Wireless rule issues



  • I've just add ath0 which dmesg shows is an AR9285 card to help make an access point. I add the interface, configure it with a basic setup, add the OPT1 rule as it says to do, however the only way I can get it to connect to the internet is with an OPT1 rule that passes TCP/UDP from any to any.

    I'd like is to have my wifi only reach the internet and NOT the wired computers on the LAN.

    Additional info:
    WAN: DHCP
    LAN: 192.168.1.1/24
    OPT1: 192.168.2.1/24
    Running 2.1 release

    I only have the ONE rule for the OPT interface and did not touch anything in NAT. Can someone clue me in?



  • how about adding a rule that blocks access to 192.168.1.1/16? "internet IPs" are never one of these, so internet will continue working but your LAN will be protected. just don't forget that the blocking rule has to come before the allow all rule!



  • That's what I initially thought but I figured that wasn't the way to do it. I've tried it now as a test but and even after clearing states, I get no connection with that block rule in place.



  • The default rule blocks everything, so you won't get anywhere if all you add on top of that is another block rule. I'd just put "pass any from any to not lan subnet" on the OPT1 interface.



  • I must have been making this more difficult than it had to be…. It's working now. Thanks all


Log in to reply