Question regards setup of a Guest WiFi
-
It's interesting, and quite timely (I must admit) that this question/doubt about subnet 127.0.0.0/8 (in relation to RFC1918) has reared its ugly head…..since I was anyways about to post a question asking if other subnets should also be blocked.
I ask this because I came across an excerpt (from a book on VOIP Security - see attached image) that mentions a whole bunch of subnets which must be blocked....and 127.0.0.0/8 is certainly one of them. I do plan on having a RasPi running RasPBX behind my firewall.
My RFC1918 alias currently has the following subnets included (the last one was added just last night):
-
192.168.0.0/16
-
172.16.0.0
-
10.0.0.0
-
127.0.0.0
The book mentions that the following subnets must also be included (refer to attached image for description of each subnet):
-
0.0.0.018
-
169.254.0.0/16
-
192.0.2.0/24
-
224.0.0.0/4
-
240.0.0.0/5
-
248.0.0.0/5
-
255.255.255.255/32
Makes sense, or hogwash?
Thanks.
-
-
Also one thing you do wrong is the router IPs.
If the pfsense firewall itself do have 192.168.1.1 and 192.168.2.1, you CANNOT have the routers/AP's have the same IP. Then you will get a randomly unstable connection since roughtly half of the time, the router will reply on something the firewall should reply on.The routers/AP's should preferable use 192.168.1.2 and 192.168.2.2.
So if the WRT54G really has the IP 192.168.2.1, you are getting a IP collision in your network, and thats why you get "Unstable connection" inside Android.
So what you should do:
LAN = 192.168.1.1
OPT1 = 192.168.2.1Linksys = 192.168.1.2
WRT54G = 192.168.2.2