{"id":323,"date":"2014-01-05T07:55:52","date_gmt":"2014-01-05T14:55:52","guid":{"rendered":"http:\/\/somethingk.com\/main\/?p=323"},"modified":"2017-03-23T11:31:10","modified_gmt":"2017-03-23T18:31:10","slug":"tomato-shibby-guest-wireless","status":"publish","type":"post","link":"https:\/\/somethingk.com\/main\/tomato-shibby-guest-wireless\/","title":{"rendered":"Tomato Shibby Guest Wireless"},"content":{"rendered":"<section id=\"text-4\" class=\"widget boka-widget widget_text amr_widget\">\t\t\t<div class=\"textwidget\"><script async src=\"\/\/pagead2.googlesyndication.com\/pagead\/js\/adsbygoogle.js\"><\/script>\r\n<ins class=\"adsbygoogle\"\r\n     style=\"display:block; text-align:center;\"\r\n     data-ad-layout=\"in-article\"\r\n     data-ad-format=\"fluid\"\r\n     data-ad-client=\"ca-pub-7619916617995509\"\r\n     data-ad-slot=\"9102150708\"><\/ins>\r\n<script>\r\n     (adsbygoogle = window.adsbygoogle || []).push({});\r\n<\/script><\/div>\n\t\t<\/section>\n<p>I want a guest network to mess around with, I mean what are guests for after all?<\/p>\n<p>What other reasons are there for having a guest network?<\/p>\n<p>Well, say you don&#8217;t want to give out the password to your actual home network. You may want to limit activity of guests. You do not want guests to be able to communicate with personal devices on your network. You might have some malicious\/untrustworthy \u00a0friends and you want to keep yourself safe. So many reasons.<\/p>\n<p>Worry not peoples, there is an easy way to set this up on <a title=\"Tomato Shibby on ASUS RT-N66W\" href=\"http:\/\/somethingk.com\/main\/?p=300\">Tomato Shibby<\/a> and most other new router firmwares! The following steps use the tomato firmware web UI. By default, the UI can be accessed on 192.168.1.1 by a computer connected wirelessly to the router.<\/p>\n<p>First thing is first, a new bridge has to be greater for this guest network. This bridge can be created in the <strong>Basic -&gt; Network<\/strong> section under LAN. Simple click &#8216;Add&#8217; and enter in your desired settings.<\/p>\n<p><a href=\"http:\/\/somethingk.com\/main\/wp-content\/uploads\/2014\/01\/Screen-Shot-2014-01-04-at-6.01.03-PM.png\"><img fetchpriority=\"high\" decoding=\"async\" class=\"aligncenter size-medium wp-image-324\" src=\"http:\/\/somethingk.com\/main\/wp-content\/uploads\/2014\/01\/Screen-Shot-2014-01-04-at-6.01.03-PM-300x200.png\" alt=\"Screen Shot 2014-01-04 at 6.01.03 PM\" width=\"300\" height=\"200\" srcset=\"https:\/\/somethingk.com\/main\/wp-content\/uploads\/2014\/01\/Screen-Shot-2014-01-04-at-6.01.03-PM-300x200.png 300w, https:\/\/somethingk.com\/main\/wp-content\/uploads\/2014\/01\/Screen-Shot-2014-01-04-at-6.01.03-PM.png 984w\" sizes=\"(max-width: 300px) 100vw, 300px\" \/><\/a><\/p>\n<p>The bridge I created (br1), is pictured above. It is set to use IP addresses 192.168.2.2-192.168.2.7 with the router hosting on 192.168.2.1. I&#8217;m only allowing up to 6 guests. I don&#8217;t want my experience to get bogged down by guests so I limit the amount of addresses available to them hence limiting the number of guests able to connect. Also, I set the lease time for guests to 60 minutes, they don&#8217;t need a long lease time. Save your progress.<\/p>\n<p>Sweet, so I now have this bridge. Now I must assign it to a <a title=\"Virtual LAN\" href=\"http:\/\/en.wikipedia.org\/wiki\/Virtual_LAN\" target=\"_blank\">VLAN<\/a>.<\/p>\n<p><em>&#8220;In\u00a0computer networking, a single\u00a0layer-2 network\u00a0may be\u00a0partitioned\u00a0to create multiple distinct\u00a0broadcast domains, which are mutually isolated so that packets can only pass between them via one or more\u00a0routers; such a domain is referred to as a\u00a0virtual local area network,\u00a0virtual LAN\u00a0or\u00a0VLAN&#8221; <\/em>(Wikipedia).