• Log in / create account
  • Privacy Policy
  • Community portal
  • Current events
  • Recent changes
  • Random page

Access To Modem Configuration

From dd-wrt wiki, [ edit ] bridged modem, [ edit ] introduction.

In this case the router itself creates the PPPoE connection to the ISP server; but to work, the connection between the modem and the router must have an IP address. Usually the modem gives an address to the client; but this address will never be used except to access the configuration interface of the modem.

My modem is a Speedtouch 510, is IP address is 10.0.0.138 and it gives the 10.0.0.1 address to the device connected to it. The easiest way to know these addresses is to connect the modem directly to your computer and take a look at your network card configuration. The default gateway is the Modem address and the Card address is the one provided by the modem.

Note: Many modems come configured to use the 192.168.1.x subnet. This is the same subnet that DD-WRT uses for the LAN by default. You need to either set the modem to use a different subnet or set the router's LAN to use an IP in a different subnet such as 192.168.2.1 so that they're not using the same subnet.

So it looks like this.

image:access.to.modem.png

By default if you type the IP address of the modem you have an "Impossible to contact the server" error.

NOTE: For all methods below, you may need to substitute $(nvram get wan_ifname) for `nvram get wan_ifname)` if `nvram get wan_ifname)` does not work.

[ edit ] Primary Method

Replace the 10.0.0.2 with an IP in the same range as the modem. If your modem is 10.0.0.1, you should use 10.0.0.2. If your modem is 192.168.0.1, use 192.168.0.2

  • Go to Administration -> Commands

and click on [Save Startup]

and click on [Save Firewall]

On builds newer than 42755 you may need to change the above code and enter both lines under the firewall settings instead of splitting them:

  • `nvram get wan_ifname` gets the WAN port of your router automatically. If you wish to enter it manually, you should run echo `nvram get wan_ifname` to get your WAN interface name.

[ edit ] Success Report

Environment

  • ADSL2+ service with static IP (no PPPoE or DHCP)
  • TP-LINK TD-8817 ADSL2+ Modem Router, configured as bridge , web page at 192.168.1.1
  • Linksys E1200v2 with DD-WRT 21676, LAN address 192.168.2.1, WAN admin port 8080

WAN access to modem on external IP port 8081 in addition to LAN access (with WAN access to DD-WRT on external IP port 8080).

Administration > Commands

[Save Startup]

[Save Firewall]

On builds newer than 42755 (Smart DNS implemented) you may need to change the above code and enter both lines under the firewall settings instead of splitting them:

NAT / QoS > Port Forwarding

[so modem web page can be accessed from WAN on port 8081 (as well as LAN on port 80)]

Important : With WAN access enabled, set strong passwords in both modem and DD-WRT.

[ edit ] Alternate Method

An alternate way to execute the above commands on startup if you have JFFS enabled is the following:

  • Log in via ssh/telnet
  • create a file with the following content:
  • save it as "/jffs/etc/config/modem.startup"
  • create another file with the following content:
  • save it as "/jffs/etc/config/modem.wanup"
  • make them executable:

[ edit ] Tertiary Method

You can replace the 10.0.0.254 with an IP in the same range as the modem. If your modem is 10.0.0.1, you can use 10.0.0.254. If your modem is 192.168.0.1, you can use 192.168.0.254.

and click on Save Startup

and click on Save Firewall

Notes: in the example given eth0 is WAN interface name. On the Setup --> Networking --> Port setup --> WAN Port Assignment you can check your WAN name and replace it according to your port configuration. If you have Guest WiFi (VAP) you should block guest access to your modem like this:

[ edit ] SSH Method

A good, secure method for accessing modem interface (configuration) is SSH port forwarding, which can be accomplished with the following steps (with Apply Settings on each screen):

1. DD-WRT build with working SSH

SSH broken in 21061, fixed in builds >21676

2. Enable SSH service

DD-WRT: Services > Services > Secure Shell > SSHd > Enable

  • No need to enable SSH TCP Forwarding for inbound connections.
  • If Password Login is enabled, set a strong administrative password (12-14 random characters), and SSH login to the "root" account with that password. (See Telnet/SSH and the command line )
  • Recommend changing Port to deter port scanners (e.g., 8022).

3. Enable SSH remote management

DD-WRT: Administration > Remote Access > SSH Management > Enable

  • Recommend changing SSH Remote Port to deter port scanners (e.g., 8022).

4. Setup route to modem

DD-WRT: Administration > Commands

Assumes LAN subnet 192.168.2.nnn and modem at 192.168.1.1 (change as appropriate):

5. Configure SSH port forward

See Example below.

