![]() ![]() ![]() Iptables -I INPUT -i br1 -p tcp -dport www -j REJECT -reject-with tcp-reset Iptables -I INPUT -i br1 -p tcp -dport ssh -j REJECT -reject-with tcp-reset Iptables -I INPUT -i br1 -p tcp -dport telnet -j REJECT -reject-with tcp-reset Iptables -I FORWARD -i br0 -o br1 -m state -state NEW -j DROP More Firewall Rules to isolate guest and restrict services' access: Iptables -I FORWARD -i br1 -o br0 -m state -state NEW -j DROP Iptables -I FORWARD -i br1 -m state -state NEW -j ACCEPT Iptables -t nat -I POSTROUTING -o `get_wanface` -j SNAT -to `nvram get wan_ipaddr` Copy/paste the below, then click Save Firewall.Firewall Rules to secure the private network and give the guest network internet access:.Networking tab: under “Multiple DHCP Server” click “Add” and select the new bridge.Under “Assign to Bridge” click “Add", select the new bridge, then assign it to the new virtual interface.Under “Create Bridge” click “Add”, name it, then set a different subnet.Wireless Security tab: also use a separate password, and WPA2 AES security.“Add” a “Virtual Interface”, give this guest network a separate SSID, and “Enable” “AP Isolation”.Firewall changes should not be needed for a normal gateway router setup.See Guest WiFi + abuse control for beginners Kong added easy Guest Network capability to DD-WRT starting with build 23020. In Additional DNSMasq Options, add the IP address and range for the appropriate virtual guest interface.Services -> Services -> DNSMasq: Enable DNSMasq, but leave other options disabled. ![]() Wireless -> Wireless Security set up the new "Virtual Interface" (e.g.Set the Optional DNS Target (if needed), IP Address (e.g.Enable Forced DNS Redirection to prevent users from circumventing content filters ( see Public DNS).Enable the following options: AP Isolation, Net Isolation.Wireless -> Basic Settings: Click Add Virtual AP under Virtual Interfaces and change the SSID if needed.WAP), as iptables ( Firewall) rules are required for internet access ( Multiple DHCP Server is not available with the WAN disabled). See VAP with no WAN for setups without a WAN (e.g. A Guest Network is a separate SSID (wireless network ID) using a virtual access point (VAP) that gives guest access to the WAN (internet) while blocking them from your LAN (local network), thereby protecting your security. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. Archives
January 2023
Categories |