I have an integrated board with an atheros5213a I want to setup 2 seperate wireless networks one for me and one for clients. I have setup already ether1 with ip on my lan 192.168.3.11/24 and wlan1 with 172.16.0.1/24 I then enable masq for wlan1 and setup dhcp etc and can connect using 40bit wep and get 172.16.0.x ip and connect to the internet through gateway on lan 192.168.3.1 , then I setup virtual ap much higher wep setting and 172.16.1.x network. This works ok but is not what I want. Essentially I want to have a network address fom my lan ie 192.168.3.6x on wlan2 (virtual AP). I read that for this I must have bridging turned on ? correct ? Also If this works how can I stop client using 172.16.0.x ip from accessing anything but specific ip on my lan , I want them to be able to connect to internet and maybe my asterisk server to be able to call me but nothing else. Is this simply firewall rule ? And if so how with masquerade running ? I hope all of this made sense.