vdub12
New Member
- Reaction score
- 2
Im sure this is easy for many of you guys but for those that have a hard time with it I have a good tip.
I wanted an isolated vlan that I could use on my bench to keep infected computers away from my network. To do this I used a second wrt54G router thinking that by giving it a different subnet it would isolate the network. Well I was wrong. It isolated the bench from my main network but did not isolate my main network from the bench. I already had a switch on my bench and my workstation had to stay on the main vlan so I just up-linked the new router to the switch on my bench making the gateway in the new router my main network. Because of this I could ping my entire network from my bench. Kind of defeated the purpose of the new vlan.
I found an easy fix.
Both routers are running ddwrt but only the new router required tweaking. Go to administration and click on the commands tab. In the text box enter these two lines and click the button save firewall.
iptables -I FORWARD -s 192.168.0.0/255.255.255.0 -j DROP
iptables -I FORWARD -s 192.168.0.1 -j ACCEPT
Make sure you modify the addresses to match your main network. What this does is first blocks all access to the main network and second allows access to the gateway. If you don't add the second line you will not have Internet access.
I then added a second network card to my bench computer (running Linux so I am not worried about it) and added it to the second vlan. I need access to my bench computer for saving images and other file server stuff.
I am sure theres a better way to do it but this worked.
I found tons of how to on line and they where all supper complicated and I found this to be a much quicker and easier fix.
I wanted an isolated vlan that I could use on my bench to keep infected computers away from my network. To do this I used a second wrt54G router thinking that by giving it a different subnet it would isolate the network. Well I was wrong. It isolated the bench from my main network but did not isolate my main network from the bench. I already had a switch on my bench and my workstation had to stay on the main vlan so I just up-linked the new router to the switch on my bench making the gateway in the new router my main network. Because of this I could ping my entire network from my bench. Kind of defeated the purpose of the new vlan.
I found an easy fix.
Both routers are running ddwrt but only the new router required tweaking. Go to administration and click on the commands tab. In the text box enter these two lines and click the button save firewall.
iptables -I FORWARD -s 192.168.0.0/255.255.255.0 -j DROP
iptables -I FORWARD -s 192.168.0.1 -j ACCEPT
Make sure you modify the addresses to match your main network. What this does is first blocks all access to the main network and second allows access to the gateway. If you don't add the second line you will not have Internet access.
I then added a second network card to my bench computer (running Linux so I am not worried about it) and added it to the second vlan. I need access to my bench computer for saving images and other file server stuff.
I am sure theres a better way to do it but this worked.
I found tons of how to on line and they where all supper complicated and I found this to be a much quicker and easier fix.
Last edited:
