What's new

Can you edit iptables rules on Factory firmware to isolate guest network in AP mode?

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

nikr

Regular Contributor
Currently I am running merlin build on my Ax86U in router mode, but I am thinking about switching Ax86U to AP mode with factory firmware, with my netgear running openwrt as router/gateway. Since I have frequent visitors Guest network is a must for me and in AP mode guest network is useless in AX86U. I am thinking of editing iptables rules for isolating guest network by allowing guests to only talk to router for DNS and DHCP and nothing else. So my questions, can something like this be done? If yes, has anyone done it and can you please share iptables rules please.

My iptables skills are very very poor. I might be able to come up with something if I'll bang my head on keyboard long enough, but with work-from-home / learn-form-home, I can't have my network down for long.
 
Why not using the Netgear as a guest router, w/ its WAN patched to a LAN port on the AX68U. All you need is some firewall rules on the Netgear to prevent access to the upstream private network of the AX68U over the Netgear's WAN.

Of course, you could reverse the roles of the routers, but seems to me better to make the more powerful router+firmware the primary router.
 
Why not using the Netgear as a guest router, w/ its WAN patched to a LAN port on the AX68U
Because netgear router is going to be located in basement right next to my modem from where i have ethernet going to almost every room in the house. And my asus ap is going to on 2nd floor between kitchen and family room which is approximately the center of my house. It allows me to put all my networking equipment in the basement and also plug in all the rooms to the router in case i ever want to use ethernet for something.

Right now i am using old n66u in media bridge mode sitting in basement and all the rooms plugged into it. This setup works fine but a better solution would be to have router down there and ap in kitchen*.

This is how it use to be in past when i was using unify and ddwrt/openwrt before that.
 
The short answer to your question is No. In AP mode there is no routing therefore there are no iptables rules to edit.
 
Last edited:

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top