6. Reboot DD-WRT and test

  • ConnectBot is a good SSH client for Android.
  • Mac OS X Terminal supports SSH. ( guide )
  • PuTTY is a good SSH client for Windows.
  • Assumes LAN subnet 192.168.2.nnn and modem at 192.168.1.1
  • DD-WRT forward in PuTTY: L1080 192.168.2.1:80 (access at http://localhost:1080 )
  • Modem forward in PuTTY: L1081 192.168.1.1:80 (access at http://localhost:1081 )

[ edit ] Notes

  • Modem and LAN should be different subnets as in the examples above. It's not good network topology to have router WAN port and LAN ports on the same subnet (even when 'it works').

Categories : Wan | Basic tutorials

  • Discussion |
  • What links here |
  • Related changes |
  • Upload file |
  • Special pages
  • | Permanent link
  • Print as PDF
  • About DD-WRT Wiki |
  • Disclaimers |
  • Powered by MediaWiki |
  • Design by Paul Gu
  • ACTIVATION CENTER
  • Professional
  • Privacy Policy

How to turn a LAN port into a WAN port on Netgear R9000

dd wrt default wan port assignment

Quick Links

  • Log in / create account
  • Privacy Policy
  • Community portal
  • Current events
  • Recent changes
  • Random page

Linking Subnets with Static Routes

From dd-wrt wiki, [ edit ] introduction.

This guide aims to explain how to link different subnets together using static routes to forward traffic to the desired subnet of another router. I will avoid going into too much detail about subnetting in general, though I will say that there are benefits to using subnets such as reducing network traffic (less broadcast frames) and better access control between hosts. One important thing to note for those unfamiliar is that linking subnets is called routing, and the interfaces you use should be unbridged to do it correctly.

[ edit ] Creating the Subnets

There are many ways to create subnets within DD-WRT. By default only the WAN port is unbridged while the LAN switch (which is a hardware bridge) and wireless interfaces are software bridged together.

Ways to create additional subnets include:

  • Set the wireless interface to 'Unbridged'
  • Configure VLAN's if your switch supports them
  • Add virtual interfaces to any existing interface which is poor design but can overcome hardware limitations such as switches without vlans.

[ edit ] Baseline Reference Example

Now let's say you have three routers connected together. Router1's WAN port is connected to the internet which makes it the gateway of your entire LAN, and Router2 and Router3 have their WAN ports connected to Router1's LAN ports. Router2 and/or Router3 could also be using Client or Repeater mode (not bridged!).

Image:Static_Routes_1.png

By default all of these routers will be operating in 'Gateway' routing mode which means they do Network Address Translation (NAT) which makes their LAN subnet addresses invisible on their WAN side. Because each router has an interface connected to the 192.168.1.0/24 subnet, they all have routes to this subnet. However, Router1 doesn't have a route to 192.168.2.0/24 or 192.168.3.0/24, Router2 doesn't have a route to 192.168.3.0/24, and Router3 doesn't have a route to 192.168.2.0/24.

[ edit ] Configuring the Static Routes

For this particular topology only Router1 will need to be configured with static routes because the others have default routes that will cause them to forward traffic to Router1 for any subnet they don't explicitly have routes to.

The static routes should be configured with:

  • Destination LAN NET - The remote subnet that you are creating the route for.
  • Subnet Mask - The subnet mask of the remote subnet. Typically a Class C subnet mask of 255.255.255.0 is used, which in slash notation is /24 as used in the diagram above.
  • Gateway - This must be set to the IP address of the next hop to the destination subnet which in this case is the WAN IP of Router2 and Router3. In networks with more devices the next hop may not be the device that is directly connected to the subnet.
  • Interface - This must be set to the interface that the next hop is connected to. For this example, Router2 and Router3 are connected to the LAN/WLAN (br0) interface of Router1.

Configure Router1 with the following information:

Image:Static_Routes_2.png

With the routes configured it is now safe to disable NAT on Router2 and Router3 by switching their Operating Mode from 'Gateway' to 'Router' on the Setup->Advanced Routing page.

You will also need to use Iptables commands to allow the traffic through the firewalls of Router2 and Router3 to allow full communication between subnets. Iptables commands need to be saved to your firewall script on the Administration->Commands page. Here are a few examples of how you might choose to do so.

[ edit ] Wrapping Up

If you've configured the routes and firewalls correctly then you should now be able to communicate to devices throughout your network without having to rely on bridging. If you have software firewalls running on your PC's then you will need to configure or disable them to allow connections from other subnets.

If you want devices to appear in Networking Neighborhood on windows then you need to set up a WINS servers and configure your DHCP servers to advertise the WINS server.

Categories : Computer networks | Routing | Advanced tutorials

  • Discussion |
  • What links here |
  • Related changes |
  • Upload file |
  • Special pages
  • | Permanent link
  • Print as PDF
  • About DD-WRT Wiki |
  • Disclaimers |
  • Powered by MediaWiki |
  • Design by Paul Gu

Assign WAN Port To LAN Switch

In DD-WRT under Client or AP modes -- where the wired Ethernet WAN port is not used -- the port may be assigned to the LAN switch with a simple GUI checkbox selection of "Assign WAN port to switch."

Can this be done in OpenWRT? If yes, how does one do it?

Yes, you simply need to change the switch configuration accordingly (remove the wan portfrom the wan vlan and adding it untagged to the lan one). Unless you really need the port, I'd usually suggest to ignore it though.

yes change switch connfiguration In AP mode WAN port is required unless you are using radio as uplink

make a network bridge with all the physical ports and name it wan make Lan network withonly wirelss interface in it

check for the relevant changes in firewall.sh done

Thank you slh and arjunet. I want to assign the WAN port to the LAN switch only because it can be done. As an exercise. Is there any reason not to do this?

Can anyone give me detailed directions on what sequence of commands (settings) to use? Moreover, I am completely ignorant of the methods and syntax of the command line mode. Can anyone direct me to a router command line 101?

Yes you can do that ..if it is what you want to achieve

It depends on your hardware. Some hardware has a separate Ethernet port on the CPU that goes directly to the WAN port on the back of the router. In that case you would go to the network configuration, physical settings, and move the WAN ethernet port from the wan network to the lan network.

In other cases, especially gigabit routers, all the ports on the back go through a hardware switch. There you would go to the Network-Switch page and turn off the WAN port in the WAN VLAN, and turn it on (untagged) in the LAN VLAN with the other LAN ports.

DDwrt tries to simplify configuration by giving the user preset "modes" for common use cases. OpenWrt is more toward total flexibility. You can set anything to do anything, even if that is going to totally break it. You can add or edit a file anywhere in the filesystem rather than having only a "nvram" database.

If you're using command line, the most direct approach is to edit the config files. Search the OpenWrt wiki and find the UCI pages. These explain the options possible in each file.

Please understand the question before answering it. OP needs to use the WAN port as a LAN port. They do not need to configure all the ports as WAN. There is a marked difference in the config.

There are two reasons not to do this, unless you really need the fifth port to be usable as an additional LAN port.

  • you can get it wrong, soft-bricking the device or creating a number of subtile problems that might haunt you for quite a while
  • if the WAN port is a dedicated ethernet interface and not connected to the same hardware switch as the LAN ports, you'd need to bridge it with the switch - this would required the data going through the SOC's CPU for the bridging to work, creating a serious bottleneck in terms of performance

If you are aware of the consequences, the technical implications (dedicated interface vs switch port) and actually need an additional LAN port, there's no reason not to do this - but it shouldn't be done "just 'cause" by a beginner.

dumb AP examples , but read and heed the above.

Thank you for taking the time with the caveats. I'll take my time. Nevertheless I live by the precept "no guts, no glory." After all, how does one move from beginner to experienced without doing what can be done even if it need not be done? This stuff should be not all that hard. I mean, really, how arcane can it be?

A month of serious study and experimentation should be more than enough to graduate beyond the clueless novice level. This isn't rocket science. At least it does not appear to be. I was building DEC PDP11s and LSI-11s linked on fiber-optic serial highways which were in turn connected to CAMAC equipment long before the Internet was a gleam in Al Gore's eye. (My lame attempt at humor, sorry.)

It's not rocket science, but you probably learn a lot by going to the Network > Switch page on LuCi and posting a screenshot, we can tell you how your device is wired up by that.

This is a good beginner project. Log in to the router on wifi so that if you misconfigure the Ethernet you would still be able to connect.

If you do have a separate eth port and thus a software bridge, connect whatever uses the least bandwidth to that port.

@dkwalton hi , please go through the link once

there is nothing wrong if you dont need any WAN concept and making a custum project having only LAN

"Ask and you shall receive." Thank you arjuniet.

YES! That is seriously good advice. Logging n via WiFi so as to maintain a connection. See, I should have thought of that if I knew what I were doing. Bits and pieces make a whole.

A post was split to a new topic: How to assign the wan port to work as a lan port on the r8000

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.

David Yin's Blog

Tech geek. Life geek.

How to setup a Client Bridged with DD-WRT router

I have a main (primary) router with the Internet connection in the living room.  And I have two devices in the basement. How I make them connect to the Internet is a problem.

