Mar 22 2011

Multiple LAN subnets/VLAN (WRT54GL – Tomato firmware)

Router Setup

Access the router through ssh or telnet. On Windows you can use Putty. On unix you can use the Terminal.

In the router console, type the following command:

nvram show | grep vlan.ports

 

If you get the following output you are ready to proceed:

 

vlan0ports=3 2 1 0 5*

vlan1ports=4 5

 

*Note:  Logical Port 5 is the cpu, and should be included in every vlan.  Logical Port 4 is your wlan.  You can choose to configure your ports differently.

Here’s a map of the physical ports to their logical (cli) assignment:

 

Physical port : Logical port

1 : 3

2 : 2

3 : 1

4 : 0

 

Example uses port-4 and port-3 as the new vlan (vlan2):

 

 

nvram set vlan0ports=”3 2 5*”

nvram set vlan2hwname=et0

nvram set vlan2ports=”1 0 5″

nvram set manual_boot_nv=1

nvram commit

 

 

Following this, you just need to add a few bits to the Administration>Scripts>Init area of the Tomato GUI.

 

 

sleep 10; ifconfig vlan2 10.225.20.1 netmask 255.255.255.0 up;

 

 

To setup firewall rules, we add the following to the Administration>Scripts>Firewall section of the Tomato GUI:

  

 

iptables -I INPUT -i vlan2 -j ACCEPT;

iptables -I FORWARD -i vlan2 -o vlan1 -m state –state NEW -j ACCEPT;

iptables -I FORWARD -i vlan2 -o ppp0 -m state –state NEW -j ACCEPT;

iptables -I FORWARD -i br0 -o vlan2 -j DROP;

 

This restricts traffic from port 4 of the device (vlan2) to all other ports of the lan (access to WAN only from port 4).

Next go to Advanced -> DHCP / DNS and add this at Dnsmasq custom configuration:

 

interface=vlan2

dhcp-range=net:vlan2,10.225.20.200,10.225.20.249,255.255.255.0,1440m

dhcp-option=vlan2,3,10.225.20.1

dhcp-option=vlan2,6,10.225.20.1

  

Reboot… Done!

Leave a Reply

Your email address will not be published.