Calling all network guru's

[Athlon2K15]

ok this is my network configuration. Red indicates a wired connection while green denotes wireless. The orange connection you see is because this is what i want to add but there are consequences. I want to add a wireless access point for our wii so i can stream video to it for late night enjoyment my problem is i dont want to have to secure the wireless but instead remove internet access from it so that it only connects to a local network without access to the web. can this be done?

 

[digibucc]

yeah that can be done, depending on the router's software. it can route internally but have no gateway or wan connection, and therefore no internet.

 

[Athlon2K15]

its running DDWRT v24 sp2

 

[Mindweaver]

I run the same firmware on a few devices. In DDWRT's Control Panel go to Network Setup/Router IP then set the Local DNS to 127.0.0.1. If i were you I would setup Wireless MAC Filter. Collect all the Mac address of each device on your network and only give access to those MAC's. Buy or get any new devices just add them to your "Edit MAC Filter List".

 

[digibucc]

it's the firewall settings you want to mess with. i had thought it'd be easier, but my idea was to just screw up the dns settings(like MW recommends) - problem with that is it is insecure, won't necessarily work and has some easy workarounds ready (type in the ip for example)

i'd recommend using the firewall settings. i think your best bet will be to just block the ports on your switch for that plug, so that nothing for the internet can get through it, otherwise to get it working in the network yet unable to get online would be a bit of a pain. you could also set the firewall on your wireless router, though i looked through mine and must have it uninstalled as i don't see it's settings tab in ddwrt

 

[Athlon2K15]

adding this router has become more of a challenge than i thought. how exactly do i configure it so that i can access network resources.i was able to get the internet to work on it but thats all i have figured out

 

[Solaris17]

i thought you didnt want internet on the wii? or do you so that it can stream from the net?

 

[ChristTheGreat]

adding this router has become more of a challenge than i thought. how exactly do i configure it so that i can access network resources.i was able to get the internet to work on it but thats all i have figured out

Not so sure of what ya want to do but:

-Who is in charge of DHCP, the modem? if so, wireless access point DHCP must be disable or you need to set 2 different range of DHCP.

-They must be in the same Subnet (instead you need specified hardware), but you don't want to do it.

-If you have a DHCP table, set a static IP for the Wii mac address, and if you don't want the internet, just remove the gateway or DNS (but removing DNS, I don't think ya'll be able to access Something with the name, only IP address (from the Wii)). Having no gateway, you will only be able to connect to the local network.

-You don't want to secure Wireless? well except by Hidding the SSID... and if you use an easy name, this isn't secure anyway (sorry, I am way too much secure haha)

 

[Zen_]

It's hard to tell what your addressing scheme is by the picture. Is the modem a combo device (let's just call it a SOHO device) that also has a DHCP service for your PC's and NAS? If so, I think the problem here is you have the wireless router also running a DHCP service, which in effect means you have two networks.

Scenario 1 - If the above is the case you need to switch the wireless router DHCP Type from "server" to "forward" under basic settings in DD-WRT, and put the address for the SOHO device in. This will forward DHCP packets from host using the wireless router as a gateway to the SOHO device.

Scenario 2 - If your modem is just a modem, and you have no internal addressing right now (besides the wireless router). First of all, this is really, really bad for security! Move your wireless router in front of the switch and have it function as the default gateway for the entire network. For the wireless connection, go to the wireless tab in DD-WRT, and the MAC filter sub-tab. Enter the MAC address for the Wii and it will be the only host that is permitted to use the wireless. Unfortunately the DD-WRT firewall and access restriction settings are not advanced enough to craft a policy that would only block internet and / our outbound WAN traffic from the wireless, at least to my knowledge.

 

[Hybrid_theory]

It's hard to tell what your addressing scheme is by the picture. Is the modem a combo device (let's just call it a SOHO device) that also has a DHCP service for your PC's and NAS? If so, I think the problem here is you have the wireless router also running a DHCP service, which in effect means you have two networks.

Scenario 1 - If the above is the case you need to switch the wireless router DHCP Type from "server" to "forward" under basic settings in DD-WRT, and put the address for the SOHO device in. This will forward DHCP packets from host using the wireless router as a gateway to the SOHO device.

Scenario 2 - If your modem is just a modem, and you have no internal addressing right now (besides the wireless router). First of all, this is really, really bad for security! Move your wireless router in front of the switch and have it function as the default gateway for the entire network. For the wireless connection, go to the wireless tab in DD-WRT, and the MAC filter sub-tab. Enter the MAC address for the Wii and it will be the only host that is permitted to use the wireless. Unfortunately the DD-WRT firewall and access restriction settings are not advanced enough to craft a policy that would only block internet and / our outbound WAN traffic from the wireless, at least to my knowledge.

There's nothing wrong with having external addresses on devices on your network. Having a private address is no more secure than having an external one. The important thing is to have a firewall in between blocking incoming ports. Any event it's likely he does have internal addressing, as not many people will lease multiple addresses for home.

Theres another option as well, you can have both devices doing DHCP on the same network. Hookup the wireless G router to your switch via one of the switch ports on the back instead of the WAN port. This will bypass any NATing. Make sure the router has a management address in the same range of the rest of the network. Now on your modem, set DHCP for addresses .10-.100. The wireless router can do .101 - .200. As long as they dont overlap, they can both do DHCP. I have this on my network as my iPhone wont connect to my N router. So i have my old G router hooked up for it.

Otherwise yeah just delete default routes. Or you can even create an IP tables rule to block it, but that shouldn't be required.

 

[Easy Rhino]

lol i solved this in 2 seconds.

 

[Athlon2K15]

So i put the router in front of the switch,more for a firewall device and everything seems to work flawlessly. thanks to everyone that helped

 

[brandonwh64]

Most ISP's only give you one IP reservation at a time. This means you would need the router right behind the modem so it can handle the IP and DHCP pool for other devices on the network.

Here is my opinion on what you should do with your private network. This would clean it up alot and you would have more control.