Menu
What's new
By:
Filters Better Search

Guest network DHCP

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

J

JRusso

Occasional Visitor
Hi,

I have DHCP disabled on the router and a server on my LAN is handling DHCP. I have setup a guest network that does not have access to the intranet. Devices connected to the guest network never get an IP address and thus cannot connect to the internet. I had tried to use custom config files with dnsmasq.conf to serve the guest network on interface wl0.1 but have had no success. I have searched and found various posts about this, but I have not been able to get it working. Does anyone have this setup working? If so could you help point me in the right direction?

Thank you.
 
did you use my script to create the network on a new bridge? if so, you should probably specify the bridge interface (br1, for example) rather than wl0.1
 
ah, are you running the router in ap mode or router mode? that might be the difference
 
Router mode.

One more question. If I follow your script to place the guest network on a separate bridge, what would I use for the default gateway when setting up the dnsmasq.conf file?

Code: 
dhcp-range=wl0.1,192.168.85.50,192.168.85.100,255.255.25 5.0,86400s
dhcp-option=wl0.1,15,guest
dhcp-option=wl0.1,3,192.168.XXX.XXX << your wireless gateway IP
dhcp-option=wl0.1,6,8.8.8.8,8.8.4.4
 
85.1 as long as you use the 255.255.255.0 netmask, which incidentally looks like you typo'd a space into

also, do remember to change those wl0.1's to br1 if you use the script
 
Last edited:
It was a typo.

My plan would be to add a dnsmasq.conf.add with the following information after running your script.

Code: 
interface=br1
dhcp-range=br1,192.168.85.50,192.168.85.100,255.255.255.0,86400s
dhcp-option=br1,15,guest
dhcp-option=br1,3,192.168.85.1
dhcp-option=br1,6,8.8.8.8,8.8.4.4

Should this work?
 
yes, but i'd consider using 192.168.85.1 for the dns servers rather than 8.8.8.8, and set 8.8.8.8 under the wan interface of the main router, with the main router's lan ip set as the asus router's dns server on the wan page; i'm assuming you are running double-nat. also, i'd make sure the asus' regular lan ip is a different network than the lan of the main router. hope that makes sense lol

the reason for this is so that the clients dont have to go as far for dns

[edit/] crap, forgot you disabled dns for the asus lan, you are probably going to need to re-enable dnsmasq for that, dnsmasq can be configured to serve both networks, br0 and br1. you onlly disable dnsmasq when you run the router in ap mode, sorry
 
Last edited:
Ok now I am confused. Let me try to explain better.

I have a modem from my ISP, which is plugged into the ASUS RT-n66u which is my router. I have DHCP turned off on the router. I have a windows server handling my dhcp and dns from my LAN.

I want to setup a guest wireless network, with intranet access disabled and have DHCP handled by the router.

Is that possible?
 
yes, gotta take care of something before i can get back in front of a computer and get this sorted out (eta 10 minutes), but just to clarify; the modem is also a router for the rest of your lan? or does the router get the wan ip?
 
Router grabs a WAN IP via DHCP from the modem. Comcast cable modem if that helps. The ASUS is the only router on the network. No rush, I am not going to be able to test the changes out until tomorrow. Thank you so much.
 
ok, your way makes things easier lol; since you have your windows box serving dhcp/dns for the rest of the lan. i pulled this right off my router, though i'm not using a guest AP, but should work just fine; drop the below into /jffs/configs/dnsmasq.conf

[REMOVED so people don't accidentally use an incorrect configuration]
 
Last edited:
So I create the guest network, add it to the br1 bridge created with your script and then change the dnsmasq file?

Also I don't have to change the lan to br1 in the following lines?
Code: 
dhcp-option=lan,15,ROUTERHOSTNAME
dhcp-option=lan,3,192.168.85.1
dhcp-option=lan,6,192.168.85.1,0.0.0.0
dhcp-option=lan,44,192.168.85.1
 
Last edited:
nah, that appears to be just an alias. i was considering changing it to 'guestlan', but i figured may as well just use what i know worked for me
 
Ok I will report back tomorrow on how I make out. I really appreciate you taking the time to help me out.
 
i did a little searching, and it looks like where it says 'lan' can actually be used to specify the interface, for those wanting to use dnsmasq to serve both the regular and guest lans

i think something like thus;
Code: 
pid-file=/var/run/dnsmasq.pid
user=nobody
resolv-file=/tmp/resolv.conf
no-poll
min-port=4096
[B]bind-interfaces[/B]
interface=br0
interface=br1
domain=LOCALDOMAINNAME
expand-hosts
no-negcache
cache-size=1500
dhcp-range=br0,192.168.0.100,192.168.85.200,255.255.255.0,86400s
dhcp-lease-max=253
dhcp-authoritative
dhcp-option=br0,15,ROUTERHOSTNAME
dhcp-option=br0,3,192.168.0.1
dhcp-option=br0,6,192.168.0.1,0.0.0.0
dhcp-option=br0,44,192.168.0.1
dhcp-range=br1,192.168.85.100,192.168.0.200,255.255.255.0,86400s
dhcp-option=br1,15,ROUTERHOSTNAME
dhcp-option=br1,3,192.168.85.1
dhcp-option=br1,6,192.168.85.1,0.0.0.0
dhcp-option=br1,44,192.168.85.1
read-ethers
addn-hosts=/etc/hosts.dnsmasq
quiet-dhcp

