Perry Rhodan
New Around Here
I'm at lost here, been trying to get this to work for weeks without success. I've implemented this on many dd-wrt boxes without any issues. I already run a dhcp server internally so I have no need to use the RT-N66U built in dhcp for anything but the guest network which is isolated from the internal network.
Here's what I tried so far... on 266.23b, 270.24 and 270.25b.
dnsmasq.conf
#Enables DHCP on br1
interface=br1
# Set the default gateway for br1 clients
dhcp-option=br1,3,192.168.110.1
# Set the DHCP range and default lease time of 24 hours for br1 clients
dhcp-range=br1,192.168.110.100,192.168.110.150,255.255.255.0,24h
net-start
#!/bin/sh
brctl addbr br1
brctl delif br0 wl0.1
brctl addif br1 wl0.1
brctl stp br1 on
ifconfig wl0.1 0.0.0.0
ifconfig br1 up
ifconfig br1 192.168.110.1 netmask 255.255.255.0 up
iptables -I INPUT -i br1-p udp --dport 53 -j ACCEPT
iptables -I INPUT -i br1 -p tcp --dport 53 -j ACCEPT
Logs
Mar 6 14:33:41 dnsmasq[643]: started, version 2.65 cachesize 1500
Mar 6 14:33:41 dnsmasq[643]: compile time options: IPv6 GNU-getopt no-RTC no-DBus no-i18n no-IDN DHCP DHCPv6 no-Lua TFTP no-conntrack
Mar 6 14:33:41 dnsmasq-dhcp[643]: DHCP, IP range 192.168.110.100 -- 192.168.110.150, lease time 1d
Mar 6 14:33:41 dnsmasq[643]: read /etc/hosts - 3 addresses
Mar 6 14:33:41 dnsmasq[643]: using nameserver 64.59.150.138#53
Mar 6 14:33:41 dnsmasq[643]: using nameserver 64.59.144.92#53
Any connection to the guest network fails.
Also tried using my internal DNS and DHCP boxes by opening ports with iptables and ebtables. This was very unstable with the clients taking long to get a lease and at time looping in renewing their lease.
ebtables example:
ebtables -I FORWARD -p IPv4 -i br0 -o ! wl0.1 --ip-proto udp --ip-dport 53 -j ACCEPT
ebtables -I FORWARD -p IPv4 -i br0 -o ! wl0.1 --ip-proto udp --ip-dport 67 -j ACCEPT
ebtables -I FORWARD -p IPv4 -i wl0.1 -o ! br0 --ip-proto udp --ip-sport 67 -j ACCEPT
ebtables -I FORWARD -p IPv4 -i wl0.1 -o ! br0 --ip-proto udp --ip-sport 53 -j ACCEPT
ebtables -I FORWARD -p IPv4 -i br0 -o ! wl0.1 --ip-proto udp --ip-dport 68 -j ACCEPT
ebtables -I FORWARD -p IPv4 -i wl0.1 -o ! br0 --ip-proto udp --ip-sport 68 -j ACCEPT
Any ideas or suggestions would be greatly appreciated.
Here's what I tried so far... on 266.23b, 270.24 and 270.25b.
dnsmasq.conf
#Enables DHCP on br1
interface=br1
# Set the default gateway for br1 clients
dhcp-option=br1,3,192.168.110.1
# Set the DHCP range and default lease time of 24 hours for br1 clients
dhcp-range=br1,192.168.110.100,192.168.110.150,255.255.255.0,24h
net-start
#!/bin/sh
brctl addbr br1
brctl delif br0 wl0.1
brctl addif br1 wl0.1
brctl stp br1 on
ifconfig wl0.1 0.0.0.0
ifconfig br1 up
ifconfig br1 192.168.110.1 netmask 255.255.255.0 up
iptables -I INPUT -i br1-p udp --dport 53 -j ACCEPT
iptables -I INPUT -i br1 -p tcp --dport 53 -j ACCEPT
Logs
Mar 6 14:33:41 dnsmasq[643]: started, version 2.65 cachesize 1500
Mar 6 14:33:41 dnsmasq[643]: compile time options: IPv6 GNU-getopt no-RTC no-DBus no-i18n no-IDN DHCP DHCPv6 no-Lua TFTP no-conntrack
Mar 6 14:33:41 dnsmasq-dhcp[643]: DHCP, IP range 192.168.110.100 -- 192.168.110.150, lease time 1d
Mar 6 14:33:41 dnsmasq[643]: read /etc/hosts - 3 addresses
Mar 6 14:33:41 dnsmasq[643]: using nameserver 64.59.150.138#53
Mar 6 14:33:41 dnsmasq[643]: using nameserver 64.59.144.92#53
Any connection to the guest network fails.
Also tried using my internal DNS and DHCP boxes by opening ports with iptables and ebtables. This was very unstable with the clients taking long to get a lease and at time looping in renewing their lease.
ebtables example:
ebtables -I FORWARD -p IPv4 -i br0 -o ! wl0.1 --ip-proto udp --ip-dport 53 -j ACCEPT
ebtables -I FORWARD -p IPv4 -i br0 -o ! wl0.1 --ip-proto udp --ip-dport 67 -j ACCEPT
ebtables -I FORWARD -p IPv4 -i wl0.1 -o ! br0 --ip-proto udp --ip-sport 67 -j ACCEPT
ebtables -I FORWARD -p IPv4 -i wl0.1 -o ! br0 --ip-proto udp --ip-sport 53 -j ACCEPT
ebtables -I FORWARD -p IPv4 -i br0 -o ! wl0.1 --ip-proto udp --ip-dport 68 -j ACCEPT
ebtables -I FORWARD -p IPv4 -i wl0.1 -o ! br0 --ip-proto udp --ip-sport 68 -j ACCEPT
Any ideas or suggestions would be greatly appreciated.
Last edited: