So let's keep using -I but with a incremented line number after to choose where to insert and have the rules in the usual order. A might not actually work as expected if you don't also look at other iptables rules that might have been already put before. Output of requested commands (with redacted WAN IP): ip -br ip -4 -br ip route Will allow 192.168.7.5 access the internet? I am sure that I am missing something with iptables, but not sure what.Īlso, is it safe to assume that adding: iptables -I FORWARD -i br2 -o br0 -s 192.168.7.5 -m state -state NEW -j ACCEPT Iptables -I FORWARD -i br0 -o br2 -m state -state NEW -j ACCEPT Iptables -I FORWARD -i br2 -o br0 -d 192.168.1.38 -p tcp -dport 1883 -m state -state NEW -j ACCEPT If I do not add any firewall rules, I am able to access devices on my IOT network from main network and, if I were to connect to my IOT network, I can browse the web.Īfter doing some searching, I added theses firewall rules (it seems like dd-wrt is always prepending the rules, so DROP needs to be entered first): iptables -I FORWARD -i br2 -j DROP Wifi keeps dropping off after 10 minutes and the only way to fix it is to restart the router. Firmware: DD-WRT v3.0-r34015M kongac (12/09/17) - More recent versions give me a lot of trouble with wireless connectivity.Also, all devices on the IOT network should be able to access my MQTT server that is on my main network. I want to allow only a few device internet access and the rest should be "jailed" to that network. I'm in the same boat as bof (as far as job title goes):Īt work I use OpenWRT on the APs, and I have one of my servers that acts as a NAT router for the service VMs.I am trying to configure a secondary network for my IOT stuff. In both cases I don't use OpenWRT's dnsmasq as my DNS server (I run bind DNS in a service VM/Helios 4 respectively), and at home I also have DHCP handled in the Helios 4.Īt work one of my most prized features of OpenWRT is its support for VLANs, which have allowed me to do some pretty nifty network segmentation (in conjunction with Managed L2 switches).Īt home I use OpenWRT, with the router supplied by my ISP in "Modem" mode (no NAT, it hands a public IP to whatever manages to snatch it via DHCP first, which is always my AP). I've always tried to buy hardware compatible with OpenWRT (which has luckily been very easy since the early 2010s) and I've never had any real issues (even on TP-Link routers notorious for huge dnsmasq memory leaks on their factory firmware). : One AP has a public IP and does NAT/DHCP, the others act as bridges. I've got this setup myself, here's what I ended up doing: My pie-in-the-sky dream is for a "big" (>= 48 port, or at least >= 24 port) 元 Switch, with non-stingy Flash (at least 64MB, preferably >= 128MB) capable of running OpenWRT (I've seen ports for some L2 switches, but none sold in my country). The outer router has RIP2M turned on (one of the few useful things it does), the inner router runs bird and automatically maintains two kernel routes to the IPs both ends of the PPP connection. When those routes change or expire I have a script do a UPnP query for the correct address (slow and flaky, so I can't just poll using this method) and then it goes off and updates a dynamic DNS pointer with the result.
0 Comments
Leave a Reply. |