HarryMuscle
Senior Member
I successfully created separate subnets for some of my guest WiFi connections (wl0.2, wl1.2, wl0.3, wl1.3) as outlined here: https://www.snbforums.com/threads/seperate-dhcp-range-for-guest-wifi.40910/. However, even if I enable intranet access for a guest WiFi connection it's not actually able to connect to the intranet subnet. Any help in figuring this out would be greatly appreciated.
Here is a copy of the current IP table rules that exist on the router:
And here is a copy of all the ebtable rules that currently exist on the router:
The interfaces that I'm trying to configure to access the intranet are the wl0.2 and wl1.2.
Thanks,
Harry
Here is a copy of the current IP table rules that exist on the router:
Code:
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
num pkts bytes target prot opt in out source destination
1 15 1061 ACCEPT all -- tun11 any anywhere anywhere
2 0 0 DROP icmp -- eth0 any anywhere anywhere icmp echo-request
3 1891 165K SECURITY_PROTECT tcp -- any any anywhere anywhere multiport dports ssh
4 113K 77M ACCEPT all -- any any anywhere anywhere state RELATED,ESTABLISHED
5 165 7860 DROP all -- any any anywhere anywhere state INVALID
6 4480 783K ACCEPT all -- br0 any anywhere anywhere state NEW
7 0 0 ACCEPT all -- wl0.2 any anywhere anywhere state NEW
8 0 0 ACCEPT all -- wl1.2 any anywhere anywhere state NEW
9 0 0 ACCEPT all -- wl0.3 any anywhere anywhere state NEW
10 0 0 ACCEPT all -- wl1.3 any anywhere anywhere state NEW
11 18866 3818K ACCEPT all -- lo any anywhere anywhere state NEW
12 0 0 ACCEPT udp -- any any anywhere anywhere udp spt:bootps dpt:bootpc
13 0 0 ACCEPT icmp -- any any anywhere anywhere icmp !echo-request
14 504 63196 DROP all -- any any anywhere anywhere
Chain FORWARD (policy DROP 0 packets, 0 bytes)
num pkts bytes target prot opt in out source destination
1 1056K 1243M ACCEPT all -- any any anywhere anywhere state RELATED,ESTABLISHED
2 0 0 ACCEPT all -- tun11 any anywhere anywhere
3 0 0 DROP all -- eth0 eth0 anywhere anywhere
4 0 0 DROP all -- lo eth0 anywhere anywhere
5 0 0 DROP all -- eth0 any anywhere anywhere state INVALID
6 0 0 ACCEPT all -- br0 br0 anywhere anywhere
7 0 0 ACCEPT all -- br0 wl0.2 anywhere anywhere
8 0 0 ACCEPT all -- br0 wl1.2 anywhere anywhere
9 0 0 ACCEPT all -- br0 wl0.3 anywhere anywhere
10 0 0 ACCEPT all -- br0 wl1.3 anywhere anywhere
11 0 0 ACCEPT all -- wl0.2 br0 anywhere anywhere
12 0 0 ACCEPT all -- wl0.2 wl0.2 anywhere anywhere
13 0 0 ACCEPT all -- wl0.2 wl1.2 anywhere anywhere
14 0 0 ACCEPT all -- wl0.2 wl0.3 anywhere anywhere
15 0 0 ACCEPT all -- wl0.2 wl1.3 anywhere anywhere
16 0 0 ACCEPT all -- wl1.2 br0 anywhere anywhere
17 0 0 ACCEPT all -- wl1.2 wl0.2 anywhere anywhere
18 0 0 ACCEPT all -- wl1.2 wl1.2 anywhere anywhere
19 0 0 ACCEPT all -- wl1.2 wl0.3 anywhere anywhere
20 0 0 ACCEPT all -- wl1.2 wl1.3 anywhere anywhere
21 0 0 ACCEPT all -- wl0.3 br0 anywhere anywhere
22 0 0 ACCEPT all -- wl0.3 wl0.2 anywhere anywhere
23 0 0 ACCEPT all -- wl0.3 wl1.2 anywhere anywhere
24 0 0 ACCEPT all -- wl0.3 wl0.3 anywhere anywhere
25 0 0 ACCEPT all -- wl0.3 wl1.3 anywhere anywhere
26 0 0 ACCEPT all -- wl1.3 br0 anywhere anywhere
27 0 0 ACCEPT all -- wl1.3 wl0.2 anywhere anywhere
