What's new

Guest Network - No internet access

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

creatine

Regular Contributor
I just enabled the Guest Network on my AC3100 running Merlin 384.13. Clients connected to the guest network cannot access the internet. The clients get an IP address, GW and DNS from the router but cannot ping internet IPs or the GW. If I enable "access intranet" in the guest network setttings, then everthing works which defeats the purpose of trying to prevent access to my LAN.

EDIT: I do have DNS-based Filtering set to Router (using D0T). If I turn it off the guest network seems to work correctly. I suspect the guest network blocks access to 192.168.1.1 UDP 53 which is my router\DNS.

Any suggestions ?
 
Last edited:
I never figured out what was causing the issue with the "default" guest wifi. I assume it was firewall rule related. With YazFi, I just went through the setup, created a new subnet for Wifi and eveything worked. Yazfi description,

  • Restrict guests to only contact router for ICMP, DHCP, DNS, NTP and NetBIOS
  • Allow guest networks to make use of pixelserv-tls (if installed)
  • Allow guests to use a local DNS server
  • Extend DNS Filter to guest networks
Pretty much sums up my setup
 
For me yazfi script wouldnt cut it, guest network using his script ignore qos and/or bandwith limiter wich wasnt an option for me.
An other work around is to manualy set le dns server of the device to anything, like 9.9.9.9, within the device option, and following this guide https://old.reddit.com/r/pihole/comments/dfm5j4/guide_for_asuswrtmerlin_users_with_screenshots/. The guide is for the pihole but I assume it will work for any other dns that have a local ip.

edit: I've set the wan dns to my local dns and dnsfilter explained above you can set up the lan dns 2 to a non local ip and the router will redirect it to the lan dns 1. seem to be the easiest option.
 
Last edited:
For me yazfi script wouldnt cut it, guest network using his script ignore qos and/or bandwith limiter wich wasnt an option for me.
An other work around is to manualy set le dns server of the device to anything, like 9.9.9.9, within the device option, and following this guide . The guide is for the pihole but I assume it will work for any other dns that have a local ip.

edit: I've set the wan dns to my local dns and dnsfilter explained above you can set up the lan dns 2 to a non local ip and the router will redirect it to the lan dns 1. seem to be the easiest option.
I have the OP’s problem as well. My guest ssid devices have no internet access likely for the reason he explained. I have pi-hole as my dns server hooked up to the router and would like to preserve qos feature like you. My only question is if i follow your link’s steps and additionally configure every device on the guest ssid to use say quad-nine for dns, will all guest traffic in pi-hole show up as one lump from the router address? also how can i verify that guest traffic is not bypassing the pi-hole in this scenario?
 
I have the OP’s problem as well. My guest ssid devices have no internet access likely for the reason he explained. I have pi-hole as my dns server hooked up to the router and would like to preserve qos feature like you. My only question is if i follow your link’s steps and additionally configure every device on the guest ssid to use say quad-nine for dns, will all guest traffic in pi-hole show up as one lump from the router address? also how can i verify that guest traffic is not bypassing the pi-hole in this scenario?
You likely have the router WAN configured to use the Pi-Hole and that is not right.
The Router WAN/DNS Server settings need to have the IP addresses of an upstream resolver, DNS Server, in order for the router to boot up and set its time. The IP assress of your Pi-Hole goes in LAN/DHCP Server/DNS Server 1. I would leave the DNS Server 2 in this area blank so your clients can resolve sites via the router if the Pi-Hole goes down. As for clients on the guest network let them use the router to resolve sites and yes they will likely not go to the Pi-Hole.

If you want your entire network to use an add blocker use Diversion on the router and put the RPI to better use.
 
You likely have the router WAN configured to use the Pi-Hole and that is not right.
The Router WAN/DNS Server settings need to have the IP addresses of an upstream resolver, DNS Server, in order for the router to boot up and set its time. The IP assress of your Pi-Hole goes in LAN/DHCP Server/DNS Server 1. I would leave the DNS Server 2 in this area blank so your clients can resolve sites via the router if the Pi-Hole goes down. As for clients on the guest network let them use the router to resolve sites and yes they will likely not go to the Pi-Hole.

If you want your entire network to use an add blocker use Diversion on the router and put the RPI to better use.
I had followed the steps in the reddit link to a T. Only the LAN menu's DNS1 entry has the pi-hole IP in it. The WAN has quad-nine. I might still use diversion within the router sometime (i only just migrated from stock asuswrt to merlin) but for the near term will stick with the pi-hole.

For me the guest network devices must use the pi-hole, so for the short-term (i do want to guest devices qos-ed some day) i just ended up installing yazfi like OP in combination with @jsrfuture pi-hole/router setup which actually allows guest devices to use the pi-hole's internal IP for dns. I did discover another downside in addition to no qos (for guest devices) which is I no longer have visibility into the yazfi connected devices (opened another thread make inquiry into that).
 

Similar threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top