Differences

This shows you the differences between two versions of the page.

--- router_setup_instructions [2008/08/01 13:13]
66.207.222.14
+++ router_setup_instructions [2013/09/28 16:06] (current)
@@ Line 1: / Line 1: @@
-====== Linksys WRT54G setup with WiFi Dog instructions ====== x
+====== Linksys WRT54G setup with WiFi Dog instructions ======
   - make sure you have the supported version of OpenWRT -- get it here:
@@ Line 222: / Line 222: @@
 </code>
+===== preventing wifi users from accessing the local LAN =====
+add to the end of /etc/firewall.user:
+<code>
+### secure the LAN
+iptables -A forwarding_rule -s 192.168.1.0/24 -d 172.18.92.0/24 -j DROP
+iptables -A input_rule -s 192.168.1.0/24 -d 172.18.92.0/24 -j DROP
+</code>
+where 192.168.17.0 is the wired LAN.  you won't be able to ping 192.168.17.1, but traffic will still flow through it
+===== separating wifi & wired networks ("breaking the bridge") =====
+You'd want to do this if you want wifi users to authenticate to wifidog, but for computers plugged into the ethernet ports to not have to authenticate.
+The original config on the router is probably:<code>
+lan_ifname="br0"
+lan_proto=static
+lan_ipaddr=192.168.1.1
+lan_netmask=255.255.255.0
+wifi_ifname=""
+wifi_proto=""
+wifi_ipaddr=""
+wifi_netmask=""
+lan_ifnames="vlan0 eth1 eth2"
+</code>
+Run these commands:<code>
+nvram set lan_ifname=vlan0
+nvram set lan_proto=static
+nvram set lan_ipaddr=192.168.2.1
+nvram set lan_netmask=255.255.255.0
+nvram set wifi_ifname=eth1
+nvram set wifi_proto=static
+nvram set wifi_ipaddr=192.168.1.1
+nvram set wifi_netmask=255.255.255.0
+nvram set lan_ifnames=vlan0
+nvram commit
+</code>
+Edit /etc/dnsmasq.conf, adding these lines:<code>
+dhcp-range=eth1,192.168.1.100,192.168.1.250,255.255.255.0,12h
+dhcp-range=vlan0,192.168.2.100,192.168.2.250,255.255.255.0,12h
+</code>
+Edit /etc/wifidog.conf, and change "GatewayInterface" to eth1
+Reboot
+(Done!)

Wireless Toronto

User Tools

Site Tools

Differences

Page Tools