28 0 0 ACCEPT all -- wl1.3 wl1.2 anywhere anywhere
29 0 0 ACCEPT all -- wl1.3 wl0.3 anywhere anywhere
30 0 0 ACCEPT all -- wl1.3 wl1.3 anywhere anywhere
31 0 0 SECURITY all -- eth0 any anywhere anywhere
32 7094 459K NSFW all -- any any anywhere anywhere
33 3474 231K ACCEPT all -- any any anywhere anywhere ctstate DNAT
34 3169 199K ACCEPT all -- br0 any anywhere anywhere
35 0 0 ACCEPT all -- wl0.2 any anywhere anywhere
36 0 0 ACCEPT all -- wl1.2 any anywhere anywhere
37 0 0 ACCEPT all -- wl0.3 any anywhere anywhere
38 0 0 ACCEPT all -- wl1.3 any anywhere anywhere
Chain OUTPUT (policy ACCEPT 117K packets, 46M bytes)
num pkts bytes target prot opt in out source destination
Chain FUPNP (0 references)
num pkts bytes target prot opt in out source destination
Chain NSFW (1 references)
num pkts bytes target prot opt in out source destination
Chain PControls (0 references)
num pkts bytes target prot opt in out source destination
1 0 0 ACCEPT all -- any any anywhere anywhere
Chain SECURITY (1 references)
num pkts bytes target prot opt in out source destination
1 0 0 RETURN tcp -- any any anywhere anywhere tcp flags:FIN,SYN,RST,ACK/SYN limit: avg 1/sec burst 5
2 0 0 DROP tcp -- any any anywhere anywhere tcp flags:FIN,SYN,RST,ACK/SYN
3 0 0 RETURN tcp -- any any anywhere anywhere tcp flags:FIN,SYN,RST,ACK/RST limit: avg 1/sec burst 5
4 0 0 DROP tcp -- any any anywhere anywhere tcp flags:FIN,SYN,RST,ACK/RST
5 0 0 RETURN icmp -- any any anywhere anywhere icmp echo-request limit: avg 1/sec burst 5
6 0 0 DROP icmp -- any any anywhere anywhere icmp echo-request
7 0 0 RETURN all -- any any anywhere anywhere
Chain SECURITY_PROTECT (1 references)
num pkts bytes target prot opt in out source destination
Chain logaccept (0 references)
num pkts bytes target prot opt in out source destination
1 0 0 LOG all -- any any anywhere anywhere state NEW LOG level warning tcp-sequence tcp-options ip-options prefix `ACCEPT '
2 0 0 ACCEPT all -- any any anywhere anywhere
Chain logdrop (0 references)
num pkts bytes target prot opt in out source destination
1 0 0 LOG all -- any any anywhere anywhere state NEW LOG level warning tcp-sequence tcp-options ip-options prefix `DROP '
2 0 0 DROP all -- any any anywhere anywhere
And here is a copy of all the ebtable rules that currently exist on the router:
Code:
Bridge table: filter
Bridge chain: INPUT, entries: 0, policy: ACCEPT
Bridge chain: FORWARD, entries: 4, policy: ACCEPT
-i wl0.1 -j DROP
-o wl0.1 -j DROP
-i wl1.1 -j DROP
-o wl1.1 -j DROP
-i wl0.3 -j DROP
-o wl0.3 -j DROP
-i wl1.3 -j DROP
-o wl1.3 -j DROP
Bridge chain: OUTPUT, entries: 0, policy: ACCEPT
Bridge table: broute
Bridge chain: BROUTING, entries: 10, policy: ACCEPT
-p IPv4 -i wl1.3 -j DROP
-p ARP -i wl1.3 -j DROP
-p IPv4 -i wl0.3 -j DROP
-p ARP -i wl0.3 -j DROP
-p IPv4 -i wl1.2 -j DROP
-p ARP -i wl1.2 -j DROP
-p IPv4 -i wl0.2 -j DROP
-p ARP -i wl0.2 -j DROP
-p IPv4 -i wl0.1 --ip-dst 192.168.1.0/24 --ip-proto tcp -j DROP
-p IPv4 -i wl1.1 --ip-dst 192.168.1.0/24 --ip-proto tcp -j DROP
-p IPv4 -i wl0.3 --ip-dst 192.168.1.0/24 --ip-proto tcp -j DROP
-p IPv4 -i wl1.3 --ip-dst 192.168.1.0/24 --ip-proto tcp -j DROP
The interfaces that I'm trying to configure to access the intranet are the wl0.2 and wl1.2.
Thanks,
Harry