Here I use secondary router wireless connect to the primary router. And two devices wired to connect to the secondary router.

dd wrt default wan port assignment

I don’t need wireless connections to the Secondary router. I also want to make all these devices in the same sub-network. So I choose  Client Bridge mode.

Based on the wiki page from DD-WRT.

Only use this or Repeater Bridge mode if all of the others are unsuitable: WDS, Client, Repeater, or AP. Client Bridge will never be as stable as any of those modes. It is by design a hack and not a true transparent bridge like WDS. It will cause connection problems for more than a single client. See Linking Routers for a description of each of the modes. Client Bridge (CB) extends a wired LAN using a wireless connection, as opposed to an Access Point that extends the Wireless LAN (WLAN) using a wired connection. CB is a wireless connection ( NOT wired ) between two routers only. All devices connections, besides the primary router, MUST be wired to the CB router.

CB is the last choice for me.

Here is my basic information.

Computer : Acer AspireOne ZG5, Windows XP, NIC set to auto retrieve the IP address.

Primary Router: D-Link DIR-880L, Hardware version A2, Firmware v1.20, Regular settings.

Router LAN IP: 192.168.1.1, DHCP range to 192.168.1.199.

Wireless: 2.4GHz  SSID: dlink-2, 802.11 g/n, Channel  width: Auto 20/40 MHz

Secondary Router: Buffalo WZR-HP G300NH, DD-WRT firmware v3.0-r43652 std (07/03/20)

How to config the Secondary Router?

Most important is the setup for the Secondary router.  Before I start, do the HARD reset on it.

  • Connect a cable from my computer to the LAN port just next to the WAN port on my router.
  • Set my browser to 192.168.11.1, and open the dd-wrt GUI. (Because the dd-wrt on Buffalo use 192.168.11.1 as the router IP.)
  • If asked for the password and username, just follow the guide to change it.
  • Go to the Setup >> Basic Setup , change Local IP Adress to 192.168.1.1,  SAVE and Apply.  Restart the Router.
  • Set my browser to 192.168.1.1, and open the dd-wrt GUI.
  • FIRST, go to Wireless->Wireless Security and set the security type and key (dlink-2) from the primary router.
  • Click SAVE, and then APPLY.
  • Go to the Wireless->Basic Settings page and change the wireless mode to Client Bridge(Routed).
  • The wireless network mode (NG-Mixed), channel (Dynamic(20/40 MHz), and encryption match the primary router settings.
  • Set the wireless network name exactly the same as your primary router.
  • Go to Setup->Basic Setup and enter a router Local IP address e.g. 192.168.1.234 because my primary router is on that subnet. Client Bridge subnet must match the primary router. The subnet mask is usually 255.255.255.0.
  • Set the Gateway IP to your primary router, usually 192.168.1.1
  • Set the Local DNS  to 192.168.1.1
  • Check Assign Wan port to a switch
  • Set the Timezone and DST appropriately (America/Vancouver, ca.pool.ntp.org)
  • Go to the new Client Bridge IP address in the browser e.g. 192.168.1.234
  • Go to Security->Firewall : under Block Wan Requests uncheck all but “Filter Multicast”
  • Disable SPI Firewall
  • Click Save, and then Apply.
  • Go to Setup->Advanced Routing : change the Operating Mode from Gateway to Router.
  • Click SAVE, and then APPLY
  • Reboot the router.

Here are some screenshots:

dd wrt default wan port assignment

About my two devices connected to the Secondary Router. They don’t have wireless parts, and I want to use them in the basement.  One is the MagicJack VOIP device. The other one is the Proxmox VE machine, which hosted five VMs.

Related posts:

dd wrt default wan port assignment

2 Replies to “ How to setup a Client Bridged with DD-WRT router ”

can you access your repeater’s (ddwrt ui) after it’s rebooted?

Yes. I can. If ou setup the second router Local IP to the same subnet as the main router, you should access it.

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Save my name, email, and website in this browser for the next time I comment.

Best VPN Routers for Small Business 2024: Routers for Business Security

What is verizon vpn & why you shouldn’t use it (updated), tcp vs udp: what is the difference between tcp and udp, what are the best vpn routers of 2024, what are the most popular & best dd-wrt routers this year, how to set up a repeater bridge in dd-wrt, the difference between wireless-n, wireless-ac, wireless-ad, wi-fi 6, and wi-fi 6e, the differences between single band, dual band, and tri band routers (flashrouters faq), featured router.

