Very useful tutorial. Thanks a lot.

There is a ton of documentation on DDWRT website. Just take a peek at it all and dont rely only on youtube as the quick way to get what you want. Some times the best education is to just sit down and read.

@tangoseal1

Thanks for the info. The above two lines does separate the two networks, but the Guest network can still see the main router interface. Ideally, that shouldn't be allowed either.

Great Tutorial. The GUI has slightly changed a bit since your video however your video is awesome. Thanks!

I am not 100% sure this will not give access to local computers for example but a nice tutorial dude. Thanks.

Thanks for the tutorial. I followed all steps, finally the secure side is prefect, but my laptop cannot get the ip from the public guest network,so I assigned the ip for laptop, still no luck .. anybody can help.. thanks

Thanks for the tutorial. If I wanted to set this up with 2 routers connected with a wire, so that I have 2 regular networks and 2 guest networks, how would I setup the bridging on the second router?

wtf these networks are not seperate.. lol

Hey, I love your video it's very informative. I understand the general principals, but having someone show you where everything is is a godsend. I do have one question however. On the three versions of dd-wrt that I have put on my buffalo router none of them have the drop down for priority. They all have fields to limit to kBits up and kBits down. I don't really want to limit anything to max kBits, I want to prioritize one over the other. Any suggestions?

You should consider mending that issue by adding the following lines to your Administration=>Commands=>Fire­wall script:

iptables -I INPUT -i br1 -m state --state NEW -j DROP

iptables -I INPUT -i br1 -p udp --dport 67 -j ACCEPT

iptables -I INPUT -i br1 -p udp --dport 53 -j ACCEPT

iptables -I INPUT -i br1 -p tcp --dport 53 -j ACCEPT

@leonidiakovlev I'll add this to the description

@leonidiakovlev what are these commands do?

@bbmak0 the first command blocks all the requests from outside free virtual wifi network to your local network. Other three commands allow requests on ports 67 and 53, which are used for... I don't remember what... Try leaving only 1st command.

I totally support eibgrad99's statement, if you follow this tutorial, your neighbour will have full unrestricted access to your 192.168.1.1/24 subnet. So, he/she can freely delete files from your USB LAN drive, for example.

May I know how do you do this on a ddwrt repeater, especially the QoS setting

Be careful. As described, it's NOT secure! And I've see other similar videos w/ the same issue. This merely creates multiple subnets, each assigned to a different interface. But that alone doesn't prevent one interface/subnet from accessing the other! To see for yourself, drop your local firewalls and you’ll find you can ping devices across subnets (not good). To prevent this, you also need to update the router's firewall (using IPTABLES). Visit the dd-wrt forums for details.

@eibgrad99 Just do everything in the video, except make the public one "secure". That's what i did. I created it for one of my neighbors who just lost their 3 month old baby. :( I made it secure.

@stormspotter2011 Then what’s the point of having a separate “public” wifi network? The purpose is to keep it open for internet access, while preventing access to the “private” network. If you secure the “public” wifi network, why bother with a second SSID at all? Just use the existing SSID, esp. if you don’t prevent access across the subnets anyway? It’s pointless. The OP’s config is flawed because it *ASSUMES* access is prevented across the subnets by default, which it is NOT!!!

Great tutorial. I hope you can make more advanced tutorials like this. Something that people never post on youtube yet.

Sign on to your guest network (in my case in the 10.0.0.1 range) and then try to access some service on your "main" network (say, 192.168.1.115). I can still access these ip addresses from the guest network, even though they do not show up in some automated scanning programs. This kind of defeats the security of this method. Could I be doing something wrong?

i found an error in your qos / netmask priority entry. I believe it should be 192.168.1.0/24, not 192.168.1.1/24. Not sure if QoS will not work with .1 but having it entered with the .0/24 will ensure you get the entire class c subnet and QoS will work. Other than that, great tutorial and thank you - this worked great for our home iphone network, where we give the iphones premium qos for skype and other voip apps. works great

is there a way to have 2 separate DNS servers for the guest and secure networks.

Implemented today, worked like a charm, right from dd-wrt install process. This is the most useful tutorial so far for me.Thanks Simon, Appreciate it.

Is it possible to produce an tutorial about security for dd-wrt, vpn, pros & cons, just in the same manner?

Thanks, works perfectly!

Simon,

Wonderful tutorial! I've been searching throughout the web and I'm glad I stumbled upon your video because all those articles have way too much Command and etc settings which is complicated!

I am running into an issue, I followed your instructions to the teeth and and while I am able to connect to my guest network, there is no traffic passing in/out of the Internet from/to it. Help?

@n8236

I take that back. I must have no hit the "Applied" button after activating the guest network, thus it didn't show up as part of the default bridging. I fixed it and verified this to be 100% working as of DD-WRT v24-sp2 (4/9/11) mega build.

@n8236

Update after 4 hours: I'm not sure about anyone else, but when this is setup and the router doesn't reboot, it works. But after a few generic tests where I rebooted, this config won't hold and you won't be able to connect to the Internet.

Great tutorial! Easy to follow, taking full advantage of the GUI (as opposed to most others I saw online) and worked first time for me! Thanks a lot!

can you make a tut of making just a simple network connection(free) with win XP ?

can i flash my dir-600 rev b2 with dd-wrt? from web?

@spectralparanoid Sure.



Thanks very much easy to follow :)

nice tutorial! I am looking to implement something similar to this but I have a second router I want to use for the open network. Any suggestions?