port disabled)
iptables -I FORWARD -i br1 -d `nvram get lan_ipaddr`/`nvram get lan_netmask` -m state --state NEW -j DROP

#Enable NAT for traffic being routed out br0 so that br1 has connectivity (for WAP's - WAN port disabled)
iptables -t nat -I POSTROUTING -o br0 -j SNAT --to `nvram get lan_ipaddr`

#Restrict br1 from accessing the router's local sockets (software running on the router)
iptables -I INPUT -i br1 -m state --state NEW -j DROP
Sponsor
Sash
DD-WRT Guru


Joined: 20 Sep 2006
Posts: 17563
Location: Hesse/Germany

PostPosted: Tue Feb 26, 2013 22:54    Post subject: Reply with quote
upgrade 1st
_________________
Forum Guidelines...How to get help
&
Forum Rules
&
RTFM/STFW
&
Throw some buzzwords into the WIKI search Exclamation
_________________
I'm NOT rude, just offer pure facts!
_________________
Atheros (TP-Link & Clones, etc ) debrick service in EU
_________________
Guide on HowTo be Safe, Secure and Protect Your Online Anonymity!
gimosuby
DD-WRT Novice


Joined: 22 Feb 2013
Posts: 3

PostPosted: Tue Feb 26, 2013 23:36    Post subject: Upgrade? Reply with quote
Upgrade 1st? You mean activate the license? I've done that
Sash
DD-WRT Guru


Joined: 20 Sep 2006
Posts: 17563
Location: Hesse/Germany

PostPosted: Wed Feb 27, 2013 13:16    Post subject: Reply with quote
read:
_________________
Forum Guidelines...How to get help
&
Forum Rules
&
RTFM/STFW
&
Throw some buzzwords into the WIKI search Exclamation
_________________
I'm NOT rude, just offer pure facts!
_________________
Atheros (TP-Link & Clones, etc ) debrick service in EU
_________________
Guide on HowTo be Safe, Secure and Protect Your Online Anonymity!
gimosuby
DD-WRT Novice


Joined: 22 Feb 2013
Posts: 3

PostPosted: Wed Feb 27, 2013 18:28    Post subject: Thanks Reply with quote
Okay, I've spent hours getting this to work, trying all kinds of different ways.

But now it's working!

So here's what I did:
I did an upgrade to the very latest Beta(choosing: "Don't reset" settings), however I had problems with the AP's not showing (Even with SSID broadcast). So I reset to factory settings.

Set everything up again and it was working..

I just don't like running on the very latest Beta, so I did a firmware upgrade down to 13064 (the recommended beta), and everything continued to work smoothly.

My firewall config is this:
Code:
#Enable NAT for traffic being routed out br0 so that br1 has connectivity (for WAP's - WAN port disabled)
iptables -t nat -I POSTROUTING -o br0 -j SNAT --to `nvram get lan_ipaddr`

#Restrict br1 from accessing br0's subnet but pass traffic through br0 to the internet (for WAP's - WAN port disabled)
iptables -I FORWARD -i br1 -d `nvram get lan_ipaddr`/`nvram get lan_netmask` -m state --state NEW -j DROP

#Prevent access to router from br1
iptables -I INPUT -i br1 -p tcp --dport telnet -j REJECT --reject-with tcp-reset
iptables -I INPUT -i br1 -p tcp --dport ssh -j REJECT --reject-with tcp-reset
iptables -I INPUT -i br1 -p tcp --dport www -j REJECT --reject-with tcp-reset
iptables -I INPUT -i br1 -p tcp --dport https -j REJECT --reject-with tcp-reset

#Force the use of local DNS Servers on br1
iptables -t nat -A PREROUTING -i br1 -p udp --dport 53 -j DNAT --to $(nvram get lan_ipaddr)
iptables -t nat -A PREROUTING -i br1 -p tcp --dport 53 -j DNAT --to $(nvram get lan_ipaddr)


Also, 'Setup/Advanced Routing/Operating Mode' is set to Gateway.

Not sure, if upgrading then downgrading helped fix this issue or whether it just helped me find that sweet spot config, either way - thanks Sash
powelljconnor
DD-WRT Novice


Joined: 09 May 2013
Posts: 2

PostPosted: Sat May 11, 2013 14:34    Post subject: Re: Thanks Reply with quote
gimosuby wrote:
Okay, I've spent hours getting this to work, trying all kinds of different ways.

But now it's working!

So here's what I did:
I did an upgrade to the very latest Beta(choosing: "Don't reset" settings), however I had problems with the AP's not showing (Even with SSID broadcast). So I reset to factory settings.

Set everything up again and it was working..

I just don't like running on the very latest Beta, so I did a firmware upgrade down to 13064 (the recommended beta), and everything continued to work smoothly.

