Second post for 1 more image. I am at a loss what elese to do. I can connect but no internet. and every thing i read says enable NAT but there is no NAT option
So i changed it up a little and converted it to a gateway. and now guest mode doesnt work. But i did find NAT with gateway active. SO NAT must be associated with the Gateway.
Maybe this is my setup. My dd-wrt router is behind the ISP router. The ISP router is subnet 11. The dd-wrt router is broadcast my guest network on subnet 10.
Is guest mode possible if the dd-wrt router is attached to the ISP router? I have a computer that is connected ot the ISP router and whn i attach to the dd-wrt under guest network with AP isolation, NAT, Unbridged and net isolation i can still remote desktop and connect to the computer on the ISP router. which i dont want to do as a guest.
I personally am lazy so I use the GUI to setup my Guest network see attached doc, for WAP see last section (I know @Eibgrad will disapprove and to be honest he has superior knowledge ).
Your original pics from 1st post you might try:
DNSMasq options list interface IP first then DHCP range then DNS.
DNSMasq can be real bitchy about what comes first but on the thinking hand it would make sense to have an active interface before to give it a DHCP range to hand out.....so give that a try in your WAP.
Do a reboot see what shakes out
EDIT:
example for DNSMasq addittional options for WAP described in 1st post:
interface=wl0.1
dhcp-option=wl0.1,3,192.168.10.1
dhcp-range=wl0.1,192.168.10.100,192.168.10.149,255.255.255.0,1h
There should be no need to use the DNS (6) option in this case since all of wl0.1 clients will use its LAN IP as DNS just like main interface on a dd-wrt gateway. This option is usually used for a different 'Target DNS' --- and that will only work on a WAP if main router is not catching everything on port 53. If you don't get DNS you can try using it but 99% chance if you don't get DNS on a WAP Guest Network it is a problem in the firewall.
Notice I also changed the 60m to 1h ... I use 12h on all my guest networks -- just seems more reasonalble.
The point being what you may see in DNSMasq official MAN pages may not always work w/dd-wrt.
I have no idea what build you are using but you should be aware that dd-wrt tends to break small things from time to time making consistency across builds (and multiple routers) a trying endeavor to keep track of.
I know a while back their was a screw-up for many many builds (several months) where dd-wrt 'multiple DHCP server' lease time read the input as hrs rather than minutes and its default was 1440 which actualy gave lease time as 60 days .... didn't see anyone talking about it and me being the good 'lil minion I just didn't mention it ...all sorts of things get outta-whack here
if you have setup as br1 and all correct and getting DHCP.
you should throw this in the commands page and 'SAVE as FIREWALL'
iptables -I FORWARD -i br1 -d `nvram get lan_ipaddr`/`nvram get lan_netmask` -m state --state NEW -j DROP
iptables -t nat -I POSTROUTING -o br0 -j SNAT --to `nvram get lan_ipaddr`
see ifin dat'll help ya
and yea this is for a WAP -- WAN disabled --- operating mode = router
Can you guys critique that section, particularly with regard to "-i" difference with the above:
Wiki wrote:
iptables -I FORWARD -i wl0.1 [...]
Is the latter specific to the new dnsmasq method only, while "br1" would be used with a VAP for the other method? I.e. to clarify this in the wiki.
Fwiw, I've tested the dnsmasq+VAP method on two (W)AP's.
the first rule interface br1 should block anything that is bridged to br1 from accessing devices on main network.
could be replaced with wl0.1 or ath0.1 but AFAIK it is not needed there because net isolation will do the job.
net isolation works somewhat on the WAP when multiple interfaces are bridged via br1 but is not reliable and if I remember correctly you could always get to the main router using it's IP..... also remember this may vary on some builds.
I actually haven't tested it much in a few months.
2nd rule just allows other interfaces on the WAP access to it's LAN therefore onto main subnets WAN.
It's same and only rule needed if running ovpn server on a WAP.
I can say I don't fully understand it because looks to me as direct conflict with first but imma no genius in such
if you have setup as br1 and all correct and getting DHCP.
you should throw this in the commands page and 'SAVE as FIREWALL'
iptables -I FORWARD -i br1 -d `nvram get lan_ipaddr`/`nvram get lan_netmask` -m state --state NEW -j DROP
iptables -t nat -I POSTROUTING -o br0 -j SNAT --to `nvram get lan_ipaddr`
see ifin dat'll help ya
and yea this is for a WAP -- WAN disabled --- operating mode = router
I got it up and running now looking at your guide. I went back to not using the bridge. Not sure why it worked now and not earlier, but it is working good now thanks
I have the same issue. My router is running in DHCP to pull the WAN connection from the cable modem.
I've setup the VAP (unbridged), and assigned wl0.1 in DHCPd.
Devices can connect and be assinged IP addresses, but no internet connection. I used the GUI method in the wiki (same as the guide posted by egc) but it simply doesn't work. I assume I'll have to use the terminal commands posted.
I'm actually at loss as I've tried various methods, and will have to do a factory reset to make sure I'm starting from a clean install. Can someone please help?
Config as follows:
Test_vap (wl0.1)
IP address 192.168.2.1
DHCP range 192.168.2.3-100
subnet: 255.255.255.0
Devices can connect and be assinged IP addresses, but no internet connection. I used the GUI method in the wiki (same as the guide posted by egc) but it simply doesn't work. I assume I'll have to use the terminal commands posted.
Yes, rebooted, no luck. Tried both the DHCPd and DNSmasq method, no joy with either. I removed the DHCPd entry, rebooted, then tried the DNSmasq commands to ensure there was no conflicting commands in memory, but still no internet on the VAP. What is the issue?
Yes, rebooted, no luck. Tried both the DHCPd and DNSmasq method, no joy with either.
Was this working on a previous build? Recent builds have had various issues, and some only on certain routers. My guest VAP (dnsmasq+AP method) was still bcasting on my WNDR4000 and WNDR4500v2 CB+APs with 34929, but I didn't actually test connecting to them this time.
Check the new build threads and try an older build, like 33772. _________________ #NAT/SFE/CTF: limited speed w/ DD#Repeater issues#DD-WRT info: FAQ, Builds, Types, Modes, Changes, Demo#
OPNsense x64 5050e ITX|DD: DIR-810L, 2*EA6900@1GHz, R6300v1, RT-N66U@663, WNDR4000@533, E1500@353,
WRT54G{Lv1.1,Sv6}@250|FreshTomato: F7D8302@532|OpenWRT: F9K1119v1, RT-ACRH13, R6220, WNDR3700v4