AX3000 WiFi 6 VPN FlashRouter

AX3000 WiFi 6 VPN FlashRouter

  • Perfect for Medium Homes
  • Perfect for 20-30 Devices

FlashRouters Networking & VPN Blog

  • SHOP ROUTERS
  • Sign Up for News, Updates and an Exclusive Coupon

How To Configure a DD-WRT VLAN Setup (Router FAQ)

How To Configure a DD-WRT VLAN Setup (Router FAQ)

Please note, we are moving away from DD-WRT, as both projects have seen limited development, and do not support the latest features like Wi-Fi 6 and WireGuard. If you’re looking for more information about VLAN or want to see the best VLAN routers, explore our dedicated VLAN page .

If you still want to use DD-WRT and need assistance with setting up VLAN on your DD-WRT network, we can assist you with our Flash My Router Plan!

flash my router

FLASH MY ROUTER SERVICE INCLUDES:

  • 1-on-1 Session With Expert Technician
  • Basic Internet/Wi-Fi/VPN Setup
  • Open Source Firmware "Flash" Upgrade
  • Includes a $30 Service Credit

wifi Ac Router

Quick Overview

At FlashRouters, our primary goal is to inform users of the benefits of taking back control of their network by unleashing the true power of their router. Routers using DD-WRT Firmware offer a multitude of features, from VPN integration and QoS (Quality of Service) to DNSMasq & Bandwidth Monitoring/Access controls. Another popular feature of DDWRT: VLAN tagging. In this post, we detail how to create a full VLAN setup with DD-WRT.

Best FlashRouters for DD-WRT VLAN Setup

Flash My Router – 1-on-1 Session With Expert Technician / Basic Internet/Wi-Fi/VPN Setup / Open Source Firmware "Flash" Upgrade / Includes a $30 Service Credit PRICE: $100 | BUY NOW

What is VLAN (Virtual LAN)?

According to Wikipedia , “In computer networking, a single layer-2 network may be partitioned to create multiple distinct broadcast domains, which are mutually isolated so that packets can only pass between them via one or more routers; such a domain is referred to as a virtual local area network, virtual LAN or VLAN… More sophisticated devices can mark packets through tagging, so that a single interconnect (trunk) may be used to transport data for multiple VLANs…”

One aspect of a VLAN is the ability to create separate networks on the same router for security and segmentation purposes. Employing a VLAN setup is a useful procedure if you have some devices on your network that you want to isolate from others. In doing so, you can use a VLAN to provide Internet access to family and friends without giving them access to your entire network. Best of all, the settings can easily be changed and adapted to however you want to set up your network.

What Are the Benefits of VLAN?

A VLAN has the same attributes as a physical local area network (LAN) , but it allows for devices to be grouped together more easily even if they are not on the same network switch. Most enterprise-level networks today use virtual LANs.

Without VLAN functionality, you would need separate collections of network cables and equipment from your primary network. And if you didn’t plan this in advance, you could expect a costly rewiring job in your home or office. Unlike physically separate networks, VLANs share bandwidth, so VLAN trunks may require aggregated links and/or quality of service prioritization for maximizing their capability.

For many users, VLAN alone is enough of a reason to switch to third-party alternative firmware like DD-WRT.

How to Create a DD-WRT VLAN Setup

Now on to the fun!

In this DD-WRT tutorial, we will set up VLANs for each Ethernet port. This will create a network on each port that is isolated from all the other ports. An Asus RT-AC66U has been used for this tutorial, and while this same interface is pretty constant throughout any popular DD-WRT-enhanced router ,  setups may vary depending on your firmware build and router model.

Flash My Router

Dd-wrt vlan configuration of ports 1-4.

Go to https://192.168.1.1/ (or your router management IP address) in your web browser.

Select Setup -> VLANs .

Uncheck ports 1, 2, 3, and 4. Place port 1 into VLAN1, port 2 into VLAN2, and port 3 into VLAN3, port 4 into VLAN4. Set the WAN port to VLAN0.

When this is done, the VLAN configuration page should look like this:

How To Configure a DD-WRT VLAN Setup – How to set up your VLAN Configuration Page

Click Save, then Apply Settings.

How To Configure a DD-WRT VLAN Setup – How to Apply Your VLAN Settings

VLAN Configuration on Each Port

  • Next, plug an Ethernet cable into port 1 on the router from your computer.
  • Unplug the router power for 30 seconds and then plug it back in. Wait for the lights to return to normal.
  • Go to Setup -> Networking.

In this tutorial, we will create a subnet for each VLAN.

VLAN1 will have the subnet 192.168.1.0. VLAN2 will have the subnet 192.168.2.0. VLAN3 will have the subnet 192.168.3.0. VLAN4 will have the subnet 192.168.4.0.

