Differences

This shows you the differences between two versions of the page.

doc:recipes:guest-wlan-webinterface [2013/03/10 13:25]
del Setup firewall rules for guests
doc:recipes:guest-wlan-webinterface [2013/10/11 12:25] (current)
sourcejedi Insert missing word "avoid" :)
Line 6: Line 6:
===== Create and configure a new wireless controller ===== ===== Create and configure a new wireless controller =====
After logging into the web-interface, manoeuvre to the **Wifi** page under **Network**. Click **Add** over the wireless controller (e.g., the 2.4 GHz radio) you want to have your guest network on. A new interface will be added as shown here: After logging into the web-interface, manoeuvre to the **Wifi** page under **Network**. Click **Add** over the wireless controller (e.g., the 2.4 GHz radio) you want to have your guest network on. A new interface will be added as shown here:
-{{:doc:recipes:createwireless.png|}}+\\ \\ {{:doc:recipes:createwireless.png|}}\\ \\ \\
As you can see, our new wireless controller is created, and we named it guest. Next up is configuring it. Choose the **Edit** option for the controller. You will need to create a new network, as you can see we named our new network guest here: As you can see, our new wireless controller is created, and we named it guest. Next up is configuring it. Choose the **Edit** option for the controller. You will need to create a new network, as you can see we named our new network guest here:
-{{:doc:recipes:editwirelessforguest.png|}} +\\ \\ {{:doc:recipes:editwirelessforguest.png|}}\\ \\  
-also, make sure to set up wireless security if you want to protect the connection.+Also, make sure to set up wireless security if you want to protect the connection.\\
===== Configure the new interface ===== ===== Configure the new interface =====
-You can now manoeuvre to the Interfaces page under Network, and you should see your new interface. Like this: +Now if you manoeuvre to the Interfaces page under Network, and you should see your new interface, looking similar to this: 
-{{:doc:recipes:guestinterfacecreated.png|}} +\\ \\ {{:doc:recipes:guestinterfacecreated.png|}}\\ \\ \\  
-You will need to configure you interface before it is useful. Choose **Edit**, pick the protocol **Static address**, and fill out your chosen IPv4 address. We chose 192.168.3.1 here, but you may have different preferences. However, using 192.168.1.1 or 10.0.0.1 as they may already be in use and prevent your guests from acquiring IP-addresses. Remember to set the netmask. You will also need to enable DHCP, we chose to go with the default options here except for the Leasetime wich is only one hour, suitable for environments where a large number of guests connect and leave through a day. +You will need to configure you interface before it is useful. Choose **Edit**, pick the protocol **Static address**, and fill out your chosen IPv4 address. We chose 192.168.3.1 here, but you may have different preferences. However, avoid using 192.168.1.1 or 10.0.0.1 as they may already be in use and prevent your guests from acquiring IP-addresses. Remember to set the netmask. You will also need to enable DHCP, we chose to go with the default options here except for the Leasetime wich is only one hour, suitable for environments where a large number of guests connect and leave through a day. 
-{{:media:doc:recipes:editinterfaceforguest.png|Set IP address and netmask for the guests and enable DHCP}}+\\ \\ {{:media:doc:recipes:editinterfaceforguest.png|Set IP address and netmask for the guests and enable DHCP}}\\ \\ \\
Notice that you have a **Firewall Settings** tab to the far right of the  **General Setup** tab. Make sure you visit this tab, and create a new zone for your guest, like we have done here: Notice that you have a **Firewall Settings** tab to the far right of the  **General Setup** tab. Make sure you visit this tab, and create a new zone for your guest, like we have done here:
-{{:doc:recipes:createfirewallzoneforguest.png|}}+\\ \\ {{:doc:recipes:createfirewallzoneforguest.png|}}\\ \\
===== Configure the firewall ===== ===== Configure the firewall =====
Now you are just about done. That last thing we need to do, is to open up for traffic between you guest network and WAN in the firewall. Go to the **Firewall** page under **Network**, choose **Edit** for your guest zone. Set **Input** to **REJECT** and tick wan under **Allow forward to destination zones**. Correctly configured it should look like this: Now you are just about done. That last thing we need to do, is to open up for traffic between you guest network and WAN in the firewall. Go to the **Firewall** page under **Network**, choose **Edit** for your guest zone. Set **Input** to **REJECT** and tick wan under **Allow forward to destination zones**. Correctly configured it should look like this:
-{{{{:media:guest-wlan-firewall-setup.png|Check that your Guest interface has access to WAN and that Input is set to REJECT}} +\\ \\ {{{{:media:guest-wlan-firewall-setup.png|Check that your Guest interface has access to WAN and that Input is set to REJECT}}\\ \\  
-Remember to click **Save & Apply**. The last thing we need to do is to give our guests access to the Internet.+Remember to click **Save & Apply**. The last thing we need to do is to give our guests access to the Internet.\\
Right now neither DNS nor DHCP traffic will be accepted. We need to create two rules, which we can do from the **Traffic rules** tab under the **Firewall** tab. Both rules can be put in under **Open ports on router:**. We name the first one **Guest DNS** here (you can name it what you want), setting both TCP and UDP traffic and port 53: Right now neither DNS nor DHCP traffic will be accepted. We need to create two rules, which we can do from the **Traffic rules** tab under the **Firewall** tab. Both rules can be put in under **Open ports on router:**. We name the first one **Guest DNS** here (you can name it what you want), setting both TCP and UDP traffic and port 53:
-{{:media:doc:recipes:guest-wlan-dns-setup.png|Enter new rule to allow DNS traffic from guests}} +\\ \\ {{:media:doc:recipes:guest-wlan-dns-setup.png|Enter new rule to allow DNS traffic from guests}}\\ \\ \\  
-We need to configure the rule, so choose to edit it. Set **Source zone** to Guest, and set **Destination zone to **Device (input)** like shown here: +We need to configure the rule, so choose to edit it. Set **Source zone** to **guest**, and set **Destination zone** to **Device (input)** like shown here: 
-{{:media:doc:recipes:guest-wlan-dns-config.png|Set Source zone to Guest and Destination zone to Device}} +\\ \\ {{:media:doc:recipes:guest-wlan-dns-config.png|Set Source zone to Guest and Destination zone to Device}}\\ \\ \\  
-Similarly, create a new rule to allow DHCP for guests. We name this rule Guest DHCP, choose UDP as protocol, and set 67-68 for ports. Again edit the rule, setting **Source zone** to Guest, and set **Destination zone to **Device (input)**. When you are done it should look like this:{{:media:doc:recipes:guest-wlan-firewall-config.png|Cross check that your two rules have the same set-up}}+Similarly, create a new rule to allow DHCP for guests. We name this rule Guest DHCP, choose UDP as protocol, and set 67-68 for ports. Again edit the rule, setting **Source zone** to **guest**, and set **Destination zone** to **Device (input)**. When you are done it should look like this:\\ \\ {{:media:doc:recipes:guest-wlan-firewall-config.png|Cross check that your two rules have the same set-up}}

Back to top

doc/recipes/guest-wlan-webinterface.1362918318.txt.bz2 · Last modified: 2013/03/10 13:25 by del