My firewall config is this:
Code:
#Enable NAT for traffic being routed out br0 so that br1 has connectivity (for WAP's - WAN port disabled)
iptables -t nat -I POSTROUTING -o br0 -j SNAT --to `nvram get lan_ipaddr`

#Restrict br1 from accessing br0's subnet but pass traffic through br0 to the internet (for WAP's - WAN port disabled)
iptables -I FORWARD -i br1 -d `nvram get lan_ipaddr`/`nvram get lan_netmask` -m state --state NEW -j DROP

#Prevent access to router from br1
iptables -I INPUT -i br1 -p tcp --dport telnet -j REJECT --reject-with tcp-reset
iptables -I INPUT -i br1 -p tcp --dport ssh -j REJECT --reject-with tcp-reset
iptables -I INPUT -i br1 -p tcp --dport www -j REJECT --reject-with tcp-reset
iptables -I INPUT -i br1 -p tcp --dport https -j REJECT --reject-with tcp-reset

#Force the use of local DNS Servers on br1
iptables -t nat -A PREROUTING -i br1 -p udp --dport 53 -j DNAT --to $(nvram get lan_ipaddr)
iptables -t nat -A PREROUTING -i br1 -p tcp --dport 53 -j DNAT --to $(nvram get lan_ipaddr)


Also, 'Setup/Advanced Routing/Operating Mode' is set to Gateway.

Not sure, if upgrading then downgrading helped fix this issue or whether it just helped me find that sweet spot config, either way - thanks Sash


Hey, were you able to fix this with the update now?

_________________
steve barbarich
chrisrow
DD-WRT Novice


Joined: 01 Mar 2014
Posts: 1

PostPosted: Sat Mar 01, 2014 3:21    Post subject: Reply with quote
In the information era, people’s life is filled with hustles and bustles. Sometimes we just want a quiet environment to enjoy ourselves. Then you may need this phone jammer masking for acoustic interference against listening devices.
kostac
DD-WRT Novice


Joined: 14 Feb 2015
Posts: 1

PostPosted: Sat Feb 14, 2015 14:30    Post subject: Re: Thanks Reply with quote
gimosuby wrote:
Okay, I've spent hours getting this to work, trying all kinds of different ways.

But now it's working!

So here's what I did:
I did an upgrade to the very latest Beta(choosing: "Don't reset" settings), however I had problems with the AP's not showing (Even with SSID broadcast). So I reset to factory settings.

Set everything up again and it was working..

I just don't like running on the very latest Beta, so I did a firmware upgrade down to 13064 (the recommended beta), and everything continued to work smoothly.

My firewall config is this:
Code:
#Enable NAT for traffic being routed out br0 so that br1 has connectivity (for WAP's - WAN port disabled)
iptables -t nat -I POSTROUTING -o br0 -j SNAT --to `nvram get lan_ipaddr`

#Restrict br1 from accessing br0's subnet but pass traffic through br0 to the internet (for WAP's - WAN port disabled)
iptables -I FORWARD -i br1 -d `nvram get lan_ipaddr`/`nvram get lan_netmask` -m state --state NEW -j DROP

#Prevent access to router from br1
iptables -I INPUT -i br1 -p tcp --dport telnet -j REJECT --reject-with tcp-reset
iptables -I INPUT -i br1 -p tcp --dport ssh -j REJECT --reject-with tcp-reset
iptables -I INPUT -i br1 -p tcp --dport www -j REJECT --reject-with tcp-reset
iptables -I INPUT -i br1 -p tcp --dport https -j REJECT --reject-with tcp-reset

#Force the use of local DNS Servers on br1
iptables -t nat -A PREROUTING -i br1 -p udp --dport 53 -j DNAT --to $(nvram get lan_ipaddr)
iptables -t nat -A PREROUTING -i br1 -p tcp --dport 53 -j DNAT --to $(nvram get lan_ipaddr)


Also, 'Setup/Advanced Routing/Operating Mode' is set to Gateway.

Not sure, if upgrading then downgrading helped fix this issue or whether it just helped me find that sweet spot config, either way - thanks Sash


Hey gimosuby, thank you!!!

Your excellent post solved the guest AP setup for me on my
Linksys WRT160N v3
DD-WRT v24-sp2 (03/25/13) mini - build 21061

The only thing lacking at this point is to get unique password protection working the guest AP. When I try to setup a password on any WPA2 Personal combination, it refuses to authenticate the client.

I any event, your post was great. Thanks again. K
Arafania
DD-WRT Novice


Joined: 20 Mar 2015
Posts: 1

PostPosted: Fri Mar 20, 2015 6:53    Post subject: Wow !! Great Reply with quote
Wow !!! This is a Great topic Sir, Just Keep.It up :)isit Plz http://Arafania.Com V
Display posts from previous:    Page 1 of 1
Post new topic   Reply to topic    DD-WRT Forum Forum Index -> Senao Devices All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum