How to isolate open guest AP from uplinked private AP with dd-wrt

2

1

I have two routers, setup like so:

            [MODEM]
               |
             [WAN]                 <<<
+-----------------------------+  <<<<
| WRT54GL with stock firmware | <<<< private AP
|         192.168.1.1         | <<<< with WPA
+-----------------------------+  <<<<
             [LAN]                 <<<
               |
               |
               |
             [WAN]                 <<<
+-----------------------------+  <<<<
| WRT54G with dd-wrt v24 mini | <<<< public/guest AP
|         192.168.2.1         | <<<< open access, QoS throttling
+-----------------------------+  <<<<
                                   <<<

How do I prevent internal network communication from the guest AP to the private network? I want to provide guests only Internet access and block internal network access to my private computers and devices.

Are there some iptables commands I can add to the firewall on the guest router to achieve this?

autobottodoggo

Posted 2014-04-05T18:17:56.273

Reputation: 379

Answers

1

I think I've found my answer here and I've added this to Administration > Commands and [Save Firewall]:

iptables -I FORWARD -s 192.168.1.0/255.255.255.0 -j DROP

That seems to have blocked access from both ends (guest cannot access private, private cannot access guest), which is just fine.

autobottodoggo

Posted 2014-04-05T18:17:56.273

Reputation: 379

Asked: 2014-04-05T18:17:56.273

Viewed: 360 times

Active: 2014-04-06T14:38:36.737