WRT54G's as clients

I don't have a good picture of how you've arranged that. I can't tell if you have 2 or 3 WRT54GS units either.

Is this accurate:

is a wired link, is a wireless link

WRT54GS #1 (WDS enabled) ADSL WAN PORT +++> LAN/WIRELESS WRT54GS #3 (WDS enabled) + neigbhor's + WRT54GS #2 (WDS disabled) +++> WAN PORT +++> LAN/WIRELESS Laptop client + + ETHERNET SWITCH +++> INTRANET PORT +++> INTRANET PORT + ... + +++> Multiple Desktop Hosts

If you want traffic from the switch to be able to access the Internet, then WRTGS #1 and #2 *must* route traffic between those IP addresses

You can, however, enable the firewall and put filters on what WRT54GS #2 will allow through the WAN port. That of course will necessitate configuring ipchains in that router.

Yes. Configure his WRT54GS as an Access Point with WDS enabled. He can then use _both_ wireless connections and plug local wired connections into the LAN ports.

For that his WRT54GS would be set to Client, and he would *not* be able to access it with wireless clients.

I'd change your layout a little, perhaps.

WRT54GS #1 (WDS disabled) ADSL WAN PORT +++> LAN/WIRELESS Laptop client + + ETHERNET SWITCH +++> INTRANET PORT + INTRANET PORT Multiple Desktop Hosts + + WRT54GS #2 (WDS enabled) + WAN PORT +++> LAN/WIRELESS WRT54GS #3 (WDS enabled) neigbhor's

With this arrangement you don't need to do anything special with the ipchains filters, and instead need to do a little fancy fiddling with the route tables in the WRT54GS #2.

Specifically, any subnet that you want to isolate from the neighbor should be routed to the WAN port (device vlan1). You could have one entry that routes one subnet to the LAN port (actually, to the bridge, device br0), and then a catch all entry to route everything else in the 192.168.n.n range to the WAN port. And then a default that sends everything else to the ADSL address.

So, lets say your ADSL has an IP of, and the other ranges are as follows:

192.168.50.n Your LAN, both wired and wireless 192.168.10.n Neighbor's LAN, both wired and wireless

In WRT54G #1 you want a route table that looks like this

Destination Gateway Netmask Device * vlan1 * br0 * br0 default vlan1

Everything to 192.168.0.n goes to the WAN port (vlan1), which provides a route to the gateway specified as a default address. The two subnets, yours at 192.168.50.n and the neighbor's at

192.168.50.n are routed to the bridge and thus to both wireless and LAN ports. (Which also means you can actually use the same IP address range on your LAN or for a wireless client... *if* you want the neighbor to have access to that particular host.)

And the default sends everything else to the WAN port.

In WRT54G #2 you want a route table that looks like this

Destination Gateway Netmask Device * br0 * br0 * vlan1 default br0

This also sends everything to 192.168.0.n to the LAN/Wireless ports. If you wanted, that could be just a host route, which would be * br0

and then *only* that one address would have a route.

It also sends everything for the neighbor's subnet,, to the LAN/Wireless ports. Then there is the catch all which sends *all other* 192.168.n.n traffic to the vlan1 device (which is a dead end with nothing attached). That effectively filters out all traffic directed at your LAN subnet.

And finally there is a default, which sends everything else to the LAN/Wireless ports (and thus to WRT54G #1).

Caveat: I haven't tried it all. I did try the routing as described for WRT54G #2 and am positive that part will work.

I also don't know just how you can set routes like that via the web interface. I found it very frustrating to deal with, and simply gave up and went to using a command line interface by accessing the router via telnet.

If you choose to telnet into the WRT54GS, I have no experience with the Sveasoft Alchemy firmware, but it is no doubt very similar to their Satori firmware for what you'll need to do. I can give you a /tmp/.rc_startup file that will,

initialize /etc/hosts, /etc/resolv.conf, /tmp/.profile and a /tmp/routes file that contains routing commands.

Execute the /tmp/routes file, to set routing.

Set a hostname for the router

Set the timezone and the hardware clock

Start syslogd

The /tmp/.profile root shell profile contains the following,

Sets a color prompt that shows the host name of the router, the user name, and the current directory.

