1. Welcome to TechPowerUp Forums, Guest! Please check out our forum guidelines for info related to our community.

Calling all network guru's

Discussion in 'Networking & Security' started by AthlonX2, Feb 20, 2012.

  1. AthlonX2

    AthlonX2 HyperVtX™

    Joined:
    Sep 27, 2006
    Messages:
    7,135 (2.49/day)
    Thanks Received:
    1,642
    ok this is my network configuration. Red indicates a wired connection while green denotes wireless. The orange connection you see is because this is what i want to add but there are consequences. I want to add a wireless access point for our wii so i can stream video to it for late night enjoyment:) my problem is i dont want to have to secure the wireless but instead remove internet access from it so that it only connects to a local network without access to the web. can this be done?

    [​IMG]
  2. digibucc

    digibucc

    Joined:
    May 21, 2009
    Messages:
    4,873 (2.58/day)
    Thanks Received:
    1,470
    yeah that can be done, depending on the router's software. it can route internally but have no gateway or wan connection, and therefore no internet.
  3. AthlonX2

    AthlonX2 HyperVtX™

    Joined:
    Sep 27, 2006
    Messages:
    7,135 (2.49/day)
    Thanks Received:
    1,642
    its running DDWRT v24 sp2
  4. Mindweaver

    Mindweaver Moderato®™ Staff Member

    Joined:
    Apr 16, 2009
    Messages:
    5,143 (2.67/day)
    Thanks Received:
    2,650
    Location:
    Statesville, NC
    I run the same firmware on a few devices. In DDWRT's Control Panel go to Network Setup/Router IP then set the Local DNS to 127.0.0.1. If i were you I would setup Wireless MAC Filter. Collect all the Mac address of each device on your network and only give access to those MAC's. Buy or get any new devices just add them to your "Edit MAC Filter List".
    Crunching for Team TPU
  5. digibucc

    digibucc

    Joined:
    May 21, 2009
    Messages:
    4,873 (2.58/day)
    Thanks Received:
    1,470
    it's the firewall settings you want to mess with. i had thought it'd be easier, but my idea was to just screw up the dns settings(like MW recommends) - problem with that is it is insecure, won't necessarily work and has some easy workarounds ready (type in the ip for example)

    i'd recommend using the firewall settings. i think your best bet will be to just block the ports on your switch for that plug, so that nothing for the internet can get through it, otherwise to get it working in the network yet unable to get online would be a bit of a pain. you could also set the firewall on your wireless router, though i looked through mine and must have it uninstalled as i don't see it's settings tab in ddwrt
  6. AthlonX2

    AthlonX2 HyperVtX™

    Joined:
    Sep 27, 2006
    Messages:
    7,135 (2.49/day)
    Thanks Received:
    1,642
    adding this router has become more of a challenge than i thought. how exactly do i configure it so that i can access network resources.i was able to get the internet to work on it but thats all i have figured out
  7. Solaris17

    Solaris17 Creator Solaris Utility DVD

    Joined:
    Aug 16, 2005
    Messages:
    17,070 (5.23/day)
    Thanks Received:
    3,505
    Location:
    Florida
    i thought you didnt want internet on the wii? or do you so that it can stream from the net?
  8. ChristTheGreat

    ChristTheGreat

    Joined:
    Jun 29, 2007
    Messages:
    913 (0.35/day)
    Thanks Received:
    360

    Not so sure of what ya want to do but:

    -Who is in charge of DHCP, the modem? if so, wireless access point DHCP must be disable or you need to set 2 different range of DHCP.

    -They must be in the same Subnet (instead you need specified hardware), but you don't want to do it.

    -If you have a DHCP table, set a static IP for the Wii mac address, and if you don't want the internet, just remove the gateway or DNS (but removing DNS, I don't think ya'll be able to access Something with the name, only IP address (from the Wii)). Having no gateway, you will only be able to connect to the local network.

    -You don't want to secure Wireless? well except by Hidding the SSID... and if you use an easy name, this isn't secure anyway (sorry, I am way too much secure haha)
    Crunching for Team TPU
  9. Zen_

    Zen_

    Joined:
    Apr 18, 2010
    Messages:
    493 (0.32/day)
    Thanks Received:
    112
    It's hard to tell what your addressing scheme is by the picture. Is the modem a combo device (let's just call it a SOHO device) that also has a DHCP service for your PC's and NAS? If so, I think the problem here is you have the wireless router also running a DHCP service, which in effect means you have two networks.

    Scenario 1 - If the above is the case you need to switch the wireless router DHCP Type from "server" to "forward" under basic settings in DD-WRT, and put the address for the SOHO device in. This will forward DHCP packets from host using the wireless router as a gateway to the SOHO device.

    Scenario 2 - If your modem is just a modem, and you have no internal addressing right now (besides the wireless router). First of all, this is really, really bad for security! Move your wireless router in front of the switch and have it function as the default gateway for the entire network. For the wireless connection, go to the wireless tab in DD-WRT, and the MAC filter sub-tab. Enter the MAC address for the Wii and it will be the only host that is permitted to use the wireless. Unfortunately the DD-WRT firewall and access restriction settings are not advanced enough to craft a policy that would only block internet and / our outbound WAN traffic from the wireless, at least to my knowledge.
  10. Hybrid_theory

    Hybrid_theory New Member

    Joined:
    Mar 31, 2007
    Messages:
    1,895 (0.71/day)
    Thanks Received:
    163
    Location:
    ontario canada
    There's nothing wrong with having external addresses on devices on your network. Having a private address is no more secure than having an external one. The important thing is to have a firewall in between blocking incoming ports. Any event it's likely he does have internal addressing, as not many people will lease multiple addresses for home.

    Theres another option as well, you can have both devices doing DHCP on the same network. Hookup the wireless G router to your switch via one of the switch ports on the back instead of the WAN port. This will bypass any NATing. Make sure the router has a management address in the same range of the rest of the network. Now on your modem, set DHCP for addresses .10-.100. The wireless router can do .101 - .200. As long as they dont overlap, they can both do DHCP. I have this on my network as my iPhone wont connect to my N router. So i have my old G router hooked up for it.

    Otherwise yeah just delete default routes. Or you can even create an IP tables rule to block it, but that shouldn't be required.
  11. Easy Rhino

    Easy Rhino Linux Advocate

    Joined:
    Nov 13, 2006
    Messages:
    13,390 (4.76/day)
    Thanks Received:
    3,223
    lol i solved this in 2 seconds.
  12. AthlonX2

    AthlonX2 HyperVtX™

    Joined:
    Sep 27, 2006
    Messages:
    7,135 (2.49/day)
    Thanks Received:
    1,642
    So i put the router in front of the switch,more for a firewall device and everything seems to work flawlessly. thanks to everyone that helped
  13. brandonwh64

    brandonwh64 Addicted to Bacon and StarCrunches!!!

    Joined:
    Sep 6, 2009
    Messages:
    18,447 (10.34/day)
    Thanks Received:
    5,997
    Location:
    Chatsworth, GA
    Most ISP's only give you one IP reservation at a time. This means you would need the router right behind the modem so it can handle the IP and DHCP pool for other devices on the network.

    Here is my opinion on what you should do with your private network. This would clean it up alot and you would have more control.

    [​IMG]
    Crunching for Team TPU

Currently Active Users Viewing This Thread: 1 (0 members and 1 guest)

Share This Page