Created
January 23, 2022 12:56
-
-
Save tienthanh2509/d26bc727c05eef2d6d4573cb1d981010 to your computer and use it in GitHub Desktop.
Isolated guest network setup for Padavan firmware
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# DHCP Setting | |
# LAN > DHCP Server > Custom Configuration File "dnsmasq.conf" | |
interface=br-guest | |
listen-address=192.168.3.1 | |
dhcp-range=set:guest,192.168.3.100,192.168.3.200,255.255.255.0,1h | |
# Router address | |
dhcp-option=tag:guest,3,192.168.3.1 | |
# DNS V4 | |
dhcp-option=tag:guest,6,8.8.8.8,8.8.4.4 | |
# Domain | |
dhcp-option=tag:guest,15,guest.lan | |
# Detach guest wifi interface to isolated network | |
# Customization > Scripts > Run After Router Started | |
brctl addbr br-guest | |
brctl delif br0 ra1 | |
brctl addif br-guest ra1 | |
ifconfig br-guest up | |
ifconfig br-guest 192.168.3.1 | |
# Allow guest network access internet | |
# Customization > Scripts > Run After WAN Up/Down Events | |
if [ "$1" = "up" ]; then | |
iptables -t nat -A POSTROUTING -s 192.168.3.0/24 -o $2 -j SNAT --to-source $3 | |
else | |
iptables -t nat -D POSTROUTING -s 192.168.3.0/24 -o $2 -j SNAT --to-source $3 | |
fi | |
# Allow guest network request IP address & common rule for guest network | |
# Customization > Scripts > Run After Firewall Rules Restarted | |
iptables -A FORWARD -i br-guest -o ppp0 -j ACCEPT | |
iptables -A FORWARD -i br-guest -o br-guest -j ACCEPT | |
iptables -A INPUT -i br-guest -p udp --dport 67:68 --sport 67:68 -j ACCEPT |
# Allow guest network request IP address & common rule for guest network
# Customization > Scripts > Run After Firewall Rules Restarted
iptables -A FORWARD -i br-guest -o ppp0 -j ACCEPT
iptables -A FORWARD -i br-guest -o br-guest -j ACCEPT
iptables -A INPUT -i br-guest -p udp --dport 67:68 --sport 67:68 -j ACCEPT
iptables -A POSTROUTING -s 192.168.3.0/24 -d 192.168.3.0/24 -o br-guest -j SNAT --to-source 192.168.3.1
ip_wan=$(iptables -t nat -S | grep '192.168.2.0/24 -o ppp0' | awk '{print $10}')
iptables -t nat -A POSTROUTING -s 192.168.3.0/24 -o ppp0 -j SNAT --to-source $ip_wan
Update for WAN PPPoE
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
ra1
is wifi guest networkbr-guest
isolated bridge for guest network