WIth Kong's firmware, or straight DDWRT, is it possible to have client isolation (no LAN access) while still allowing Internet access? In AP mode, not router mode?
Rehabilitation, underground utilities, sewer installation and repair
American Sewer and Utilities has consistently demonstrated excellence in the design and construction of a myriad of projects encompassing underground utilities, site development, leach fields, pump stations, landscaping, sanitary sewer, and municipal & residential rehabilitation. Our distinguished team comprises seasoned professionals and skilled artisans, dedicated to providing superior construction consultation and management servicesRecent comments
- After the initial Kong Mod 11 months 3 weeks ago
- Working the EXACT same 11 months 3 weeks ago
- While the "5 Easy Steps" 1 year 1 day ago
- R8000P would be grate to see. 1 year 2 days ago
- Have a R8000 but ordered a 1 year 2 days ago
Well normally this does not work, as in ap mode you are using lan to connect to the internet thus you cannot block lan and have internet. This only works, by using vlans, which can be done, but requires also another router that will provide wan and you will have to create custom commands in order to route and block traffic from guest vlan.
Try playing with these commands
Deny access to a specific Subnet
iptables -I FORWARD -s 192.168.2.0/255.255.255.0 -j DROP
change the IP to your own
also
Deny access to a specific IP address range with Logging
iptables -I FORWARD -m iprange --src-range 192.168.1.10-192.168.1.13 -j logdrop
you can deny access to the range and exclude the gatway.
I got played around with these commands and got all clients to access the internet but not each other. You can also blcok all and then try opening just hte gatway port.
It may take some tweaking to suite your network.
commands taken form
http://www.dd-wrt.com/wiki/index.php/Iptables_command#Allow_HTTP_traffic...