For the amount of times we have people over the house that want to use my WIFI, giving out my super-secret hidden SSID and complex security passcode isn't a hassle. But I am giving out my super-secret hidden SSID and complex security passcode! Which means these people could at any time park inconspicuously outside my house on our dead-end cul-de-sac road and steal WIFI access siphoning off precious bandwidth and accessing nefarious web sites.
Of course, I'm not really worried about that, but with DD-WRT running, I can easily set up a second visible guest network ... so why not?
There are plenty of guides out there - some better than others. I won't create my own here. I did find the DD-WRT Wiki the most useful of all the links I visited.
I used the GUI to set it up. I created the second visible guest SSID. I used the same security - this time with an easy password. I created the bridge and assigned the bridge group. I created the secondary DHCP service. I tested and all was working well.
I was a bit confused about the DHCP setup, so I'll detail that here. I followed the step to create a secondary DHCP service for the guest network under "Setup" -> "Networking" tabs in the GUI. However, they mention DNSMasq and I knew I was running the primary DHCP service (found on "Setup" -> "Basic Setup") without DNSMasq enabled.
Ultimately, I enabled DNSMasq by going to "Setup" -> "Basic Setup" and clicking the check box for "Use DNSMasq for DHCP" and then enabling DNSMasq on the "Setup" -> "Services" tab by clicking the "Enable" radio button next to "DNSMasq". I did not enter the additional DNSMaq configuration into the text box like the Wiki shows. I didn't need to. A verification from the command line proved this:
root@DD-WRT:/tmp# more dnsmasq.conf interface=br0,br1 resolv-file=/tmp/resolv.dnsmasq domain=domain.net. dhcp-leasefile=/tmp/dnsmasq.leases dhcp-lease-max=20 dhcp-option=lan,3,192.168.10.1 dhcp-option=br1,3,192.168.2.1 dhcp-option=6,8.8.8.8,8.8.4.4 dhcp-range=lan,192.168.10.100,192.168.10.109,255.255.255.0,1440m dhcp-range=br1,192.168.2.100,192.168.2.110,255.255.255.0,60m
The above DNSMasq config shows my primary LAN (lan = 192.168.10.0/24) and the new guest LAN (br1 = 192.168.2.0/24) set up to hand out addresses, default gateways and DNS servers.
I didn't bother with any additional iptables rules. Tests revealed I could not connect from the guest LAN to the primary LAN and vice-versa - which is what I want.
Now we just need to invite some more Internet-savvy guests over!
Posts
No comments :
Post a Comment