rate limiting with WAP only

Post new topic   Reply to topic    DD-WRT Forum Index -> Broadcom SoC based Hardware
View previous topic :: View next topic  
Author Message
meeotch
DD-WRT Novice


Joined: 21 Feb 2010
Posts: 2
PostPosted: Sun Feb 21, 2010 3:09    Post subject: rate limiting with WAP only Reply with quote
I've been attempting to rate-limit by MAC address, and having no luck with scripts. I'm wondering if perhaps it's because I've got my wireless router set up as a WAP. (The wireless router is connected via LAN port to a wired router that handles WAN, DHCP, etc. Wireless router WAN port is disconnected & my connection type set to "disabled".)

As a test, I telnet'ed in, and tried this:

Code:
iptables -I FORWARD -m mac --mac-source XX:XX:XX:XX:XX:XX -p tcp -j DROP

(MAC address deleted from the above, obviously.) But the computer with that MAC was still able to reach the internet. So I listed the FORWARD chain:

Code:
iptables -L FORWARD -v

and all the packet and byte counts were 0.

I take this to mean that there's no actual routing going on. Is there a way to keep this config (wired router handles WAN, NAT, etc.), but still get iptables control of wireless clients through dd-wrt?

I've tried both in "gateway" and "OSPF router" mode. Doesn't seem to make a difference - both modes allow wireless clients access to the network, but can't block or rate limit.
Back to top View user's profile Send private message
Sponsor
phuzi0n
DD-WRT Guru


Joined: 10 Oct 2006
Posts: 10141
PostPosted: Sun Feb 21, 2010 4:32    Post subject: Reply with quote
WAP's bridge/switch, they do not route. Routing requires going from one subnet to another, but all it's doing is extending the main router's subnet.

Set the QoS interface to LAN&WLAN, only enter the uplink value which will actually affect both directions with this method, and add insmod ebtables to your firewall script.
_________________
Read the forum announcements thoroughly! Be cautious if you're inexperienced.
Available for paid consulting. (Don't PM about complicated setups otherwise)
Looking for bricks and spare routers to expand my collection. (not interested in G spec models)
Back to top View user's profile Send private message
meeotch
DD-WRT Novice


Joined: 21 Feb 2010
Posts: 2
PostPosted: Sun Feb 21, 2010 5:09    Post subject: Reply with quote
Thanks for the quick reply. I took a look at the QoS page & help. Am I understanding correctly that this method will only *prioritize* one MAC over another - rather than applying a hard rate limit? The latter is what I'm attempting.

If that's the case, should I be investigating how to set up the WAP as a router on its own subnet instead? (I'm a bit new to serious networking stuff, but eager to learn, I suppose.)

Some googling produced this article: http://blogs.walkerart.org/newmedia/2009/06/22/build-a-bridging-firewall-cheap/ which suggests that it's possible to set up as a bridge, but use

Code:
insmod ebtables
insmod ebtable_filter
insmod ebt_ip.o

to get iptables functionality.
Back to top View user's profile Send private message
Display posts from previous:    Page 1 of 1
Post new topic   Reply to topic    DD-WRT Forum Index -> Broadcom SoC based Hardware All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum