flat assembler
Message board for the users of flat assembler.

Index > Heap > how to set wifi network cannot connect lan network

Goto page Previous  1, 2
Author
Thread Post new topic Reply to topic
sleepsleep



Joined: 05 Oct 2006
Posts: 8975
Location: ˛                             ⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣Posts: 334455
sleepsleep
3 routers? oh no,,, why? wow,

wlan 192.168.2.1
- traffic IN from 192.168.2.1, record caller, OUT to 192.168.1.254
- traffic IN from 192.168.1.254, check caller, OUT to respective 192.168.2.*

lan 192.168.1.254
- traffic IN from 192.168.2.1, OUT to 192.168.1.1
- traffic IN from 192.168.1.1, OUT to 192.168.2.1

i think i summarize the method, but 3 routers to create such environment is a bit over,
Post 26 Jul 2013, 20:31
View user's profile Send private message Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 17350
Location: In your JS exploiting you and your system
revolution
sleepsleep wrote:
... but 3 routers to create such environment is a bit over,
It is secure, and is both sufficient and necessary. If you want to try to shortcut it with less then you ask for vulnerabilities.
Post 26 Jul 2013, 20:56
View user's profile Send private message Visit poster's website Reply with quote
sleepsleep



Joined: 05 Oct 2006
Posts: 8975
Location: ˛                             ⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣Posts: 334455
sleepsleep
revolution wrote:

It is secure, and is both sufficient and necessary. If you want to try to shortcut it with less then you ask for vulnerabilities.

would you mind if i asking for example regarding security and vulnerabilities?,
cause i dont get it, but i want to understand such idea inside this Y environment from your point of view.
Post 26 Jul 2013, 21:00
View user's profile Send private message Reply with quote
six_L



Joined: 03 Jan 2005
Posts: 6
six_L
set your sw.


Description:
Filesize: 48.66 KB
Viewed: 3269 Time(s)

diagram_1.png


Post 27 Jul 2013, 06:13
View user's profile Send private message Reply with quote
sleepsleep



Joined: 05 Oct 2006
Posts: 8975
Location: ˛                             ⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣Posts: 334455
sleepsleep
ok six_L, let me try read about vlan first, =) thanks.
Post 27 Jul 2013, 06:38
View user's profile Send private message Reply with quote
sleepsleep



Joined: 05 Oct 2006
Posts: 8975
Location: ˛                             ⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣Posts: 334455
sleepsleep
it seems that, a virtual lan could be created using below in /etc/config/network
Code:
config 'interface' 'lan'
    option 'ifname' 'eth0.*'       # where * is a number dedicated for virtual lan
    option 'type' 'bridge'
    option 'proto' 'static'
    option 'ipaddr' '192.168.1.1'
    option 'netmask' '255.255.255.0'
    

i havent try this on my openwrt, still at outside,

this gonna help probably,
http://translate.google.com/translate?sl=auto&tl=en&u=http://rpc.one.pl/index.php/lista-artykulow/34-openwrt/82-dynamiclvlan-w-openwrt-z-wykorzystaniem-hostapd

this is probably what i could try later,
Code:
config 'interface' 'wan'
option 'ifname' 'eth0.1'
option 'proto' 'static'
option 'ipaddr' '192.168.1.254'
option 'netmask' '255 .255.255.0'
option 'gateway' '192.168.1.1'

config 'interface' 'vlan1'
option 'ifname' 'eth0.2'
option 'proto' 'static'
option 'ipaddr' '192.168.2.1'
option 'netmask' '255 .255.255.0'

config 'switch' 'eth0'
option 'enable' '1'
option 'enable_vlan' '1'
option 'reset' '1'

config 'switch_vlan'
option 'vlan' '0'
option 'device' 'eth0'
option 'ports' '0 5t' # i am not sure bout this, since my device only got 1 LAN port

config 'switch_vlan'
option 'vlan' '1'
option 'device' 'eth0'
option 'ports' '1 5t' # not sure bout this too.

config 'zone'
option 'name' 'vlan1'
option 'input' 'ACCEPT'
option 'output' 'ACCEPT'
option 'forward' 'ACCEPT' 


    

something i need to try
Code:
swconfig dev switch0 help # not sure where to get the switch0 stuff yet
    


and we got port based vlan (which i think, maybe not relevant in my situation, since my access point only got 1 LAN port), i assume the port mentioned is mean the NETWORK LAN Port,

need to figure out about the swconfig too,
http://wiki.openwrt.org/doc/techref/swconfig

maybe i miss the secret, how they join into a network, maybe that is defined in iptable or route somehow based on the forward, ACCEPT idea.

gonna try later after back to home,
Post 28 Jul 2013, 16:13
View user's profile Send private message Reply with quote
sleepsleep



Joined: 05 Oct 2006
Posts: 8975
Location: ˛                             ⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣Posts: 334455
sleepsleep
ah, spending some hours, only to figure out, this model doesnt support vlan =(
http://wiki.openwrt.org/toh/start?s[]=vlan#tp-link

i need more ideas on how to control, and join wifi network with lan network,
Post 28 Jul 2013, 20:51
View user's profile Send private message Reply with quote
six_L



Joined: 03 Jan 2005
Posts: 6
six_L
your 16 ports switch is not real switch who can't be configed, it is a Hub.
what is the mode that your ISP has provided.
Post 29 Jul 2013, 01:29
View user's profile Send private message Reply with quote
sleepsleep



Joined: 05 Oct 2006
Posts: 8975
Location: ˛                             ⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣Posts: 334455
sleepsleep
ok, we got good news,

i think, with this model, TP-LINK TL-WA901ND, since no VLAN support, idk how to determine this support since VLAN is support like inside linux kernel, but i tried vconfig too, no luck,

then i change my goal a little bit, but still maintain the first objective,
1. no access to shares on windows pc from wifi
2. wifi devices able to access internet,

but to make it 2 subnet, i guess, maybe it is kinda out of reach somehow, (i doubt this, but i hardly figure out how, damn it)

i use the following to block wifi from access win pc shares, kinda tedious, coz i need to key in the rules 1 by 1 inside /etc/config/firewall

Code:
config rule
   option src lan
   option proto tcp
   option dest 192.168.1.* # ip number to block
   option target DROP
    


another thing i am still trying to figure out is, how to direct connected user first http request to a page, like welcome page sort of,
Post 29 Jul 2013, 01:48
View user's profile Send private message Reply with quote
sleepsleep



Joined: 05 Oct 2006
Posts: 8975
Location: ˛                             ⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣Posts: 334455
sleepsleep
six_L wrote:
your 16 ports switch is not real switch who can't be configed, it is a Hub.
what is the mode that your ISP has provided.


i guess i learn something, a hub and a switch, they are really different,

mode?
it is a 4G wireless connection,
i got dynamic ip, netmask, gateway through dhcp,

i dont think it is pppoe or ppp or anything, coz 4g is like a new technology probably, idk much, but i saw sip account configured inside this 4g router, and i got 200 minutes free call per month bundled.
Post 29 Jul 2013, 01:50
View user's profile Send private message Reply with quote
sleepsleep



Joined: 05 Oct 2006
Posts: 8975
Location: ˛                             ⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣Posts: 334455
sleepsleep
no luck with splash page,
maybe i need to learn coding mips using fasm, run a simple webserver output welcome to bla bla bla when they first connected,

MIPS with fasm, next task to learn, but will send this AP to my customer first so that they could enjoy the free wireless internet connection =)
Post 29 Jul 2013, 02:26
View user's profile Send private message Reply with quote
six_L



Joined: 03 Jan 2005
Posts: 6
six_L
Quote:
then i change my goal a little bit, but still maintain the first objective,
1. no access to shares on windows pc from wifi
2. wifi devices able to access internet,

try this.


Description:
Filesize: 35.4 KB
Viewed: 3190 Time(s)

diagram_2.png


Post 29 Jul 2013, 03:26
View user's profile Send private message Reply with quote
sleepsleep



Joined: 05 Oct 2006
Posts: 8975
Location: ˛                             ⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣Posts: 334455
sleepsleep
thanks, basically, my setup resemble ur picture, =)
Post 29 Jul 2013, 06:16
View user's profile Send private message Reply with quote
six_L



Joined: 03 Jan 2005
Posts: 6
six_L
here is a simple httpserver who you can test. the source codes are masm32 style.
if your webserver can be accessed from everwhere, you need to get a public ip address from your provided ISP. apply a dns Name for the ip.


Description:
Download
Filename: HttpServer_Masm32.zip
Filesize: 97.61 KB
Downloaded: 55 Time(s)

Post 29 Jul 2013, 06:51
View user's profile Send private message Reply with quote
sleepsleep



Joined: 05 Oct 2006
Posts: 8975
Location: ˛                             ⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣Posts: 334455
sleepsleep
funny thing happened,
i tried at home using the same access point, and i could see ping and windows shares got blocked,
but now at customer place, i still could ping and access windows shares, damn it,

i use windows xp @ home, now using windows 8 @ customer place, funny weird,
the firewall rules doesnt seems to work,
Post 29 Jul 2013, 11:44
View user's profile Send private message Reply with quote
sleepsleep



Joined: 05 Oct 2006
Posts: 8975
Location: ˛                             ⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣Posts: 334455
sleepsleep
hi friends,
i trying and test for nearly 4 hours to get this working, since i am at customer place already,

and luckily, with help from openwrt forum, i figured out this magic,
https://forum.openwrt.org/viewtopic.php?id=45516

the trick is to use the bridge name instead of device name
Code:
root@sleepsleep:~# brctl show
bridge name     bridge id               STP enabled     interfaces
br-lan          7fff.a0f3c15fe8d6       no              eth0
                                                        wlan0
    


fill this in /etc/firewall.user (so that after reboot, ur rules will be inserted into iptables
Code:
iptables -A FORWARD -p all -d 192.168.1.100 -o br-lan -j REJECT
    


i opkg install the following (not sure if they are related or not at this moment, but i will try it on another same AP since i need to deploy such thing in about 6 more places)
Code:
opkg install iptables-mod-extra
opkg install ebtables
    


i will try the default factory, most minimum and test it in this week,

cost me nearly 4 to 5 days to hit objective! wow.
Post 29 Jul 2013, 14:34
View user's profile Send private message Reply with quote
Display posts from previous:
Post new topic Reply to topic

Jump to:  
Goto page Previous  1, 2

< Last Thread | Next Thread >
Forum Rules:
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Copyright © 1999-2020, Tomasz Grysztar. Also on YouTube, Twitter.

Website powered by rwasa.