<em><br \/>\n<\/em><\/p>\n<p>I don&#8217;t want guests accessing my stuff, so I will put them on a separate VLAN. Create a VLAN (for me it was 3) and assign the new bridge (br1) to it in <strong>Advanced -&gt; VLAN<\/strong> under VLAN.<\/p>\n<p><a href=\"http:\/\/somethingk.com\/main\/wp-content\/uploads\/2014\/01\/Screen-Shot-2014-01-05-at-9.25.48-AM.png\"><img decoding=\"async\" class=\"aligncenter size-medium wp-image-337\" src=\"http:\/\/somethingk.com\/main\/wp-content\/uploads\/2014\/01\/Screen-Shot-2014-01-05-at-9.25.48-AM-300x77.png\" alt=\"Screen Shot 2014-01-05 at 9.25.48 AM\" width=\"300\" height=\"77\" srcset=\"https:\/\/somethingk.com\/main\/wp-content\/uploads\/2014\/01\/Screen-Shot-2014-01-05-at-9.25.48-AM-300x77.png 300w, https:\/\/somethingk.com\/main\/wp-content\/uploads\/2014\/01\/Screen-Shot-2014-01-05-at-9.25.48-AM.png 999w\" sizes=\"(max-width: 300px) 100vw, 300px\" \/><\/a><\/p>\n<p>In my setup above, I&#8217;m not expecting guests to connect directly to a port on the router so I did not configure any of them. I expect guests to just connect wirelessly. Save your progress after setting this up.<\/p>\n<p>Now time to set up the wireless SSID for the guests. Go to <strong>Advanced -&gt; Virtual Wireless<\/strong>. Add the wl0.1 interface (or whatever one you want to use)\u00a0and set it to use the new bridge (br1). Give it any SSID you want, I chose to call mine Guest, as seen below. Save it.<\/p>\n<p><a href=\"http:\/\/somethingk.com\/main\/wp-content\/uploads\/2014\/01\/Screen-Shot-2014-01-04-at-7.46.16-PM.png\"><img decoding=\"async\" class=\"aligncenter size-medium wp-image-330\" src=\"http:\/\/somethingk.com\/main\/wp-content\/uploads\/2014\/01\/Screen-Shot-2014-01-04-at-7.46.16-PM-300x194.png\" alt=\"Screen Shot 2014-01-04 at 7.46.16 PM\" width=\"300\" height=\"194\" srcset=\"https:\/\/somethingk.com\/main\/wp-content\/uploads\/2014\/01\/Screen-Shot-2014-01-04-at-7.46.16-PM-300x194.png 300w, https:\/\/somethingk.com\/main\/wp-content\/uploads\/2014\/01\/Screen-Shot-2014-01-04-at-7.46.16-PM.png 986w\" sizes=\"(max-width: 300px) 100vw, 300px\" \/><\/a><\/p>\n<p>You can configure settings for the wireless interface by selecting the coordinating tab (wl0.1) from the top of the page. For instance, you might want to give it security. For now, I gave mine security but I don&#8217;t think I&#8217;ll keep it. Save it.<\/p>\n<p><a href=\"http:\/\/somethingk.com\/main\/wp-content\/uploads\/2014\/01\/Screen-Shot-2014-01-04-at-7.46.21-PM.png\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-medium wp-image-331\" src=\"http:\/\/somethingk.com\/main\/wp-content\/uploads\/2014\/01\/Screen-Shot-2014-01-04-at-7.46.21-PM-300x199.png\" alt=\"Screen Shot 2014-01-04 at 7.46.21 PM\" width=\"300\" height=\"199\" srcset=\"https:\/\/somethingk.com\/main\/wp-content\/uploads\/2014\/01\/Screen-Shot-2014-01-04-at-7.46.21-PM-300x199.png 300w, https:\/\/somethingk.com\/main\/wp-content\/uploads\/2014\/01\/Screen-Shot-2014-01-04-at-7.46.21-PM.png 973w\" sizes=\"(max-width: 300px) 100vw, 300px\" \/><\/a><\/p>\n<p>Finally, double check all is set correctly in <strong>Advanced -&gt; VLAN<\/strong>.<\/p>\n<p><a href=\"http:\/\/somethingk.com\/main\/wp-content\/uploads\/2014\/01\/Screen-Shot-2014-01-04-at-7.46.32-PM.png\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-medium wp-image-332\" src=\"http:\/\/somethingk.com\/main\/wp-content\/uploads\/2014\/01\/Screen-Shot-2014-01-04-at-7.46.32-PM-300x85.png\" alt=\"Screen Shot 2014-01-04 at 7.46.32 PM\" width=\"300\" height=\"85\" srcset=\"https:\/\/somethingk.com\/main\/wp-content\/uploads\/2014\/01\/Screen-Shot-2014-01-04-at-7.46.32-PM-300x85.png 300w, https:\/\/somethingk.com\/main\/wp-content\/uploads\/2014\/01\/Screen-Shot-2014-01-04-at-7.46.32-PM.png 974w\" sizes=\"(max-width: 300px) 100vw, 300px\" \/><\/a><\/p>\n<p>Basically, look to make sure the right bridge is setup to the right wireless interface.