DD-WRT Forum :: View topic - WRT54GL How to setup a VLAN for FON on port 4?

Quick Links

Log in

WRT54GL How to setup a VLAN for FON on port 4?

DD-WRT Forum Forum Index -> Broadcom SoC based Hardware

View previous topic :: View next topic

Author

Message

nunofgs
DD-WRT Novice

Joined: 08 Jan 2007
Posts: 11

Posted: Mon Jan 08, 2007 11:35 pm Post subject: WRT54GL How to setup a VLAN for FON on port 4?

Hi, I have been trying to create a separate VLAN for an access point that is on the roof of my house hooked up to an 8dbi omni-directional antenna. The access point is connected to port 4 of the linksys router.

I want to provide internet through the FON movement but I need to have my private network isolated from the wireless clients coming from that vlan2.

Here's the problem:
1) My routers' ports are reversed so port 4 is actually port 0 for me. When I execute:

Code:

nvram set vlan0ports "1 2 3 5*"
nvram set vlan2ports "0 5"
nvram commit
reboot

The variable vlan2ports will no longer be defined and vlan1ports will go back to "0 1 2 3 5*"!!!

I was also to able set up chillispot and it seemed to work because I could get an IP in the 192.168.182.x range, but it does not send me to the FON login page. The internet is completely accessible and so are the other computers in my network.

I also tried following the how-to here: http://www.geek-pages.com/articles/latest/dd-wrt_-_setting_up_a_separate/isolated_vlan_on_port_4_with_dhcp.html
but I did not setup the DHCP server for the vlan2 because chillispot will already serve IPs in the range 192.168.182.x and that is fine by me. The how-to did not help because the nvram vlan2ports variable is still undefined no matter what I do...

Any ideas?

PS: I'm using v23 sp2 std.

Sponsor

nunofgs
DD-WRT Novice

Joined: 08 Jan 2007
Posts: 11

Posted: Tue Jan 09, 2007 4:22 pm Post subject:

Ok, I finally found out what the problem was Razz

I was doing:

Code:

nvram set vlan2ports "1 2 3 5*"

when the actual syntax is:

Code:

nvram set vlan2ports="1 2 3 5*"

Doh!

Anyway, I am still having problems with iptables now. I am trying to use these iptables rules:

Code:

iptables -I INPUT -i vlan2 -j ACCEPT
iptables -I FORWARD -i vlan2 -o vlan1 -m state --state NEW -j ACCEPT
iptables -I FORWARD -i vlan2 -o ppp0 -m state --state NEW -j ACCEPT
iptables -I FORWARD -i br0 -o vlan2 -j logdrop

Everything seems to work fine (chillispot works beautifully) except that I can STILL communicate with the computers in vlan0. I need the vlan2 to be completely isolated from vlan0 Sad

nunofgs
DD-WRT Novice

Joined: 08 Jan 2007
Posts: 11

Posted: Thu Jan 11, 2007 9:36 pm Post subject:
ok, disregard the above post. At the moment my vlan2 works fine, i.e., I can't access vlan0 from it but I have NO internet. I tried every iptables rule on every howto I could find... I just can't seem to do it. Can anyone help me with the iptables rules to make port4/vlan2 have internet?

vangrieg
DD-WRT Novice

Joined: 29 Oct 2006
Posts: 10

Posted: Thu Jan 11, 2007 9:50 pm Post subject:
What IP address do you have for vlan2? What does ifconfig show? Setting connection type in nvram doesn't work (at least it didn't for me), try to set it up using ifconfig. Hope this helps.

nunofgs
DD-WRT Novice

Joined: 08 Jan 2007
Posts: 11

Posted: Fri Jan 12, 2007 12:43 am Post subject:

OK!!! Everything works now! Here is a little howto:

These are instructions on how to set up a separate *completely isolated* vlan and running chillispot configured for Fon on that vlan. The new vlan will assign IPs in the 192.168.2.x range.

First create a vlan2:
(Note: in WRT54GL the ports are switched, so port 4 is actually port 0... change accordingly!)

