Community discussions

 
Ehman
Member
Member
Topic Author
Posts: 363
Joined: Mon Nov 15, 2010 10:49 pm

client isolation on mesh for clients -need help

Wed Jul 17, 2013 8:50 pm

hello, can someone help me with some firewall rules for my 4 mesh ap's so that I can use client isolation on them all, because I can access the following with option set "disable default forward on the wireless interface"

pc1<--wireless-->mesh ap 1<----WDS---->mesh ap 2<--wireless-->pc2
---boooom I can access pc1 from pc2 and verse visa, but 2 pc's on same ap is blocked :shock:
 
Ehman
Member
Member
Topic Author
Posts: 363
Joined: Mon Nov 15, 2010 10:49 pm

Re: client isolation on mesh for clients -need help

Thu Jul 18, 2013 4:15 pm

Hi folks... is this to difficult to pull off? :?
 
Feklar
Forum Guru
Forum Guru
Posts: 1726
Joined: Tue Dec 01, 2009 11:46 pm

Re: client isolation on mesh for clients -need help

Thu Jul 18, 2013 8:11 pm

Default forward only applies to devices connected to the same radio, so what you are seeing is expected.

Without knowing your configuration, it's a bit hard to tell you how to setup the firewall. Most likely your interfaces are brigged correct? If so, set "use IP firewall" to yes on your birdge settings, and you should be able to block them on the forward chain of the firewall filter.
 
Ehman
Member
Member
Topic Author
Posts: 363
Joined: Mon Nov 15, 2010 10:49 pm

Re: client isolation on mesh for clients -need help

Thu Jul 18, 2013 8:22 pm

Default forward only applies to devices connected to the same radio, so what you are seeing is expected.

Without knowing your configuration, it's a bit hard to tell you how to setup the firewall. Most likely your interfaces are brigged correct? If so, set "use IP firewall" to yes on your birdge settings, and you should be able to block them on the forward chain of the firewall filter.
Your 100% correct, I've done that all, but I'm not sure what IP's to block on the forward rule, or should I just block all local lan ranges and I should be fine?
 
Feklar
Forum Guru
Forum Guru
Posts: 1726
Joined: Tue Dec 01, 2009 11:46 pm

Re: client isolation on mesh for clients -need help

Thu Jul 18, 2013 10:35 pm

Block all src and dst addresses for local ranges except the default gateway for the network. You might need to also allow the broadcast IP in case you want to allow broadcast traffic to work. If you are on the mesh network while doing this, be sure to have safe mode enabled in case you mess something up!
 
Ehman
Member
Member
Topic Author
Posts: 363
Joined: Mon Nov 15, 2010 10:49 pm

Re: client isolation on mesh for clients -need help

Fri Jul 19, 2013 12:45 pm

Block all src and dst addresses for local ranges except the default gateway for the network. You might need to also allow the broadcast IP in case you want to allow broadcast traffic to work. If you are on the mesh network while doing this, be sure to have safe mode enabled in case you mess something up!
Thx good idea :) Its working like a charm

Who is online

Users browsing this forum: MSN [Bot] and 85 guests