Posted: Tue Jul 28, 2015 20:16 Post subject: Multiple WLAN on D-Link 615
Hi people, I am trying to setup a guest wlan which has access only to web (basically I want to block torrent).
I have a modem with IP 192.168.0.1 and a D-Link 615 running DD-WRT with IP 192.168.0.2 and acting as DHCP server
I followed this guide to enable multiple wlan: http://shitepod.co.uk/blog/2013/09/07/dd-wrt-multiple-wlan-set-up-on-a-dlink-dir-615/ and I set up my Virtual Interface as Unbridged: my modem is 192.168.0.1, the D-Link with DD-WRT is 192.168.0.2, so I set the IP address of the new WiFi to 192.168.2.1 and subnet mask is always 255.255.255.0
In the Networking section I created a Bridge between br1 and br0, where br1 is 192.168.2.1 and I assigned br1 to the ra1 interface.
I finally enabled Multiple DHCP on br1.
When I try to connect to the Guest WiFi I cannot obtain a valid IP address from the DHCP server Sad
I tried to add the following rules to iptables as suggested but nothing changed:
iptables -I FORWARD -i br1 -m state –state NEW -j ACCEPT
iptables -I FORWARD -p tcp –tcp-flags SYN,RST SYN -j TCPMSS –clamp-mss-to-pmtu
Then I tried with this other guide: http://www.dd-wrt.com/wiki/index.php/Multiple_WLANs where the idea is to set up the virtual interface as bridged. The rest of the guide seems to be the same as the other one except from the fact that the interface assigned to br1 is wl0.1 which i don't have as option (I only have eth2, vlan1, vlan2, ra0, ra1).
Still, when I try to connect I get no valid IP address..
Do you have an idea of what I am doing wrong?
ok, I managed to get it work by setting the virtual interface as bridged and without assigning any bridge table or multiple DHCP server. Problem is that I get IP 192.168.0.100 instead of 192.168.2.XXX as I expected. Anyway I will try now to disable torrent only on this guest network and I will come back with updates..
uhmm i think that if I don't get an IP network in a different range I cannot block P2P connections.. i found on this guide
http://blog.danjoannis.com/?p=1362
that in order to limit the number of TCP and UDP connection from a client says to add this to iptables:
The section for blocking P2P works by throttling the maximum number of connections made by a client. P2P services make many connections, which significant impact network performance. So for TCP connections, it limits clients to 50, and for UDP they are limited to 25.
Do you know what am I doing wrong? Why do I get internet access but on the same range as my normal wifi?
Still trying to manage to separate the two networks without success
I realized that the key thing that allows me to get or not get an IP address is how the bridge is assigned. In most of the guides I found around they say to assign the bridge br1 to wl0.1 but as I mentioned before, I don't have wl0.1 on my list of interfaces. Another guide says to assign it to ra1 but I don't understand what is ra1 (and when I select ra1 then DHCP doesn't work anymore on my guest wlan).
Can someone help me understand the difference between ra1 and wl0.1? Thanks a lot for your support!
I feel like I'm making a monologue or talking to myself on a mirror, but sometimes this helps more then expected
I read on the dd-wrt Multiple WLANs wiki:
Quote:
Ralink Based Hardware
The Ralink VAP interface will be named ra1 instead of wl0.1 so just substitute this name in the instructions.
So I still don't understand why I don't get an IP address if I set ra1 as interface for br1 and br1 as 192.168.2.1
I don't want to mess around too much with IPtables cause I'm not really an expert..
Hope someone will sit between me and my mirror and start talking to me thanks folks!
I feel like I'm making a monologue or talking to myself on a mirror, but sometimes this helps more then expected
I wish I could help mate, as this is something I'd like to try too. But I'm having difficulties even following what you've done so far.
I kinda get lost after the 'screwdriver' stages.
I've got a DIR-615 coming from eBay to play with, so I might be able to try and help when it arrives.
You set the interface to unbridged and then you want to bridge it?
I'll be honest with you, I started reading and gave up, because in order to help you whoever is going to dig into this has to read both those links, quite a lot of work.
It would be simpler to go just step by step and just state exactly what you have done. iptables is advanced routing and you can't even set up a guest WLAN yet, dont' get ahead of yourself.
Before entering into unbridged WLANs and iptables, you should first just try to setup a Guest WLAN and make sure that works.
You're right! Configuring a bridge as "unbridged" makes no sense, but that's what was written in the guide related to the DLink 615 and multiple WLAN
Quote:
Give the VI a SSID, and ensure the ‘network configuration’ = unbridged. This is important as without this the bridge you later create will not work correctly (I know it is counterintuitive, but bear with me).
Anyway I am able to setup a Guest WLAN by configuring the second wifi as "bridged" with IP 192.168.2.1 and then by creating a bridge between br1 and the interface ra1 and enabling Multiple DHCP Server on br1. The problem is that I don't get the IP in the range 192.168.2.XXX as I expect and I don't know why... Can you help me please?