Menu
What's new
By:
Filters Better Search

How to use a different subnet for WiFi guest network?

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Anyone able to help? I guess I need to assign the guest network to a vlan, but I have no idea how to do that!
 
Jack Yaz said:
Anyone able to help? I guess I need to assign the guest network to a vlan, but I have no idea how to do that!
Click to expand...

A bit of scripting...although mine ended up nearly 300 lines! :eek:

EDIT: Missed the Wiki reference but the steps are the same! - but the firewall rules are a bit to general for my liking, so I restrict the Guest to only DNS,DHCP and Internet only.

e.g. 3 main steps
Code: 
ifconfig $WIFI_IF $WIFI_IP netmask $WIFI_MASK up  # Configure the WiFi interface (retrieved from dnsmasq).config

WIFI_FW                                           # Set Firewall and 'ebtables' rules (Always delete/insert)

# Cosmetic  Console/Syslog message to prove the Guest subnet configuration request was successful..
PRE_SSID=
if [ ! -z "$SSID_NAME" ];then                     # Optional Change of SSID requested ?
       SSID=$SSID_NAME
       nvram set ${WIFI_IF}_ssid="$SSID_NAME"     # Assign new SSID - it isn't broadcast until 'service restart_wireless' :-(
       PRE_SSID="New"
fi
 
Say "Guest WiFi" $WIFI_DESC $PRE_SSID "SSID:" $SSID "("$WIFI_IF")" $WIFI_SUBNET_PREFIX.0/24 " subnet created, using DNS" $DNS_TO_USE

Code: 
#=========================================================================================================== v01.01
#
# Configure Guest WiFi with new DHCP subnet and DNS using '/etc/dnsmasq.conf'
#
#
# Usage:    GuestSubnet  [ [wifi_interface | ssid ] | ['del'] ['autodnsmasq'] [ 'ssid='name] | ['help'|'-h']
#
#           GuestSubnet
#                        Guest WiFI interface wl0.1 will have the new DHCP subnet and DNS applied (default)
#           GuestSubnet  del
#                        Guest WiFI interface wl0.1 will be reset to default.
#           GuestSubnet  wl0.2 autodnsmasq
#                        Guest WiFi interface wl0.2 will have new DHCP and DNS directives inserted into /jffs/configs/dnsmasq.conf.add
#                        NOTE: dnsmasq will be bounced.
#           GuestSubnet  Guest242
#                        Guest WiFI SSID 'Guest242' (possibly wl0.2?) will have the new DHCP subnet and DNS applied
#
# /jffs/configs/dnsmasq.conf.add:
#
# e.g.
#
# 2.4GHz Guest #1 uses DHCP pool 10.88.241.2 - 10.88.241.20 and OpenDNS/Google DNS
#        interface=wl0.1
#        dhcp-range=wl0.1,10.88.241.2,10.88.241.20,255.255.255.0,21600s
#        dhcp-option=wl0.1,3,10.88.241.1
#        dhcp-option=wl0.1,6,208.67.220.220,8.8.8.8
#
# and will be included in /'etc/dnsmasq.conf' by command 'service restart_dnsmasq' and @boot time etc.
 
Last edited:
Martineau said:
A bit of scripting...although mine ended up nearly 300 lines! :eek:

e.g. 3 main steps
Code: 
ifconfig $WIFI_IF $WIFI_IP netmask $WIFI_MASK up  # Configure the WiFi interface (retrieved from dnsmasq).config

WIFI_FW                                           # Set Firewall and 'ebtables' rules (Always delete/insert)

# Cosmetic  Console/Syslog message to prove the Guest subnet configuration request was successful..
PRE_SSID=
if [ ! -z "$SSID_NAME" ];then                     # Optional Change of SSID requested ?
       SSID=$SSID_NAME
       nvram set ${WIFI_IF}_ssid="$SSID_NAME"     # Assign new SSID - it isn't broadcast until 'service restart_wireless' :-(
       PRE_SSID="New"
fi
 
Say "Guest WiFi" $WIFI_DESC $PRE_SSID "SSID:" $SSID "("$WIFI_IF")" $WIFI_SUBNET_PREFIX.0/24 " subnet created, using DNS" $DNS_TO_USE