Code:

nvram set vlan0ports="1 2 3 5*"
nvram set vlan2ports="4 5"
nvram commit

On the dd-wrt vlan management, set it according to the image at the bottom of this page: http://www.geek-pages.com/articles/latest/dd-wrt_-_setting_up_a_separate/isolated_vlan_on_port_4_with_dhcp_2.html

Now go to Management->Commands and paste this:

Code:

#!/bin/sh

sleep 10

echo -n '
dhcpif vlan2
net 192.168.2.0/24
dynip 192.168.2.0/24
radiusserver1 radius01.fon.com
radiusserver2 radius02.fon.com
radiussecret garrafon
uamanydns
uamserver https://login.fon.com/cp/index.php
uamsecret garrafon
uamallowed www.fon.com,acceso.fon.com,en.fon.com,es.fon.com
uamallowed www.paypal.com,www.paypalobjects.com
radiusnasid CHANGE_THIS_TO_VLAN2's_MAC_ADDRESS
' > /tmp/chilli.conf

echo `nvram get wan_dns` | sed -e 's/[0-9]/=&/' -e 's/ /%/' -e 's/=/\ndns1 /' -e 's/%/\ndns2 /' >> /tmp/chilli.conf

# Execute chillispot
/usr/sbin/chilli --conf /tmp/chilli.conf

Don't forget to change the radiusnasid and press Save Startup. Then paste this:

Code:

iptables -I INPUT -i tun0 -j ACCEPT
iptables -I FORWARD -i tun0 -o vlan2 -m state --state NEW -j ACCEPT
iptables -I FORWARD -i br0 -o tun0 -j DROP
iptables -A INPUT -i tun0 -d 192.168.2.1 -j DROP
iptables -t nat -I PREROUTING -i tun0 -d 192.168.1.1/255.255.255.0 -j DROP

DEV="tun0"
DOWNLINK="256"
UPLINK="128"

tc qdisc del dev $DEV root
tc qdisc del dev $DEV ingress

# limit download
tc qdisc add dev $DEV root handle 1: htb
tc class add dev $DEV parent 1: classid 1:1 htb rate ${DOWNLINK}kbit burst 6k
tc filter add dev $DEV parent 1: protocol ip prio 16 u32 match ip dst 192.168.2.1/24 flowid 1:1

# limit upload
tc qdisc add dev $DEV ingress handle ffff:
tc filter add dev $DEV parent ffff: protocol ip u32 match ip src 0.0.0.0/0 police rate ${UPLINK}kbit burst 10k

Now press Save Firewall. What those iptables rules do is allow the vlan2 to receive internet aswell as block access to 192.168.2.1 (which will be the router's IP). The rest of the script limits the bandwidth available to the Fon users.

Reboot. That should do it!

olmari
DD-WRT Guru

Joined: 24 Oct 2006
Posts: 1447
Location: Vaasa, Finland

Posted: Fri Jan 19, 2007 8:52 am Post subject:

Question: Do you use FON access point in your roof or is it "generic" one? I'm asking this because I'm planning to make similar thing here too.

I mean because all that setup for vlan2, does one still need fon device / fon firmware in that second AP?

to developers: have FON readyness in DD-WRT, especially in v24 as it has virtual SSID's, that way one can have single AP if location is good Wink

_________________
Site 1:
P3 1GHz Coppermine with DD-WRT v24 as main router
2x Buffalo WHR-HP-G54 with DD-WRT v24 as AP

Site 2:
AMD64 4200+ Dualcore AM2 with DD-WRT v24 as main router
Buffalo WHR-HP-G54 with DD-WRT v24 as AP

nunofgs
DD-WRT Novice

Joined: 08 Jan 2007
Posts: 11

Posted: Fri Jan 19, 2007 2:12 pm Post subject:
No, I use a generic conceptronic access point. That's why I like this setup. I didn't want to put a La Fonera in the roof because it forces you to create a private SSID and I don't want my private wireless network to be broadcasted all over my city

olmari
DD-WRT Guru

Joined: 24 Oct 2006
Posts: 1447
Location: Vaasa, Finland

Posted: Fri Jan 19, 2007 2:41 pm Post subject:

nunofgs wrote:

No, I use a *generic* conceptronic access point. That's why I like this setup.

Yeah, I've studiedsome more and even found instructions how to make FON work on v24 and Virtual SSID's. Slowly but steadily I will get there ^^
_________________
Site 1:
P3 1GHz Coppermine with DD-WRT v24 as main router
2x Buffalo WHR-HP-G54 with DD-WRT v24 as AP

Site 2:
AMD64 4200+ Dualcore AM2 with DD-WRT v24 as main router
Buffalo WHR-HP-G54 with DD-WRT v24 as AP

Display posts from previous:

Page 1 of 1

DD-WRT Forum Forum Index -> Broadcom SoC based Hardware

All times are GMT

Navigation

Jump to:

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum