What's new

Different DHCP range of different WLAN

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

joachimmg

New Around Here
Hi.

I've tried to follow and adopt these two guides for my needs:
  1. https://github.com/RMerl/asuswrt-me...or-VPN-and-SSID-for-Regular-ISP-using-OpenVPN.
  2. https://github.com/RMerl/asuswrt-me...dicated-DHCP-options-bind-to-a-specific-SSID?
The first one does include a VPN, which I dont want in this setup, and the second one doesn't seems to work, so I have tried to do changes to the code and adjusting some of the parameters, but without luck.

What I'd like to comprehend is having the guest network to run on a different DHCP. I would like the IP to differ from the guest network to the «personal», and split this network range into two:
  • Guest network 1 (wl0.1, wl1.1, wl2.1) to use 192.168.2.1 - 192.168.2.128
  • Guest network 2 (wl0.2, wl1.2, wl2.2) to uset 192.168.2.128 - 192.168.2.255
This is what I do now, to test:

https://git.giaever.org/joachimmg/merlinwrt-ssid-if-specific/src/master/assign-ip-ssid (I known wl1.2 and wl2.2 arent included right now, but I use guest network 1 to test with at the time).

The clients do get new IP's (in 192.168.2.x instead of 192.168.1.x), but the internet doesnt work, so I believe the network arent routed correctly.

Any idea what I'll do work?
 
Last edited:
Thank you, I've tried to adopt this, but without any luck. Still no internet...

Updated code: https://git.giaever.org/joachimmg/merlinwrt-ssid-if-specific/src/master/assign-ip-ssid

