![]() put LAN4 to VLAN3, then put VLAN3 to br1.įinally I used QoS to limit bandwidth on 192.168.3. I also have a guest AP physically connected to LAN4, so for that I used VLAN. Iptables -I INPUT -p udp -destination-port 51413 -j ACCEPT Iptables -I INPUT -p tcp -destination-port 51413 -j ACCEPT # Enable Internet and NAT for guest LAN, if sourced from guest LAN Iptables -I FORWARD 2 -i br1 -o br0 -j DROP Iptables -I FORWARD 2 -i br0 -o br1 -j DROP You can set up the network to require users to enter a password (which you must provide them) before they can access, or you can set up the guest network so it. # Block traffic from being forwarded between private LAN and guest LAN This is an alternate method of setting up Wi-Fi subnets of a 3 steps guide to protect home network using subnets. This guide will show you how to use custom firmware DD-WRT on Asus RT-AC3200 as a wireless access point (WAP) to setup multiple Wi-Fi VLANs. # Allow any traffic from guest LAN not satisfying first 2 rules to be forwarded IMPORTANT: installing custom firmware always pose risk of bricking your device.Do it at your own risk. Iptables -I INPUT 2 -i br1 -p udp -dport 67 -j ACCEPT Iptables -I INPUT 2 -i br1 -p udp -dport 53 -j ACCEPT Iptables -I INPUT 2 -i br1 -p tcp -dport 53 -j ACCEPT Iptables -I INPUT 2 -i br1 -m state -state NEW -j DROP What I use, and I think the best method is to create a VAP (uncheck AP isolation), create a different subnet (br1, 192.168.3.1) enable DHCP for br1, put wl0.1 to br1, apply firewall rules: It'll not create different subnets for that, this method being used on original fws too. In my opinion checking AP isolation is just define some firewall rules to wl0.1 and your private LAN interfaces. When you create a VAP, it'll create a separate interface, for ex.
0 Comments
Leave a Reply. |