Menu
What's new
By:
Filters Better Search

Limit the guest-network (ports and speed)

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Z

ZoRaC

New Around Here
Hi!

I would like to limit the guestnetwork a bit and was hoping to get some input on how. :)

I want to limit what ports the clients on the guestnetwork may access (TCP 80/443/25/110/143 and UDP 53) - all others should be blocked.
I guess this could be accomplished by iptables, but I'm quite new at iptables and not quite sure how to do it...

Also, is it possible to limit the bandwith for the guestnetwork (either pr client or the network in total)?

Btw, running the newest Merlin on my 68U
 
Nearly there!

I'm almost there now, after doing a lot of googleing and trying out different methods! :)

/jffs/scripts/firewall-start:
Code: 
#!/bin/sh
/sbin/ifconfig wl0.1 192.168.200.1/24

# Rules for wl0.1
/usr/sbin/ebtables -t broute -I BROUTING -p ipv4 -i wl0.1 -j DROP
/usr/sbin/ebtables -t broute -I BROUTING -p arp -i wl0.1 -j DROP
/usr/sbin/iptables -I INPUT -i wl0.1 -j DROP
/usr/sbin/iptables -I INPUT -i wl0.1 -p udp --dport 53 -j ACCEPT
/usr/sbin/iptables -I INPUT -i wl0.1 -p tcp --dport 53 -j ACCEPT
/usr/sbin/iptables -I INPUT -i wl0.1 -p udp --dport 67:68 -j ACCEPT
/usr/sbin/iptables -I FORWARD -i wl0.1 -j DROP
/usr/sbin/iptables -I FORWARD -i wl0.1 -p tcp -m multiport --dports http,https,imap,smtp,pop3,sftp,ftp,imaps -j ACCEPT
/usr/sbin/iptables -I FORWARD -i wl0.1 -d 192.168.100.1/24 -j DROP

# Limit downloadspeed
tc qdisc add dev wl0.1 root handle 1: htb default 10
tc class add dev wl0.1 parent 1: classid 1:1 htb rate 100mbit ceil 100mbit
tc class add dev wl0.1 parent 1:1 classid 1:10 htb rate 10mbit ceil 10mbit
tc filter add dev wl0.1 protocol ip parent 1:0 prio 1 u32 match ip dst 0.0.0.0 flowid 1:10

/jffs/configs/dnsmasq.conf.add:
Code: 
interface=wl0.1
dhcp-range=wl0.1,192.168.200.100,192.168.200.254,255.255.255.0,86400s
dhcp-option=wl0.1,3,192.168.200.1

The only thing missing is limiting the UPLOAD-SPEED - I've tried different things, but can't figure it out. Also, the "tc" for eth0 already contains other stuff, so I'm afraid of messing to much around with it.

Any ideas on how to limit the upload-speed?
 
Last edited:
I'm interested in this topic.
Which bandwidth are you giving to the guest network with those commands?
 
You must log in or register to reply here.

Similar threads

_BLACK_BuLLeT_
How to limit the speed of a specific site on ASUS TUF-AX5400?
Replies
0
Views
451
_BLACK_BuLLeT_
_BLACK_BuLLeT_
A
FYI: AImesh Guest Network Slot 1 causes the inability to ping random clients
Replies
6
Views
955
lmgray
L
GShlomi
Sharing my DualWan with port forwarding and DDNS experience
Replies
0
Views
133
GShlomi
GShlomi
NoBenefit
Does my iptables looks normal?
Replies
1
Views
625
ColinTaylor
C
R
One router, two segments desired.
Replies
4
Views
380
Rombo
R
Similar threads
Thread starter Title Forum Replies Date
R Guest network MAC address white listing limit Asuswrt-Merlin 5
M speed limit on windows only Asuswrt-Merlin 4
B MTU 1500 limit Asuswrt-Merlin 6
F NordVPN with Asus 88XU Pro UDP connection bandwidth limit when using Geforce now Asuswrt-Merlin 0
Z OpenVPN Server limit bandwith/speed Asuswrt-Merlin 1
_BLACK_BuLLeT_ How to limit the speed of a specific site on ASUS TUF-AX5400? Asuswrt-Merlin 0
B Is it Possible to limit OpenVPN connect time? Asuswrt-Merlin 33
Seria17hri11er Client Speed Test Upload over QoS Bandwidth Limit Asuswrt-Merlin 13
S Network printer no longer available after activating Guest networks Asuswrt-Merlin 18
R Wireless MAC (Band filter filtering out Guest network) Asuswrt-Merlin 2

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Total: 701 (members: 18, guests: 683)
Top