What it does:
  1. Setting information in /etc/dnsmasq.conf, this is the result:
    log-dhcp
    interface=wl0.1
    dhcp-range=wl0.1,192.168.2.1,192.168.2.128,255.255.255.0,24h
    dhcp-option=wl0.1,3,192.168.2.1
    dhcp-option=wl0.1,6,8.8.8.8,8.8.4.4
    dhcp-option=wl0.1,252,"\n"
    interface=wl1.1
    dhcp-range=wl1.1,192.168.2.1,192.168.2.128,255.255.255.0,24h
    dhcp-option=wl1.1,3,192.168.2.1
    dhcp-option=wl1.1,6,8.8.8.8,8.8.4.4
    dhcp-option=wl1.1,252,"\n"
    interface=wl2.1
    dhcp-range=wl2.1,192.168.2.1,192.168.2.128,255.255.255.0,24h
    dhcp-option=wl2.1,3,192.168.2.1
    dhcp-option=wl2.1,6,8.8.8.8,8.8.4.4
    dhcp-option=wl2.1,252,"\n"
    interface=wl0.2
    dhcp-range=wl0.2,192.168.2.129,192.168.2.255,255.255.255.0,24h
    dhcp-option=wl0.2,3,192.168.2.1
    dhcp-option=wl0.2,6,8.8.8.8,8.8.4.4
    dhcp-option=wl0.2,252,"\n"
  2. This is the is the commands that is issued (from log). The zero after «commandname» indicate a successful execution:
    Feb 6 15:49:00 dnsmasq[1084]: exiting on receipt of SIGTERM
    Feb 6 15:49:01 torchim: dnsmasq-dhcp: Configure wl0.1 to have special DHCP
    Feb 6 15:49:01 torchim: ifconfig[0] - : ifconfig wl0.1 192.168.2.1 netmask 255.255.255.0 up
    Feb 6 15:49:01 torchim: ebtables[0] - : ebtables -t broute -I BROUTING -p ipv4 -i wl0.1 -j DROP
    Feb 6 15:49:01 torchim: ebtables[0] - : ebtables -t broute -I BROUTING -p ipv6 -i wl0.1 -j DROP
    Feb 6 15:49:01 torchim: ebtables[0] - : ebtables -t broute -I BROUTING -p arp -i wl0.1 -j DROP
    Feb 6 15:49:01 torchim: iptables[0] - : iptables -I FORWARD -i wl0.1 -j ACCEPT
    Feb 6 15:49:01 torchim: iptables[0] - : iptables -I INPUT -i wl0.1 -j ACCEPT
    Feb 6 15:49:01 torchim: dnsmasq-dhcp: Configure wl1.1 to have special DHCP
    Feb 6 15:49:01 torchim: ifconfig[0] - : ifconfig wl1.1 192.168.2.1 netmask 255.255.255.0 up
    Feb 6 15:49:01 torchim: ebtables[0] - : ebtables -t broute -I BROUTING -p ipv4 -i wl1.1 -j DROP
    Feb 6 15:49:01 torchim: ebtables[0] - : ebtables -t broute -I BROUTING -p ipv6 -i wl1.1 -j DROP
    Feb 6 15:49:02 torchim: ebtables[0] - : ebtables -t broute -I BROUTING -p arp -i wl1.1 -j DROP
    Feb 6 15:49:02 torchim: iptables[0] - : iptables -I FORWARD -i wl1.1 -j ACCEPT
    Feb 6 15:49:02 torchim: iptables[0] - : iptables -I INPUT -i wl1.1 -j ACCEPT
    Feb 6 15:49:02 torchim: dnsmasq-dhcp: Configure wl2.1 to have special DHCP
    Feb 6 15:49:02 torchim: ifconfig[0] - : ifconfig wl2.1 192.168.2.1 netmask 255.255.255.0 up
    Feb 6 15:49:02 torchim: ebtables[0] - : ebtables -t broute -I BROUTING -p ipv4 -i wl2.1 -j DROP
    Feb 6 15:49:02 torchim: ebtables[0] - : ebtables -t broute -I BROUTING -p ipv6 -i wl2.1 -j DROP
    Feb 6 15:49:02 torchim: ebtables[0] - : ebtables -t broute -I BROUTING -p arp -i wl2.1 -j DROP
    Feb 6 15:49:02 torchim: iptables[0] - : iptables -I FORWARD -i wl2.1 -j ACCEPT
    Feb 6 15:49:02 torchim: iptables[0] - : iptables -I INPUT -i wl2.1 -j ACCEPT
    Feb 6 15:49:02 torchim: dnsmasq-dhcp: Configure wl0.2 to have special DHCP
    Feb 6 15:49:02 torchim: ifconfig[0] - : ifconfig wl0.2 192.168.2.1 netmask 255.255.255.0 up
    Feb 6 15:49:02 torchim: ebtables[0] - : ebtables -t broute -I BROUTING -p ipv4 -i wl0.2 -j DROP
    Feb 6 15:49:02 torchim: ebtables[0] - : ebtables -t broute -I BROUTING -p ipv6 -i wl0.2 -j DROP
    Feb 6 15:49:02 torchim: ebtables[0] - : ebtables -t broute -I BROUTING -p arp -i wl0.2 -j DROP
    Feb 6 15:49:02 torchim: iptables[0] - : iptables -I FORWARD -i wl0.2 -j ACCEPT
    Feb 6 15:49:02 torchim: iptables[0] - : iptables -I INPUT -i wl0.2 -j ACCEPT
  3. When a device connects to Guest network 1 (wl0.1, wl1.1, wl2.1) this is the log:
    Feb 6 15:49:35 dnsmasq-dhcp[1355]: 3731096641 available DHCP range: 192.168.2.1 -- 192.168.2.128
    Feb 6 15:49:35 dnsmasq-dhcp[1355]: 3731096641 available DHCP range: 192.168.2.1 -- 192.168.2.128
    Feb 6 15:49:35 dnsmasq-dhcp[1355]: 3731096641 available DHCP range: 192.168.2.1 -- 192.168.2.128
    Feb 6 15:49:35 dnsmasq-dhcp[1355]: 3731096641 available DHCP range: 192.168.2.129 -- 192.168.2.255
    Feb 6 15:49:35 dnsmasq-dhcp[1355]: 3731096641 vendor class: android-dhcp-6.0.1
    Feb 6 15:49:35 dnsmasq-dhcp[1355]: 3731096641 client provides name: android-dbcb93945d37e97b
    Feb 6 15:49:35 dnsmasq-dhcp[1355]: 3731096641 DHCPREQUEST(wl0.2) 192.168.2.104 40:b8:37:04:79:9b
    Feb 6 15:49:35 dnsmasq-dhcp[1355]: 3731096641 tags: wl0.1, wl0.2
    Feb 6 15:49:35 dnsmasq-dhcp[1355]: 3731096641 DHCPACK(wl0.2) 192.168.2.104 40:b8:37:04:79:9b android-dbcb93945d37e97b
    Feb 6 15:49:35 dnsmasq-dhcp[1355]: 3731096641 requested options: 1:netmask, 3:router, 6:dns-server, 15:domain-name,
    Feb 6 15:49:35 dnsmasq-dhcp[1355]: 3731096641 requested options: 26:mtu, 28:broadcast, 51:lease-time, 58:T1,
    Feb 6 15:49:35 dnsmasq-dhcp[1355]: 3731096641 requested options: 59:T2
    Feb 6 15:49:35 dnsmasq-dhcp[1355]: 3731096641 next server: 192.168.2.1
    Feb 6 15:49:35 dnsmasq-dhcp[1355]: 3731096641 sent size: 1 option: 53 message-type 5
    Feb 6 15:49:35 dnsmasq-dhcp[1355]: 3731096641 sent size: 4 option: 54 server-identifier 192.168.2.1
    Feb 6 15:49:35 dnsmasq-dhcp[1355]: 3731096641 sent size: 4 option: 51 lease-time 1d
    Feb 6 15:49:35 dnsmasq-dhcp[1355]: 3731096641 sent size: 4 option: 58 T1 12h
    Feb 6 15:49:35 dnsmasq-dhcp[1355]: 3731096641 sent size: 4 option: 59 T2 21h
    Feb 6 15:49:35 dnsmasq-dhcp[1355]: 3731096641 sent size: 4 option: 1 netmask 255.255.255.0
    Feb 6 15:49:35 dnsmasq-dhcp[1355]: 3731096641 sent size: 4 option: 28 broadcast 192.168.2.255
    Feb 6 15:49:35 dnsmasq-dhcp[1355]: 3731096641 sent size: 8 option: 6 dns-server 8.8.8.8, 8.8.4.4
    Feb 6 15:49:35 dnsmasq-dhcp[1355]: 3731096641 sent size: 4 option: 3 router 192.168.2.1
I have marked that I dont understand in red. Dont know why this interface handles this, even though I'm connected to the SSID shared by the interfaces wl0.1, wl1.1 or wl2.1 and the given IP is correct for the interfaces range (below ...128). The interface wl0.2 should handle IPs above ...127

