Wi-Fi How To
From Navas Wireless Wiki
(→Two wireless networks on one router: edit) |
(→Two wireless networks on one router: edit) |
||
Line 60: | Line 60: | ||
The following procedure is for ''two separate wireless networks'' using [http://www.dd-wrt.com DD-WRT] (on [http://www.dd-wrt.com/dd-wrtv3/dd-wrt/hardware.html supported devices]) with the web browser interface (as of v24 preSP2 Beta build 12533). | The following procedure is for ''two separate wireless networks'' using [http://www.dd-wrt.com DD-WRT] (on [http://www.dd-wrt.com/dd-wrtv3/dd-wrt/hardware.html supported devices]) with the web browser interface (as of v24 preSP2 Beta build 12533). | ||
For ''more than two'' separate wireless networks, consult the reference above. | For ''more than two'' separate wireless networks, consult the reference above. | ||
- | # '''''Wireless → Basic Settings''''' | + | # '''Configure two wireless networks: ''Wireless → Basic Settings''''' |
#* ''Wireless Physical Interface '''wl0''''' | #* ''Wireless Physical Interface '''wl0''''' | ||
#** This will be the ''private'' wireless network | #** This will be the ''private'' wireless network | ||
Line 72: | Line 72: | ||
#** For ''Subnet Mask'', enter:<br>'''255.255.255.0''' | #** For ''Subnet Mask'', enter:<br>'''255.255.255.0''' | ||
#* Click ''Save'' (and do '''not''' click ''Apply Settings'') | #* Click ''Save'' (and do '''not''' click ''Apply Settings'') | ||
- | # '''''Wireless → Wireless Security''''' | + | # '''Configure wireless network security: ''Wireless → Wireless Security''''' |
#* Enter desired security for each wireless network | #* Enter desired security for each wireless network | ||
#* '''WPA2 Personal with a strong passphrase is recommended.''' (WEP and WPA-TKIP are '''not''' secure!) | #* '''WPA2 Personal with a strong passphrase is recommended.''' (WEP and WPA-TKIP are '''not''' secure!) | ||
#* ''Note'': DD-WRT v24 preSP2 Beta build 12533 will ''not'' properly authenticate WPA Personal or WPA2 Personal after a reboot ([http://www.dd-wrt.com/dd-wrtv2/bugtracker/view.php?id=3729 bug 003729]), only WEP. | #* ''Note'': DD-WRT v24 preSP2 Beta build 12533 will ''not'' properly authenticate WPA Personal or WPA2 Personal after a reboot ([http://www.dd-wrt.com/dd-wrtv2/bugtracker/view.php?id=3729 bug 003729]), only WEP. | ||
#* Click ''Save'' (and do '''not''' click ''Apply Settings'') | #* Click ''Save'' (and do '''not''' click ''Apply Settings'') | ||
- | # '''''Services → Services → DNSMasq''''' | + | # '''Configure DHCP for public/guest wireless: ''Services → Services → DNSMasq''''' |
#* In ''Additional DNSMasq Options'' enter:<code><br> interface=wl0.1<br> dhcp-option=wl0.1,3,192.168.2.1<br> dhcp-option=wl0.1,6,192.168.1.1<br> dhcp-range=wl0.1,192.168.2.100,192.168.2.249,255.255.255.0,1440m</code> | #* In ''Additional DNSMasq Options'' enter:<code><br> interface=wl0.1<br> dhcp-option=wl0.1,3,192.168.2.1<br> dhcp-option=wl0.1,6,192.168.1.1<br> dhcp-range=wl0.1,192.168.2.100,192.168.2.249,255.255.255.0,1440m</code> | ||
#* Click ''Save'' (and do '''not''' click ''Apply Settings'') | #* Click ''Save'' (and do '''not''' click ''Apply Settings'') | ||
- | # '''''Administration → Commands → Command Shell''''' | + | # '''Configure firewall to isolate public/guest from private: ''Administration → Commands → Command Shell''''' |
:* Enter the ''Commands'':<code><br> iptables -I INPUT -i wl0.1 -m state --state NEW -j logaccept<br> iptables -I FORWARD -i wl0.1 -o br0 -j logdrop<br> iptables -I FORWARD -i br0 -o wl0.1 -j logdrop</code> | :* Enter the ''Commands'':<code><br> iptables -I INPUT -i wl0.1 -m state --state NEW -j logaccept<br> iptables -I FORWARD -i wl0.1 -o br0 -j logdrop<br> iptables -I FORWARD -i br0 -o wl0.1 -j logdrop</code> | ||
:* Click ''Save Firewall'' | :* Click ''Save Firewall'' | ||
- | :* Click the ''Management'' tab | + | :* Click the '''''Management''''' tab |
:* Click ''Apply Settings'' (down at the bottom) | :* Click ''Apply Settings'' (down at the bottom) | ||