That means devices on VLAN1 will be assigned addresses such as 192.168.1.15 and for VLAN2 192.168.2.50

Under Port Setup set VLAN1 to Unbridged.

Set the IP Address to 192.168.1.1. Set the Subnet Mask to 255.255.255.0

Change VLAN2 to Unbridged.

Set the IP Address to 192.168.2.1. Set the Subnet Mask to 255.255.255.0

Change VLAN3 to Unbridged.

Set the IP Address to 192.168.3.1. Set the Subnet Mask to 255.255.255.0

Change VLAN4 to Unbridged.

Set the IP Address to 192.168.4.1. Set the Subnet Mask to 255.255.255.0

Save your changes by clicking Save . When the interface responds, the Port Setup section should look like this:

How To Configure a DD-WRT VLAN Setup – How to Create a Subnet for Each VLAN Port Under Port Setup

Configure DHCPD

Below the Port Setup area, you will see a section titled DHCPD .

What this area does is allow you to create multiple automatic assignment addresses for IP addresses in a network. So, whenever someone authenticates into this section, this VLAN will assign it a user address in your network. This creates 4 sets of automatic assignments within the 4 new segments of your network to be handled by the router automatically in the future.

Under DHCPD click Add . Set DHCP 0 to vlan0 with a Leasetime of 1440 (24 hours). Click Save .

Click Add again. Set DHCP 1 to vlan1 with a Leasetime of 1440 (24 hours). Click Save .

Under DHCPD Click Add . Set DHCP 2 to vlan2 with a Leasetime of 1440 (24 hours). Click Save .

Once again, Set DHCP 3 to vlan3 with a Leasetime of 1440 (24 hours). Click Save .

And a final time, click Add . Set DHCP 4 to vlan4 with a Leasetime of 1440 (24 hours).

Click Save . Let it save. Then, click Apply Settings .

Once completed, the DHCPD -> Multiple DHCP Server section should look like this:

How To Configure a DD-WRT VLAN Setup – Configure DHCPD

Plug your Ethernet cable into any port on the router aside from port 4 or the WAN port. Unplug the power for 30 seconds and then plug it back in. Wait for the lights to return to normal.

 Adding Firewall Rules to Isolate the VLANs.

Now, we have created 4 network segments, but we need to use a firewall to fully isolate them from each other. These commands block all VLANs from communication with each other.

Browse to Administration -> Commands.

Copy and paste the following commands into the Commands text box:

iptables -I  FORWARD -s 192.168.1.0/255.255.255.0 -j DROP iptables -I  FORWARD -s 192.168.2.0/255.255.255.0 -j DROP iptables -I  FORWARD -s 192.168.3.0/255.255.255.0 -j DROP iptables -I  FORWARD -s 192.168.4.0/255.255.255.0 -j DROP

Click “Save Firewall”.

How To Configure a DD-WRT VLAN Setup – Isolate Your VLAN Segments Using Firewall Commands

Your DD-WRT VLAN basic configuration is now complete.

Testing the DDWRT VLAN Setup

To test each VLAN, connect to that port. Take note of your IP address and see if your local IP address changes in your network. If it changes, you have correctly set up VLANs, great job!

Looking for some DD-WRT VLAN-ready routers? Check out our full selection of DD-WRT pre-installed routers .

Stream Live NFL Games All Season From Anywhere

What Is The Best Way To Stream UEFA Europa League Games in 2023-24?

Best VPN Routers 2024

2019 Best Routers

Looking for the most secure router for VPN service options? Look no further.

View 2024’s best Routers here ⇥

BEST VPNs OF 2024

nordvpn

“With FlashRouters, you’re getting the best of both worlds, the freedom of open source with the support of stock.” — TechJunkie

dd wrt default wan port assignment

“The FlashRouters team has expanded the usefulness of their devices even further with the addition of a new VPN Privacy App.” — VPNFAN

dd wrt default wan port assignment

“The FlashRouters DD-WRT app is by far the easiest way to use a VPN on a router.” — ProPrivacy

dd wrt default wan port assignment

“As far as we’re concerned, FlashRouters’ Linksys VPN Router is a must-have for anyone looking to keep their entire household’s data private and secure.” — Android Authority

Stack Exchange Network

Stack Exchange network consists of 183 Q&A communities including Stack Overflow , the largest, most trusted online community for developers to learn, share their knowledge, and build their careers.

Q&A for work

Connect and share knowledge within a single location that is structured and easy to search.

WAN port security assessment (DD-WRT)

I am running an Ethernet cable around my house to connect a cable modem in one room with the WAN port of the Netgear 6700 router (ddwrt) in another room.