Here's an output of ifconfig
Code:
wl0.1     Link encap:Ethernet  HWaddr 34:97:F6:6F:76:51
          inet addr:192.168.2.1  Bcast:192.168.2.255  Mask:255.255.255.0
          UP BROADCAST RUNNING ALLMULTI MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:2552 errors:0 dropped:5 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:0 (0.0 B)  TX bytes:169460 (165.4 KiB)

wl0.2     Link encap:Ethernet  HWaddr 34:97:F6:6F:76:52
          inet addr:192.168.2.1  Bcast:192.168.2.255  Mask:255.255.255.0
          UP BROADCAST RUNNING ALLMULTI MULTICAST  MTU:1500  Metric:1
          RX packets:3404 errors:0 dropped:0 overruns:0 frame:0
          TX packets:3515 errors:0 dropped:5 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:299063 (292.0 KiB)  TX bytes:2248441 (2.1 MiB)

wl1.1     Link encap:Ethernet  HWaddr 34:97:F6:6F:76:55
          inet addr:192.168.2.1  Bcast:192.168.2.255  Mask:255.255.255.0
          UP BROADCAST RUNNING ALLMULTI MULTICAST  MTU:1500  Metric:1
          RX packets:137 errors:0 dropped:0 overruns:0 frame:0
          TX packets:1596 errors:0 dropped:5 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:10506 (10.2 KiB)  TX bytes:131422 (128.3 KiB)

wl2.1     Link encap:Ethernet  HWaddr 34:97:F6:6F:76:59
          inet addr:192.168.2.1  Bcast:192.168.2.255  Mask:255.255.255.0
          UP BROADCAST RUNNING ALLMULTI MULTICAST  MTU:1500  Metric:1
          RX packets:35 errors:0 dropped:0 overruns:0 frame:0
          TX packets:1562 errors:0 dropped:5 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:2936 (2.8 KiB)  TX bytes:128700 (125.6 KiB)

Any further recommendations?
 
