 StevenGPremium join:2003-10-14 Atkinson, NH | How to drop packets from one subnet to another via iptables Hi all,
I've searched the net, high and low, and thought I found the solution, but just can't get it to work (so maybe it wasn't right what I found).
I'm running an Asus RT-N66U router with Shibby Tomato firmware on it (on two revs back). Love the router and the firmware. But what I can't seem to figure out how to do is restrict my guest wifi network from accessing the IP of the router.
For example, my subnet for the guest wifi is in the 10.x.x.x range. My main network is in the 192.168.x.x range. I have sufficiently blocked access from any device on the 10.x subnet to any 192.x device, with the exception of the address of the router itself.
My concern is this...for ease of use, the guest wifi password is only medium strength (easier to tell people what it is). My main wifi pwd is VERY strong. My router password is somewhat easy, since it's behind the firewall and internal. But if you hack the guest wifi, you have a pretty ease router to try to hack the router credentials, at which point you can do whatever you want.
How can I drop all wifi traffic from 10. to ANYTHING in the 192 range? Is that possible, or does it have to see the router since it's still the gateway?
Thanks for any help you can provide. |
 | Pseudocode for this is basically as follows :
from 10.0.0.0/24 to 192.168.0.0/16 deny ALL
So the trick now is to get that into IPTABLES format right? Any luck with googling the equivalent of that? Unfortunately, can't help you with that as I'm not an IPTABLES expert.
Regards |
 StevenGPremium join:2003-10-14 Atkinson, NH | Thanks. I thought that would be the code, but like you, I too can't figure out how to get this inserted into the router into the IPtables. Frustrating! |