1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.
Dismiss Notice

Welcome To SNBForums

SNBForums is a community for anyone who wants to learn about or discuss the latest in wireless routers, network storage and the ins and outs of building and maintaining a small network.

If you'd like to post a question, simply register and have at it!

While you're at it, please check out SmallNetBuilder for product reviews and our famous Router Charts, Ranker and plenty more!

Confirm AC1200G+ Guest network "access intranet" possible vulnerability (2.4GHz)

Discussion in 'ASUS Wireless' started by synchron, Feb 11, 2019.

  1. synchron

    synchron New Around Here

    Oct 22, 2015

    Anyone can confirm that setting "access intranet" disabled for Guest Network on AC1200G+ is not working (2.4GHz)?
    It is possible to see all other devices on the network. This doesn't happen with 5GHz Guest network.

    Stock Firmware:
    Mode: Wireless router mode (Default) - It's NOT in AP mode

    Same ebtables rules (created automatically):
    Bridge table: filter
    Bridge chain: INPUT, entries: 0, policy: ACCEPT
    Bridge chain: FORWARD, entries: 4, policy: ACCEPT
    -i wl0.1 -j DROP
    -o wl0.1 -j DROP
    -i wl1.1 -j DROP
    -o wl1.1 -j DROP
    Bridge chain: OUTPUT, entries: 0, policy: ACCEPT
    Bridge table: broute
    Bridge chain: BROUTING, entries: 6, policy: ACCEPT
    -p IPv4 -i wl0.1 --ip-dst --ip-proto icmp -j ACCEPT
    -p IPv4 -i wl0.1 --ip-dst --ip-proto icmp -j DROP
    -p IPv4 -i wl0.1 --ip-dst --ip-proto tcp -j DROP
    -p IPv4 -i wl1.1 --ip-dst --ip-proto icmp -j ACCEPT
    -p IPv4 -i wl1.1 --ip-dst --ip-proto icmp -j DROP
    -p IPv4 -i wl1.1 --ip-dst --ip-proto tcp -j DROP

    Rules seem to be working for wl1.1 (5Ghz) but having no effect for wl0.1 ((2.4GHz)

    I would really appreciate if anyone can confirm this. Thank you.