I am wondering if this poses a security risk. Especially if an intruder could gain access to my LAN via that Ethernet cable that’s connected to the WAN port.

Is it possible to gain access to the LAN machines via the WAN port? If yes, is there a way to prevent that?

Thanks for your help in advance.

khofm's user avatar

Law 3 of the Immutable laws of security states:

If a bad guy has unrestricted physical access to your computer, it's not your computer anymore

So if someone has enough access to your system that they can replace your modem or put their own hardware in, you are in much more trouble than simply being able to see your network.

That being said, it is a common thing to link a modem to a router via a WAN port. You could look at locking down MAC addresses maybe to restrict which devices can get on your network, or you could run some software on a server on your system to look at any changes of hardware/gateways etc on your network.

Randomhero's user avatar

You must log in to answer this question.

Not the answer you're looking for browse other questions tagged router security routing port wan ..

  • The Overflow Blog
  • Are long context windows the end of RAG?
  • Developers with AI assistants need to follow the pair programming model
  • Featured on Meta
  • New Focus Styles & Updated Styling for Button Groups
  • Upcoming initiatives on Stack Overflow and across the Stack Exchange network
  • Google Cloud will be Sponsoring Super User SE

Hot Network Questions

  • Trying to identify a cassette tape of science-fiction short stories?
  • Why do we associate negative sign to electric charges when they are a scalar quantity?
  • Emulate Jelly's tie-scan
  • How will the world learn that Q-Day has arrived?
  • Do languages have any sort of upper limit for how long it takes to say things?
  • Speaking of a fitted bed sheet, would you call it “inside-out” or “upside-down”if you wanted to indicate that the stitches are facing up?
  • Why is it important that my master's publications are cited?
  • Is it legal to sell expired food in the United States?
  • Could I file a complaint against discrimination in my favor?
  • How does the Scrying spell interact with Stealth?
  • Do creatures with a reach of 0 get attacks of opportunity when a foe moves away?
  • What does Tarski mean when he says "variables do not posses any meaning by themselves"?
  • Radio Drama 'free range' clones of rich people are grown so replacement organs will be available for them
  • What is "trickle-down economics"?
  • Can arpeggios have stacked notes in them?
  • Maximum determinant of binary matrices with special properties
  • How do you actually solve a linear homogeneous differential equation rigorously without splitting the differential
  • You're at war with countries X and Y. Does international law say anything about bombing X's embassy in Y (to kill a high-value target)?
  • Is it dangerous to leave “.DS_Store” files left in Git commit history?
  • Do you set arbitrary deadlines in project management, or only save them for things with intrinsic, real deadlines?
  • Purpose of \nobreak inside \vadjust
  • What kind of chart is this and how to read it?
  • Probability of randomly guessing 10 out of 14 football results
  • standalone.cls maximum tikz picture size is 575?

dd wrt default wan port assignment

IMAGES

  1. Setting a Static WAN IP address on the TP-Link and DD-WRT routers

    dd wrt default wan port assignment

  2. Dd wrt default wan port assignment

    dd wrt default wan port assignment

  3. How to Configure DD-WRT OpenVPN Client

    dd wrt default wan port assignment

  4. Setting a Static WAN IP address on the TP-Link and DD-WRT routers

    dd wrt default wan port assignment

  5. How To Configure a DDWRT VLAN Setup (Router FAQ)

    dd wrt default wan port assignment

  6. Setup Wi-Fi VLANs with DD-WRT on RT-AC3200

    dd wrt default wan port assignment

VIDEO

  1. tourokuyouwu

  2. IGNOU Dec 2023 Exam Assignment Status Update हो गया है

  3. Bone Island

  4. Richer link ka firmware kaise upgrade kre!! RL821GWV-D!! National Saurabh

  5. TS Pro Burner ( COM port assignment windows 10)

  6. DD-WRT and my Linksys WRT54GL v1.1

COMMENTS

  1. DD-WRT :: View topic

    DD-WRT Novice. Joined: 23 Nov 2008. Posts: 4. Posted: Sun Nov 23, 2008 16:07 Post subject: WAN Port Assignment. Under Setup - Networking - Port Setup there is a drop-down list for selecting the WAN port. It is currently set to vlan1. Other options are eth0, eth1 and vlan0. The bridge table is. Code:

  2. DD-WRT :: View topic

    Posted: Fri Jul 16, 2021 17:58 Post subject: This is what you can try from my best guess of what is changed when that function was still present: Setup -> Basic Setup: WAN mode "disabled". Setup -> Networking: Check that vlan2 is assigned to br0 and ensure WAN port assignment is disabled. I have not taken the time to look further into this on ...

