Help me make my WiFi internet only

S

s10010001

Supreme [H]ardness
Joined
Sep 17, 2002
Messages
7,505
Ok, I am no networking guru. I would like to make my network at home a little more secure by making my wireless network have access to the internet only and not access to out desktop computers. That way if someone does get on the network, all they get it free internet.

My router is a WRT54G with DD-WRT v24 SP1 firmware.

Can anyone point me in the right direction?

Let me know if you need any more details.
 
are you talking about keeping outside people off your network?

If so, enable WPA2 with AES or PSK encryption and no one can use any of your stuff. To keep the low level hackers out turn off SSID broadcast as well.

Other than that if you want people on your network to use the internet only then that is default. To connect to another computer on the network you would have to share a folder and then you would change the rights on that computer and if they wanted access to the computer itself they would need the login and pass of the local admin on that machine.


The simple sweet setup for me out of the box for my routers is as follows.

SSID Broadcast off
WPA2 - AES on with a pass of your choosing
Change to wireless channel 1 unless someone already has that near you and then I change to 11.
Change default admin pass on router
Change ssid to Virus Detected

done!
 
To make your wireless network unable to talk to your wired side, you are going to need some more hardware unless your router supports this.

An option is to:
Buy a 2nd wireless router.
Set-up the WAN with a static IP in your main router's IP range (i.e Main router:192.168.1.1, 2nd Router WAN: 192.168.1.2)
Configure WAN port for your network (main router is gateway)
Put the 2nd router's IP in the main router's DMZ
Connect the 2nd router's WAN port to one of the main router's LAN ports.
Set the IP address of the 2nd router's LAN to 192.168.2.1. Configure DHCP to give out these addresses (192.168.2.x)
Disable wireless on your main router.
This will put your wireless network in your main router's DMZ, effectively isolating it from your wired side.

As I said before your router may support something like this without additional hardware. Additionally if it allowed creating VLANs for different interfaces, that would work to.

The above method isn't perfect, you could reverse things and put your main router in the other one's DMZ, thus putting a hardware firewall between your wired computers and the wireless, but then you would be dealing with the other one's NAT table, increased latency, etc.
 
Track Drew said:
To make your wireless network unable to talk to your wired side, you are going to need some more hardware unless your router supports this.

An option is to:
Buy a 2nd wireless router.
Set-up the WAN with a static IP in your main router's IP range (i.e Main router:192.168.1.1, 2nd Router WAN: 192.168.1.2)
Configure WAN port for your network (main router is gateway)
Put the 2nd router's IP in the main router's DMZ
Connect the 2nd router's WAN port to one of the main router's LAN ports.
Set the IP address of the 2nd router's LAN to 192.168.2.1. Configure DHCP to give out these addresses (192.168.2.x)
Disable wireless on your main router.
This will put your wireless network in your main router's DMZ, effectively isolating it from your wired side.

As I said before your router may support something like this without additional hardware. Additionally if it allowed creating VLANs for different interfaces, that would work to.

The above method isn't perfect, you could reverse things and put your main router in the other one's DMZ, thus putting a hardware firewall between your wired computers and the wireless, but then you would be dealing with the other one's NAT table, increased latency, etc.
Click to expand...


yes it can do vlan with the firmware I have. make a vlan and put it in the DMZ.. on paper anyway.. let me give it a crack.
 
tonyyy said:
http://www.dd-wrt.com/wiki/index.php/WLAN_separate_from_LAN,_with_independent_dhcp,_etc

DDWRT wiki! it helps :D
Click to expand...

Thanks! Yea im digin all over the Wiki, but im afraid I dont know enough of the networking lingo so it makeing it harder to know exactly what im doing.

So far useing this: http://dd-wrt.com/wiki/index.php/Separate_LAN_and_WLAN I have got the wifi and Ethernet separated with different subnets.

Now it looks like I can use the listed commands to lock out the Wifi from my internal network. like this one:

Restrict WLAN from accessing br0
iptables -I FORWARD -i $W_IF -o br0 -m state --state NEW -j DROP
 
You must log in or register to reply here.
Back
Top