\u00a0Save it.<\/p>\n<p>Next to make sure my guest VLAN users cannot access my private network devices I added a few block forwarding IP table rules. To do this, \u00a0a<span style=\"line-height: 1.5em;\">dd the following commands in\u00a0<\/span><strong>Administration<\/strong><span style=\"line-height: 1.5em;\"><strong>-&gt;Scripts<\/strong> under Firewall:<\/span><\/p>\n<pre>iptables -P FORWARD DROP\r\niptables -A FORWARD -i eth0 -o br0 -j ACCEPT\r\niptables -A FORWARD -i br0 -o eth0 -j ACCEPT\r\niptables -A FORWARD -i eth0 -o br1 -j ACCEPT\r\niptables -A FORWARD -i br1 -o eth0 -j ACCEPT<\/pre>\n<p><a href=\"http:\/\/somethingk.com\/main\/wp-content\/uploads\/2014\/01\/Screen-Shot-2014-03-08-at-10.07.36-AM.png\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-medium wp-image-825\" src=\"http:\/\/somethingk.com\/main\/wp-content\/uploads\/2014\/01\/Screen-Shot-2014-03-08-at-10.07.36-AM-300x104.png\" alt=\"Screen Shot 2014-03-08 at 10.07.36 AM\" width=\"300\" height=\"104\" srcset=\"https:\/\/somethingk.com\/main\/wp-content\/uploads\/2014\/01\/Screen-Shot-2014-03-08-at-10.07.36-AM-300x104.png 300w, https:\/\/somethingk.com\/main\/wp-content\/uploads\/2014\/01\/Screen-Shot-2014-03-08-at-10.07.36-AM.png 994w\" sizes=\"(max-width: 300px) 100vw, 300px\" \/><\/a><\/p>\n<p>These rules first drop all forwarding communications. Following, the next rules set the firewall to allow communications between both bridges and the external world (eth0) only. This way the networks cannot talk to each other but still have internet connectivity. Save and you&#8217;re done with the basics!<\/p>\n<p>I went ahead and added a few extra things like a splash page for guests and I also limited their bandwidth activity. I&#8217;ll explain how to do this in a later post, this one is too long.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>I want a guest network to mess around with, I mean what are guests for after all? What other reasons are there for having a guest network? Well, say you don&#8217;t want to give out the password to your actual home network. You may want to limit activity of guests. You do not want guests to be able to communicate [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[93],"tags":[98,96,94],"class_list":["post-323","post","type-post","status-publish","format-standard","hentry","category-networking","tag-guest-network","tag-router","tag-tomato-shibby"],"_links":{"self":[{"href":"https:\/\/somethingk.com\/main\/wp-json\/wp\/v2\/posts\/323","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/somethingk.com\/main\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/somethingk.com\/main\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/somethingk.com\/main\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/somethingk.com\/main\/wp-json\/wp\/v2\/comments?post=323"}],"version-history":[{"count":17,"href":"https:\/\/somethingk.com\/main\/wp-json\/wp\/v2\/posts\/323\/revisions"}],"predecessor-version":[{"id":1079,"href":"https:\/\/somethingk.com\/main\/wp-json\/wp\/v2\/posts\/323\/revisions\/1079"}],"wp:attachment":[{"href":"https:\/\/somethingk.com\/main\/wp-json\/wp\/v2\/media?parent=323"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/somethingk.com\/main\/wp-json\/wp\/v2\/categories?post=323"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/somethingk.com\/main\/wp-json\/wp\/v2\/tags?post=323"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}