Code: 
#=========================================================================================================== v01.01
#
# Configure Guest WiFi with new DHCP subnet and DNS using '/etc/dnsmasq.conf'
#
#
# Usage:    GuestSubnet  [ [wifi_interface | ssid ] | ['del'] ['autodnsmasq'] [ 'ssid='name] | ['help'|'-h']
#
#           GuestSubnet
#                        Guest WiFI interface wl0.1 will have the new DHCP subnet and DNS applied (default)
#           GuestSubnet  del
#                        Guest WiFI interface wl0.1 will be reset to default.
#           GuestSubnet  wl0.2 autodnsmasq
#                        Guest WiFi interface wl0.2 will have new DHCP and DNS directives inserted into /jffs/configs/dnsmasq.conf.add
#                        NOTE: dnsmasq will be bounced.
#           GuestSubnet  Guest242
#                        Guest WiFI SSID 'Guest242' (possibly wl0.2?) will have the new DHCP subnet and DNS applied
#
# /jffs/configs/dnsmasq.conf.add:
#
# e.g.
#
# 2.4GHz Guest #1 uses DHCP pool 10.88.241.2 - 10.88.241.20 and OpenDNS/Google DNS
#        interface=wl0.1
#        dhcp-range=wl0.1,10.88.241.2,10.88.241.20,255.255.255.0,21600s
#        dhcp-option=wl0.1,3,10.88.241.1
#        dhcp-option=wl0.1,6,208.67.220.220,8.8.8.8
#
# and will be included in /'etc/dnsmasq.conf' by command 'service restart_dnsmasq' and @boot time etc.
Click to expand...
That looks along the lines of what I want! Can you possibly provide me with your script? Unless I'm missing something but it's not showing me 300 lines :eek:
 
Jack Yaz said:
That looks along the lines of what I want! Can you possibly provide me with your script? Unless I'm missing something but it's not showing me 300 lines :eek:
Click to expand...

Well as I'd forgotten about the simple Wiki entry....it didn't seem necessary so I only posted my script's header/help.
 
Sorry, long day in the office, not sure I'm following :( WIki entry as in the one I linked in my first post?

Yours just looked a lot more robust was all, I've started using your malicious IP blocking and it works a treat, so I'm a fan of your scripting!
 
Jack Yaz said:
Sorry, long day in the office, not sure I'm following :( WIki entry as in the one I linked in my first post?
Click to expand...

Yes

Jack Yaz said:
Yours just looked a lot more robust was all, I've started using your malicious IP blocking and it works a treat
Click to expand...

Guess you were the lucky one! - but many thanks for the feedback. :)

So despite sharing perceived 'foolproof' scripts for years with family/colleagues, having been recently embarrassed by my so called 'robust' code within hours of them being been released for public consumption makes me hesitant to go through the difficult implementation/support ordeal for a while.
 
I saw people had issues on the thread, but it looked like something they'd done - or did I miss something? You can always PM me the code and I won't cause a fuss if I run into problems? XD
 
Martineau said:
Yes



Guess you were the lucky one! - but many thanks for the feedback. :)

So despite sharing perceived 'foolproof' scripts for years with family/colleagues, having been recently embarrassed by my so called 'robust' code within hours of them being been released for public consumption makes me hesitant to go through the difficult implementation/support ordeal for a while.
Click to expand...
Picking up on this again, what do the below rules do? What rules would I need to block LAN access?

Code: 
iptables -D INPUT -i wl0.2 -j ACCEPT
iptables -I INPUT -i wl0.2 -j ACCEPT
ebtables -t broute -D BROUTING -i wl0.2 -p ipv4 -j DROP
ebtables -t broute -I BROUTING -i wl0.2 -p ipv4 -j DROP
 
@Martineau can you tell me where I'm goign wrong, it connects to the network but has no internet :/ Could it be down to dnscrypt redirecting all DNS requests?

