[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]

Re: [LUG] routing - cutting off a zone

To: list@xxxxxxxxxxxxx
Subject: Re: [LUG] routing - cutting off a zone
From: Tom <madtom1999@xxxxxxxxxxxxxx>
Date: Thu, 27 Aug 2015 13:05:58 +0100
Delivered-to: dclug@xxxxxxxxxxxxxxxxxxxxx
Dkim-signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=dcglug.org.uk; s=1428397562; h=Sender:Content-Type:Content-Transfer-Encoding:List-Subscribe:List-Help:List-Post:List-Unsubscribe:List-Id:Reply-To:Subject:In-Reply-To:References:To:MIME-Version:Date:Message-ID:From; bh=TDqCAhbPHMER5Ya7rztmFqSUin9guhZUvjFICmbyw+s=; b=Y5ILp9IexCVHXiyQPi6r5x1hux29RC/S0B8JbA88ckOwltwP9DIOCqaE2cOK8mknVc/pWFlCyHP8gNqx/VSzf43Wa22OD9hTAKdx0mL26+srzuccq3P3P2ByUksTfDIUfiyMr5QGOyLmBGygY4yZsP1bBuQol5R0mvsmPn5iE+s=;
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=20120113; h=from:message-id:date:user-agent:mime-version:to:subject:references :in-reply-to:content-type:content-transfer-encoding; bh=WJLJR7/+x18EpBTfNIAkLtRbVPIjTMsw040C0wYGhw0=; b=Mm/zIGWKr+MurIiuyNziy1qDcXEgny1A+sJaoV9flP8QUPPk14Evv+8nx+P9JIKjq+ 2o/GKhUsT6NXIX9aJUj4Ga0R0tJl7We2VsSpcKf5VywA47HNVoleTJgj0eE9VAf3nvkb A+5WnzXB8gzjn7NnEhNNaeRhWxTOl2gDWUCbjZRCjRK+KxY5kDxARKmuPIUIWdgh9YdB WbIfl4s1OEYVSk77FAjdgCM+TFHfuwe3cvnD+h1MOCaLmJZCJ7AuXx2zs6cYWHiIvdbS 72et5PG/lLPOY/41nvwcjB5cjdGWEn5LZUYFL/LRHVI7yqqKYepa/KVg++gR6jgpxwUo JIGQ==

On 27/08/15 10:41, Ben Whorwood wrote:

I would be interested to hear what route (excuse the pun) you decide to
take using a Raspberry Pi.

In the past when trying to achieve similar I have used a setup similar
to this:

http://www.smallnetbuilder.com/lanwan/lanwan-howto/24428-howtotwoprivlan

Essentially you have your main broadband router with then two additional
routers connected to the main broadband router LAN using their WAN
ports; clients then connect to each additional / second layer router.
You'll need to configure the DHCP server on each additional / second
layer router so that the subnets don't clash.

Although additional hardware is required I've found that people
typically have spare broadband routers lying around these days and it
saves having to manage VLANs.

Thanks,
Ben

On 26/08/15 18:57, Tom wrote:

I've managed to get a RaspberryPi to act as a hotspot for my holiday
cottage guests to connect to the internet.
My adsl router is 192.168.2.254 and the guests work from 192.168.10... .
I want to prevent them accessing the 192.168.2 network other than the
router - how can I get this to just sink anthng other than the nat
traffic ...
Tom te tom te tom

It turns out you can drop a range of IP's in the NAT IP table:
iptables -I INPUT -m iprange --src-range 192.168.2.0-192.168.2.253 -j DROP

so I'll have a play with that

I used a couple of web howtoshttps://learn.adafruit.com/setting-up-a-raspberry-pi-as-a-wifi-access-point/overviewbut not for an adafruit onechange wlan0 to wlan1 and eth0 to wlan0 and point it at your router andit seems to work but I'd like to try an hack the living daylights out itfrom the 'guest' side to make sure I don't have to train the family upin security methods!I must confess when I did routing many years ago I always wanted towrite a simple gui for setting up and testing/writing iptables -confuses the buggery out of me still!

Tom te tom te tom

--
The Mailing List for the Devon & Cornwall LUG
http://mailman.dclug.org.uk/listinfo/list
FAQ: http://www.dcglug.org.uk/listfaq

References:
- [LUG] routing - cutting off a zone
  - From: Tom
- Re: [LUG] routing - cutting off a zone
  - From: Ben Whorwood

Prev by Date: Re: [LUG] routing - cutting off a zone
Next by Date: [LUG] Raspberry Pi router
Previous by thread: Re: [LUG] routing - cutting off a zone
Next by thread: [LUG] Persistent net rules
Index(es):
- Date
- Thread