Wi-Fi How To
From Navas Wireless Wiki
(→Two wireless networks on one router: edit) |
(→Two wireless networks on one router: edit and add content) |
||
Line 60: | Line 60: | ||
The following procedure is for ''two separate wireless networks'' using [http://www.dd-wrt.com DD-WRT] (on [http://www.dd-wrt.com/dd-wrtv3/dd-wrt/hardware.html supported devices]) web interface (as of v24 preSP2 Beta build 12533). | The following procedure is for ''two separate wireless networks'' using [http://www.dd-wrt.com DD-WRT] (on [http://www.dd-wrt.com/dd-wrtv3/dd-wrt/hardware.html supported devices]) web interface (as of v24 preSP2 Beta build 12533). | ||
For ''more than two'' separate wireless networks, consult the reference above. | For ''more than two'' separate wireless networks, consult the reference above. | ||
- | # '''''Wireless → Basic Settings''''' | + | # '''''Wireless → Basic Settings''''' (configure the two wireless networks) |
#* ''Wireless Physical Interface '''wl0''''' | #* ''Wireless Physical Interface '''wl0''''' | ||
#** This will be the ''private'' wireless network | #** This will be the ''private'' wireless network | ||
Line 67: | Line 67: | ||
#** Click ''Add'' to create the ''public'' (guest) wireless network, which will be<br>''Virtual Interfaces '''wl0.1''''' | #** Click ''Add'' to create the ''public'' (guest) wireless network, which will be<br>''Virtual Interfaces '''wl0.1''''' | ||
#** Enter a '''unique''' ''Wireless Network Name (SSID)'' (e.g., ''John's Guest Wireless'') | #** Enter a '''unique''' ''Wireless Network Name (SSID)'' (e.g., ''John's Guest Wireless'') | ||
- | #** Click ''Enable'' for ''AP Isolation'' | + | #** Click ''Enable'' for ''AP Isolation'' (to isolate public/guest wireless clients from each other) |
#** Click ''Unbridged'' for ''Network Configuration'' | #** Click ''Unbridged'' for ''Network Configuration'' | ||
#** For ''IP Address'', enter a '''different [[wikipedia:Subnetwork|subnet]]''' from the private network (which is 192.168.<u>1</u>.1 by default):<br>192.168.<u>2</u>.1 | #** For ''IP Address'', enter a '''different [[wikipedia:Subnetwork|subnet]]''' from the private network (which is 192.168.<u>1</u>.1 by default):<br>192.168.<u>2</u>.1 | ||
#** For ''Subnet Mask'', enter:<br>'''255.255.255.0''' | #** For ''Subnet Mask'', enter:<br>'''255.255.255.0''' | ||
#* Click ''Save'' (and do '''not''' click ''Apply Settings'') | #* Click ''Save'' (and do '''not''' click ''Apply Settings'') | ||
- | # '''''Wireless → Wireless Security''''' | + | # '''''Wireless → Wireless Security''''' (configure security for the two wireless networks) |
#* Enter desired security for each wireless network | #* Enter desired security for each wireless network | ||
#* '''WPA2 Personal with a strong passphrase is recommended.''' (WEP and WPA-TKIP are '''not''' secure!) | #* '''WPA2 Personal with a strong passphrase is recommended.''' (WEP and WPA-TKIP are '''not''' secure!) | ||
#* ''Note'': DD-WRT v24 preSP2 Beta build 12533 will ''not'' properly authenticate WPA Personal or WPA2 Personal after a reboot ([http://www.dd-wrt.com/dd-wrtv2/bugtracker/view.php?id=3729 bug 003729]), only WEP. | #* ''Note'': DD-WRT v24 preSP2 Beta build 12533 will ''not'' properly authenticate WPA Personal or WPA2 Personal after a reboot ([http://www.dd-wrt.com/dd-wrtv2/bugtracker/view.php?id=3729 bug 003729]), only WEP. | ||
#* Click ''Save'' (and do '''not''' click ''Apply Settings'') | #* Click ''Save'' (and do '''not''' click ''Apply Settings'') | ||
- | # '''''Services → Services → DNSMasq''''' | + | # '''''Services → Services → DNSMasq''''' (configure DHCP for public/guest wireless) |
#* In ''Additional DNSMasq Options'' enter:<code><br> interface=wl0.1<br> dhcp-option=wl0.1,3,192.168.2.1<br> dhcp-option=wl0.1,6,192.168.1.1<br> dhcp-range=wl0.1,192.168.2.100,192.168.2.249,255.255.255.0,1440m</code> | #* In ''Additional DNSMasq Options'' enter:<code><br> interface=wl0.1<br> dhcp-option=wl0.1,3,192.168.2.1<br> dhcp-option=wl0.1,6,192.168.1.1<br> dhcp-range=wl0.1,192.168.2.100,192.168.2.249,255.255.255.0,1440m</code> | ||
#* Click ''Save'' (and do '''not''' click ''Apply Settings'') | #* Click ''Save'' (and do '''not''' click ''Apply Settings'') | ||
- | # '''''Administration → Commands → Command Shell''''' | + | # '''''Administration → Commands → Command Shell''''' (configure firewall to isolate public/guest from private) |
:* Enter the ''Commands'':<code><br> iptables -I INPUT -i wl0.1 -m state --state NEW -j logaccept<br> iptables -I FORWARD -i wl0.1 -o br0 -j logdrop<br> iptables -I FORWARD -i br0 -o wl0.1 -j logdrop</code> | :* Enter the ''Commands'':<code><br> iptables -I INPUT -i wl0.1 -m state --state NEW -j logaccept<br> iptables -I FORWARD -i wl0.1 -o br0 -j logdrop<br> iptables -I FORWARD -i br0 -o wl0.1 -j logdrop</code> | ||
:* Click ''Save Firewall'' | :* Click ''Save Firewall'' |