Code: 
CONFIG=$1
source /usr/sbin/helper.sh
logger "dnsmasq-dhcp: Configure wl0.1 to have special DHCP"
ifconfig wl0.1 10.14.15.0 netmask 255.255.255.0 up
iptables -D INPUT -i wl0.1 -j ACCEPT
iptables -I INPUT -i wl0.1 -j ACCEPT

ebtables -t broute -D BROUTING -i wl0.1 -p ipv4 -j DROP
ebtables -t broute -I BROUTING -i wl0.1 -p ipv4 -j DROP
pc_append "

interface=wl0.1
dhcp-range=wl0.1,10.14.15.2,10.14.15.10,255.255.255.0,86400s
dhcp-option=wl0.1,3,10.14.15.1
dhcp-option=wl0.1,6,8.8.8.8,8.8.4.4
" /tmp/etc/dnsmasq.conf
 
Jack Yaz said:
@Martineau can you tell me where I'm goign wrong, it connects to the network but has no internet :/ Could it be down to dnscrypt redirecting all DNS requests?

Code: 
CONFIG=$1
source /usr/sbin/helper.sh
logger "dnsmasq-dhcp: Configure wl0.1 to have special DHCP"
ifconfig wl0.1 10.14.15.0 netmask 255.255.255.0 up
iptables -D INPUT -i wl0.1 -j ACCEPT
iptables -I INPUT -i wl0.1 -j ACCEPT

ebtables -t broute -D BROUTING -i wl0.1 -p ipv4 -j DROP
ebtables -t broute -I BROUTING -i wl0.1 -p ipv4 -j DROP
pc_append "

interface=wl0.1
dhcp-range=wl0.1,10.14.15.2,10.14.15.10,255.255.255.0,86400s
dhcp-option=wl0.1,3,10.14.15.1
dhcp-option=wl0.1,6,8.8.8.8,8.8.4.4
" /tmp/etc/dnsmasq.conf
Click to expand...

Sorry never used dnscrypt

Q. Is dnsmasq running?...check Syslog for dnsmasq errors and/or check '/etc/dnsmasq,conf'
 
Last edited:
dnsmasq definitely running, clients can connect they just have no internet access, so I suspect it's firewall related. WHat command(s) do I need to run to find any offending rules?
 
Turned off dnscrypt and same result (removed dnscrypt and ensured nslookups worked). Client gets the new DHCP options (though not the start of the pool .2, it gets .3 ?) but has no access to internet.
 
Anyone able to help? I'm not sure what I've done wrong, followed the wiki, get the right subnet, but no access to internet.
 
Apologies, neglected to do this - work's had me all over the place, plus I'm relocating for a new role.

I'll endeavour to get the scripts published tonight.
 
Jack Yaz said:
Apologies, neglected to do this - work's had me all over the place, plus I'm relocating for a new role.

I'll endeavour to get the scripts published tonight.
Click to expand...
Very much appreciated; there is no rush though, when ever is convenient for you!

Sent from my ONEPLUS A3000 using Tapatalk
 
You must log in or register to reply here.

Similar threads

S
Philips Hue - LAN Port to be part of YazFi Wireless Guest Network Subnet
Replies
8
Views
829
RandomUser777
R
G
RT-AC86U VLAN-like modifications to guest network
Replies
19
Views
2K
pjd50
P
M
Finding my Correct Network/Subnet Mask
Replies
10
Views
661
mykdrocks
M
J
Access to device on a different subnet, but same switch
Replies
4
Views
486
ColinTaylor
C
P
Custom DNS for Guest Network Possible?
Replies
15
Views
1K
Rhialto
R
Similar threads
Thread starter Title Forum Replies Date
A Found a way to make AImesh nodes to have different channels! Asuswrt-Merlin 21
SevenFactors Different Date/Time GUI vs SSH Asuswrt-Merlin 2
B Suddenly not able to access 2 routers in two different locations remotely Asuswrt-Merlin 3
D WAN DNS Setting: Using different DoT servers Asuswrt-Merlin 19
ZakM Router and client show different IP addresses for client Asuswrt-Merlin 3
P Can I set up different wireless settings on AI Nodes in a mesh setup? Asuswrt-Merlin 25
M Finding my Correct Network/Subnet Mask Asuswrt-Merlin 10
T Solved Guest Wifi (index2) on same primary subnet - What & Why? Asuswrt-Merlin 11
#TY Tailscale subnet router help requested Asuswrt-Merlin 7
H Forwarding From Old Subset To New Subnet After Switching Subnet? Asuswrt-Merlin 6

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Staff online

Members online

Total: 955 (members: 28, guests: 927)
Top