guest wlan on

12 posts / 0 new
Last post
rouboxyl's picture
guest wlan on

Using kong mod 23195 (Firmware: DD-WRT v24-sp2 (04/24/13) stdkong)

When seting up a guest network on the router It does not work. The clients when loging in dont recieve a ip address. Its like the multiple dhcp server wont work for the interface.


Tested it on an older version of dwrt and worked flawesly when the client switches from one wlan to another its ip address changes inmediately.


Can confirm it ?


fastfwd's picture
Are you using dnsmasq as your

Are you using dnsmasq as your DHCP server?

rouboxyl's picture
Thanks for the quick response

Thanks for the quick response.

I Played with the settings and upgraded to the recently updated r21661.
Now it gives a valid ip address to the connected decive of the guest network. however, the device is not able to use internet.
ping to google reveals it knows the ip, but can not access it.
¿Any Ideas?
Here are listed the relevant settings

Use DNSMasq for DHCP YES
Use DNSMasq for DNS NO
DHCP-Authoritative YES

DNSMasq Enable
Local DNS Disable
No DNS Rebind Disable


rouboxyl's picture
So after days of trying I can

So after days of trying I can not make devices connected to the guest network access the internet.

¿any ideas?

rocky13's picture
In "wireless page" under

In "wireless page" under virtual interfaces, is "network Configuration" set to bridge? and what do you have in your firewall?.  I am using DD-WRT v24-sp2 (05/18/13) big - build 21625 on a ASUS RTN66U & R6300, both are working flawlessly.

rouboxyl's picture
Yes it is set to bridge,

Yes it is set to bridge, which is the default setting.
In security setion firewall protection settings are as follows:
SPI Firewall enable
all aditional filters are disabled

Block wan requests
all ticked except for "Filter WAN NAT Redirection"

Impede WAN DoS/Bruteforce
All unticked

¿any clue?

The router is a netgear 3500 V1
with r21661 MiniDLNA

rocky13's picture
In your rc_firewall, you

In your rc_firewall, you should have this line added to it.

iptables -t nat -I POSTROUTING -o `get_wanface` -j SNAT --to `nvram get wan_ipaddr`

I had to add it to make my guest wireless to work, before it would give me a dhcp ip but would not give me access to internet. Now it does .

rouboxyl's picture
rocky13, thanks for your

rocky13, thanks for your response. That solution of yours seems like an out of standard gui solution for a standard and out of the box feature.

¿where do I add that line?
¿Do I need a special program to edit the router files?


rocky13's picture
You can telnet into your

You can telnet into your router then in the CLI you can just copy paste that line and see if you can access the internet. Do not reboot your router after you enter the command. If that works then you can enter it permantely by accessing router GUI

You would need to go to "administration" > "commands" and in the command shell enter that line again and press "save firewall" at the bottom of page, the router will most likely reboot itself so wait a couple of minutes. Let me know if that works.

rouboxyl's picture
Yes indeed It did work.

Yes indeed It did work. thanks. so, ¿is it safe to let this working like this?

but why this workaround? shuldnt it be working after doing the well documented procedure to create a virtual lan and a bridge?

Thanks for your solution to get this working.

rocky13's picture
It's a bug in he builds after

It's a bug in he builds after 1700 build release, you always need this line to make it work. Yes it's safe, I always had it in my firewall, no issue's and it doesn't conflict with anything, I have a lot of commands in my firewall to restrict access with vlans etc.. and never had a issue. Glad to hear it works.

rouboxyl's picture
Ok, thanks and now its

Ok, thanks and now its documented here too, searching I found references to this bug, but your solution was cristal clear and straigtforward, In the command line and instruction on how to do it. Perfect execution.

Hope this helps other too.

Thanks again.