This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision | ||
router_setup_instructions [2008/04/25 19:56] 127.0.0.1 external edit |
router_setup_instructions [2013/09/28 16:06] (current) |
||
---|---|---|---|
Line 1: | Line 1: | ||
- | ====== Linksys WRT54G setup with WiFi Dog instructions ====== x | + | ====== Linksys WRT54G setup with WiFi Dog instructions ====== |
- make sure you have the supported version of OpenWRT -- get it here: | - make sure you have the supported version of OpenWRT -- get it here: | ||
Line 22: | Line 22: | ||
ipkg update | ipkg update | ||
ipkg install iptables-extra kmod-iptables-extra libpthread libgcc | ipkg install iptables-extra kmod-iptables-extra libpthread libgcc | ||
- | ipkg install http://wirelesstoronto.ca/dist/wifidog_1.1.3-1_mipsel.ipk | + | ipkg install http://wirelesstoronto.ca/dist/wifidog_1.1.5-1_mipsel_whiterussian.ipk |
vi /etc/wifidog.conf | vi /etc/wifidog.conf | ||
</code> | </code> | ||
Line 222: | Line 222: | ||
</code> | </code> | ||
+ | ===== preventing wifi users from accessing the local LAN ===== | ||
+ | |||
+ | add to the end of /etc/firewall.user: | ||
+ | |||
+ | <code> | ||
+ | ### secure the LAN | ||
+ | iptables -A forwarding_rule -s 192.168.1.0/24 -d 172.18.92.0/24 -j DROP | ||
+ | iptables -A input_rule -s 192.168.1.0/24 -d 172.18.92.0/24 -j DROP | ||
+ | </code> | ||
+ | |||
+ | where 192.168.17.0 is the wired LAN. you won't be able to ping 192.168.17.1, but traffic will still flow through it | ||
+ | |||
+ | ===== separating wifi & wired networks ("breaking the bridge") ===== | ||
+ | |||
+ | You'd want to do this if you want wifi users to authenticate to wifidog, but for computers plugged into the ethernet ports to not have to authenticate. | ||
+ | |||
+ | The original config on the router is probably:<code> | ||
+ | lan_ifname="br0" | ||
+ | lan_proto=static | ||
+ | lan_ipaddr=192.168.1.1 | ||
+ | lan_netmask=255.255.255.0 | ||
+ | wifi_ifname="" | ||
+ | wifi_proto="" | ||
+ | wifi_ipaddr="" | ||
+ | wifi_netmask="" | ||
+ | lan_ifnames="vlan0 eth1 eth2" | ||
+ | </code> | ||
+ | |||
+ | Run these commands:<code> | ||
+ | nvram set lan_ifname=vlan0 | ||
+ | nvram set lan_proto=static | ||
+ | nvram set lan_ipaddr=192.168.2.1 | ||
+ | nvram set lan_netmask=255.255.255.0 | ||
+ | nvram set wifi_ifname=eth1 | ||
+ | nvram set wifi_proto=static | ||
+ | nvram set wifi_ipaddr=192.168.1.1 | ||
+ | nvram set wifi_netmask=255.255.255.0 | ||
+ | nvram set lan_ifnames=vlan0 | ||
+ | nvram commit | ||
+ | </code> | ||
+ | |||
+ | Edit /etc/dnsmasq.conf, adding these lines:<code> | ||
+ | dhcp-range=eth1,192.168.1.100,192.168.1.250,255.255.255.0,12h | ||
+ | dhcp-range=vlan0,192.168.2.100,192.168.2.250,255.255.255.0,12h | ||
+ | </code> | ||
+ | |||
+ | Edit /etc/wifidog.conf, and change "GatewayInterface" to eth1 | ||
+ | |||
+ | Reboot | ||
+ | |||
+ | (Done!) |