[edit1]REMOVED EDIT [/edit1]

[edit2/] accidentally botched this script's dhcp ranges; fixed
 
Last edited:
Ok, so I am doing some testing right now. It still doesn't seem to be working. I spilt the guest network to br1 with the wan-start script that works.

I added the dnsmasq.conf file, but I am never able to pull and IP address when on the guest network. Actually I am not able to connect to the guest network at all, and have some issue browsing the internet while on the regular wifi network if the guest network intranet access is disabled. If I format the JFFS and go back to how I started the internet problems on the regular network go away.
 
just to clarify, the wan-start script works for you?

if you specify a manual configuration on a client attached to the guest network, like

ip: 192.168.85.111
netmask: 255.255.255.0
gateway: 192.168.85.1
dns: 8.8.8.8

the client on the guest ap sees the internet, while a machine configured for the regular lan can also see the internet?

it could be that the script is incomplete, dnsmasq is conflicting with the other network;

[edit] rather, your other dns server is conflicting with dnsmasq on the other network [/edit]

Code: 
#!/bin/sh
WANIP=$(/sbin/ifconfig eth0|grep 'inet addr'|cut -d':' -f2|awk '{print $1}')
brctl delif br0 wl0.1
brctl addbr br1
brctl addif br1 wl0.1
ifconfig br1 192.168.85.1 netmask 255.255.255.0 broadcast 192.168.85.255
iptables -t nat -I POSTROUTING -o eth0 -j SNAT --to $WANIP
iptables -I FORWARD -i br1 -m state --state NEW -j ACCEPT
iptables -I FORWARD -i br1 -o br0 -m state --state NEW -j DROP
[B]iptables -I FORWARD -i br0 -o br1 -m state --state NEW -j DROP[/B]

try adding that last line and see if the dhcp conflicts go away
 
Last edited:
and use this for dnsmasq.conf

Code: 
pid-file=/var/run/dnsmasq.pid
user=nobody
resolv-file=/tmp/resolv.conf
no-poll
min-port=4096
bind-dynamic
interface=br1
domain=LOCALDOMAINNAME
expand-hosts
no-negcache
cache-size=1500
dhcp-range=br1,192.168.85.100,192.168.85.200,255.255.255.0,86400s
dhcp-lease-max=253
dhcp-authoritative
dhcp-option=br1,15,ROUTERHOSTNAME
dhcp-option=br1,3,192.168.85.1
dhcp-option=br1,6,192.168.85.1,0.0.0.0
dhcp-option=br1,44,192.168.85.1
read-ethers
addn-hosts=/etc/hosts.dnsmasq
quiet-dhcp

with the appropriate changes for LOCALDOMAINNAME and ROUTERHOSTNAME

(sorry, i was thinking about adding that last line for iptables earlier, but i didn't do enough testing)
 
yes the wan-start script works. I can't try manually adding a ipaddress on the guest network, because when I have the wan-start script and dnsmasq.conf running I can't connect to the guest network.

I'll make the suggested change right now and report back.
 
You must log in or register to reply here.

Similar threads

D
Creating an ethernet guest network
Replies
5
Views
422
coxhaus
C
N
guest network questions
Replies
9
Views
613
ColinTaylor
C
D
Guest network with intranet access v. using the main network
Replies
4
Views
528
ColinTaylor
C
O
Solved Devices not going to the guest network
Replies
8
Views
549
Dedel66
Dedel66
F
AI mesh guest network 1 issues
Replies
3
Views
463
Fuechslein
F
Similar threads
Thread starter Title Forum Replies Date
H changed AC68U to AX86U Pro, same guest network setting but all devices gone? Asuswrt-Merlin 11
D Creating an ethernet guest network Asuswrt-Merlin 5
S Network printer no longer available after activating Guest networks Asuswrt-Merlin 18
R Wireless MAC (Band filter filtering out Guest network) Asuswrt-Merlin 2
R Guest network MAC address white listing limit Asuswrt-Merlin 5
B Single guest network where devices can interact Asuswrt-Merlin 6
J Change the name of the guest network in network map? Asuswrt-Merlin 1
D Guest network with intranet access v. using the main network Asuswrt-Merlin 4
J Pihole/Yazfi with guest network Asuswrt-Merlin 4
F AI mesh guest network 1 issues Asuswrt-Merlin 3

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Total: 702 (members: 20, guests: 682)
Top