Defines a function to save /etc/hosts, /etc/resolv.conf, /etc/.profile, /tmp/routes, and /tmp/.rc_startup files to nvram, allowing configuration to survive a reboot.

Defines a function to restore /etc/hosts, /etc/resolv.conf, /etc/.profile, /tmp/routes, and /tmp/.rc_startup files from nvram. Hence you can try things, and with one command reset to the boot time configuration.

Defines aliases for ls and ll, variations of /bin/ls.

Defines a "help" command alias for the _wl_ program, which will page the help output of wl for easier reading.

Defines a command alias to repeat, every 10 seconds, the signal strength from any of a list of MAC addresses for wireless clients.

Reply to
Floyd L. Davidson
Loading thread data ...


Thanks to Floyd and Jeff for the tips and comments on hiding my own intranet when sharing my internet connection to a couple of neighbours w/o giving them access to my intranet.

I finally solved the problem by purchasing another WRT54G router which I connected in series with the first one. Now I have:

ADSL modem | wired to Internet router WRT54GS (alchemy fw) WAN LOCAL -> wirelessly to neighbours | wired to Intranet router WRT54GS (linksys fw) WAN LOCAL - wireless to my own notebooks | wired to Intranet switch

Neighbour: WRT54GS (alchemy fw)

I have read Jeff's tip to read Justin's guide to setting up WDS towards the neighbour on these devices. I spent a few hours trying different possibilities w/o success.

But my first surprise with my double router setup was that I could access my intranet fileshares when connecting wirelessly to the Internet WRT. Isn't the Intranet WRT supposed to block all traffic from its WAM port's

192.168.10 net? Why could I access the 192.168.50 net from the 192.168.10 net?

Secondly, if I don't misunderstand, WDS would enable the neighbour to use his own WRT as a wireless 'access' point in his house in addition to ensure the wireless connection to my Internet WRT. That would be neat, but first I prefer to have his WRT connect wirelessly to my Internet WRT and *wire* his computers to his WRT's four LAN ports. Do I need WDS for that scenario too? Should his WRT's wireless mode be 'Client' or what?

Thanks for info on these issues. more to come later ;-)



Reply to
Tor Tveitane

I realized after I posted that, that my drawing *can't* be what you described. You indicated that you were routing traffic from one of the wireless 192.168.n.n subnets to a different

192.168.n.n subnet. That *can't* go from the wireless through the router's WAN port. (Or, I don't know how to configure it so that it will, because that traffic necessarily goes through the Linux kernel routing and IP forwarding in the WRT54G, and that won't forward to a 192.168.n.n address on a different interface. One could re-arrange the bridge to include the WAN port, but not from a web interface.)

I'm fooling with something similar myself. Except I was originally thinking that I wanted to be able to route just exactly 1 client at the "neighbor's" location to my own LAN. That 1 client would of course be *my* laptop.

I've decided that I can't do it automatically, and instead will just have to log into the WRT54G and set up that route whenever I need it, and then remove it. (The WRT54G is essentially an open wireless AP, intended to provide access to the Internet but not to my LAN.)

I'm not really sure if it can be done or not. *I* can't!

But then I'm not willing to spend much time trying either, because the fun part for me is figuring out what I can do via telnet. At one point I did spend some time trying to set routes using the web interface, and frankly it was extremely frustrating.

Wellll... I'm a unix weenie, so xfig is what I'd use. :-) But it hasn't been ported to the WRT54G, so you'll either need different software or a whole 'nother 'puter to run Linux on, eh?

Reply to
Floyd L. Davidson

"Floyd L. Davidson" skrev i melding news: snipped-for-privacy@barrow.com...

Thanks Floyd for a long and interesting answer. I will study it and try to set it up like you suggest and get back with any questions.

I thought that I could solve this by using the WRT's web-browser config as it might be other persons than me being responsible in the future.

But if I understand you correctly I cannot solve my needs w/o configuring the WRTs from the shell.

I will draw a chart of my network topology later (any suggestion of suitable software to do this?).



Reply to
Tor Tveitane

Try dia for a drawing program. Similar to Visio and it's free.

formatting link

Reply to

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.