Here's a script that I adopted and adapted for many purposes.

/jffs/scripts/enable_dhcp_for_guests.sh
Code:
#!/bin/sh
CAT="cat"
## /jffs/scripts/enable_dhcp_for_guests.sh: enable local DHCP/DNS for guest WiFi interfaces.

## List of all possible guest interfaces:
GUESTS="wl0.1 wl0.2 wl0.3 wl1.1 wl1.2 wl1.3"

get_ip () {
    /sbin/ifconfig $1 | /bin/sed -ne's/.*inet addr:\([^ ]*\).*$/\1/p'
}
LAN=$(get_ip br0)    ## LAN ipaddr

TMPCONF=/tmp/dnsmasq.conf.add
[ -e $TMPCONF ] && rm -f $TMPCONF

## Firewall rules for guest interfaces:
firewall () {
    /usr/sbin/ebtables -t broute $1 BROUTING -p ipv4 -i $2 -j DROP
    /usr/sbin/ebtables -t broute $1 BROUTING -p ipv6 -i $2 -j DROP
    /usr/sbin/ebtables -t broute $1 BROUTING -p arp  -i $2 -j DROP
    /usr/sbin/iptables $1 FORWARD -i $2 -j ACCEPT
    /usr/sbin/iptables $1 INPUT   -i $2 -j ACCEPT
    /usr/sbin/iptables $1 FORWARD -i $2 -d $LAN/24 -j DROP
    /usr/sbin/iptables $1 INPUT   -i $2 -d $LAN/24 -j DROP
}

## Set up each guest interface in turn, skipping those that don't exist:
for IFACE in $GUESTS ; do
    ifconfig $IFACE >/dev/null 2>&1 || continue
    logger -s -- "$0: Configuring $IFACE"
    ## Determine IP address range for this guest interface:
    IPADDR="192.168.$(echo $IFACE | sed -e 's/wl\(.\)[.]\(.\)/\2\1/')"

    ## Assign the .1 address to the interface:
    /sbin/ifconfig $IFACE $IPADDR.1 netmask 255.255.255.0

    ## Update guest firewall rules for this interface:
    firewall -D $IFACE 2>/dev/null    ## First pass:  delete existing rules (if present).
    firewall -I $IFACE        ## Second pass: add new rules

    ## Remove Merlin's default guest firewall rules:
    /usr/sbin/ebtables -D FORWARD -i $IFACE -j DROP 2>/dev/null
    /usr/sbin/ebtables -D FORWARD -o $IFACE -j DROP 2>/dev/null

    ## Add dnsmasq entries for this interface:
    $CAT <<-EOF >>$TMPCONF
    interface=$IFACE
    dhcp-range=$IFACE,$IPADDR.2,$IPADDR.254,255.255.255.0,8h
    dhcp-option=$IFACE,3,$IPADDR.1
    dhcp-option=$IFACE,6,8.8.8.8,8.8.4.4
    EOF
done

## Replace existing config and restart dnsmasq, but only if something changed:
DNSCONF=/jffs/configs/dnsmasq.conf.add
new=$($CAT $TMPCONF)
old=$($CAT $DNSCONF)
if [ "$new" != "$old" ]; then
    ## Replace any existing postconf for dnsmasq:
    $CAT $TMPCONF > $DNSCONF
    /sbin/service restart_dnsmasq
fi
rm -f $TMPCONF

exit 0


SOURCE: https://www.snbforums.com/threads/guest-networks-and-dhcp.14141/page-2#post-286748

SOURCE: http://rtr.ca/merlin/enable_dhcp_for_guests.sh
 

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top