Dual SSID Network Isolation (Guest or similar SSID), issues!

1 post / 0 new
fkahhaleh
fkahhaleh's picture
Dual SSID Network Isolation (Guest or similar SSID), issues!

Hi All,

I am running Kong's latest and greatest "DD-WRT v3.0-r40270M kongac (07/11/19)"

The short story is I have a couple of IoT devices, and I want them to live and play on their own SSID, without accessing my LAN.
(I just don't like uninivted guets, but I also like to have some technology lol)

I've setup a 'Guest SSID' as per latest notes for Kong's builds:

1- Created a Virtual Interface
2- Set it up as unbridged
  a- NAT enabled (for internet) 
  b- Net Isolation (to restrict LAN access)
3- setup IP subnet different than LAN's.
4- Went and added a new DHCP, hooked it to w1.1 interface and assigned proper ragne/count for DHCP.

my phone and IoT devices connect fine, however testing from my phone, I can still access for example my LAN's printer web page. (although router's IP/webpage is not accessible)

So clearly the net isolation feature is not working. What's interesting is the amount of threads about it given the large number of versions and improvements along the
way, you see lots of "do these IPTable rules" and it would work. Well I am not an IPTables expert, but some of them just seem to mimic what would say the NAT or
NET Isolation option does, so I am sure in the backend, those are being added implicity.

Does anyone know how to set this up correctly once and for all? is it a known bug?
I won't mind going full CMD and old school on it, just want to make sure I minimize screwing things up as I have lots of things configured and would rather
not erase the nvram these coming days :).

Last but not least, thanks to all the devs (KONG and whoever helps and works on this) as over the years I've seen DD-WRT mature, grow and I can't think
how much effort is put into it especially I am a develope rmyself.

 

Thanks

F.K.