  3. WAN Port

    These steps were done with build 12307 (2009 06 17). Other firmware builds of DD-WRT have the same or very similar steps. Open up the Web Interface to your DD-WRT Device. Set WAN 'Connection Type' to Disabled. Down the Basic Setup page, the option WAN Port appears. Check the box 'Assign WAN Port to Switch'. Save/Reboot.

  4. Wireless access point

    To do this, you need to disable the Internet Connection and "Assign WAN Port to Switch". Normally, the router does Layer 3 IP routing. but by "Assigning WAN Port to Switch," your DD-WRT router will bypass that functionality and just pass on the Layer 2 ethernet packets from your wired network to the wireless network and vice versa.

  5. Access To Modem Configuration

    The default gateway is the Modem address and the Card address is the one provided by the modem. ... (with WAN access to DD-WRT on external IP port 8080). ... On the Setup --> Networking --> Port setup --> WAN Port Assignment you can check your WAN name and replace it according to your port configuration. If you have Guest WiFi (VAP) you should ...

  6. "Assign WAN port to Switch"- is the feature needed

    Posted: Tue Aug 10, 2021 2:08 Post subject: "Assign WAN port to Switch"- is the feature needed. I noticed that on my Negear R6700v3, the option on the "Basic Setup" to "Assign WAN port to Switch" has been removed from version r47142. However, the WAN port *seems* to be working OK as a LAN switch even without changing anything on the "Switch Cfg ...

  7. DD-WRT :: View topic

    It is a Broadcom based router. I can already assign WAN port to switch from the Switch Config Tab but I really want to be able to do this from telnet using nvram commands. This is what I get when I telnet to the router : nvram show | grep vlan.*ports | sort. vlan1ports=1 2 3 4 8*.

  8. Switch

    Hard reset or 30/30/30 the router to dd-wrt default settings ... Assign WAN Port to Switch : Enable this if you want to use WAN port as a switch port ... or a crossover cable. As far as I know, most dd-wrt capable devices can do autosensing (at least mine do) so the cable type doesn't really matter.

  9. DD-WRT :: View topic

    That worked. Changing the WAN port assignment to eth0. You just have to select the correct interface in the "networking" tab under "WAN port assignment". Logic would've (or should've) initiated a light bulb reaction to engage the user to come to the result of assigning eth0 as WAN port.

  10. Port Forwarding Troubleshooting

    If the WAN IP begins with 192.168.x.x, 172.[16-31].x.x, or 10.x.x.x then the router is behind another router that is also doing NAT. You must configure that router to either DMZ or port forward to the DD-WRT router. Any other WAN IP is likely a public (routable) address that just needs a properly configured port forward on the router.

  11. howto:general:network:switch_config [DD-WRT NXT Wiki]

    Assign Switch port to WAN. A need for configuring the switch ports may be, that you want to move a LAN Port, to the WAN-Network. One might have a setup similar to: Ethernet-PC1—- (PORT 1)DD-WRT NXT (WAN)—-MODEM. Where PC1, should be in the same Network, as the WAN side of your DD-WRT NXT router and the Modem. The GUI configuration would ...

  12. Linking Subnets with Static Routes

    There are many ways to create subnets within DD-WRT. By default only the WAN port is unbridged while the LAN switch (which is a hardware bridge) and wireless interfaces are software bridged together. Ways to create additional subnets include: Set the wireless interface to 'Unbridged' Configure VLAN's if your switch supports them

  13. networking

    Local DNS: 192.168.1.1 (if IP of Primary Router is 192.168.1.1) Assign WAN Port to Switch : Optionally enable this to use the WAN port as another LAN port. Save. If you have done this, then the configuration page of your RB will be accessible at the IP address (to be typed in your browser) 192.168.1.2.

  14. networking

    1. Here is an article to set the DD-WRT as "Wireless access point". Its setup is the same as yours except it doesn't mention the "Dynamic Routing" so i'm not sure you need to set it different then the default. It does mention other settings (like optional DNSMasq to Disable and disabling the firewall).

  15. Assign WAN Port To LAN Switch

    In that case you would go to the network configuration, physical settings, and move the WAN ethernet port from the wan network to the lan network. In other cases, especially gigabit routers, all the ports on the back go through a hardware switch. There you would go to the Network-Switch page and turn off the WAN port in the WAN VLAN, and turn ...

  16. How to setup a Client Bridged with DD-WRT router

    Restart the Router. Set my browser to 192.168.1.1, and open the dd-wrt GUI. FIRST, go to Wireless->Wireless Security and set the security type and key (dlink-2) from the primary router. Click SAVE, and then APPLY. Go to the Wireless->Basic Settings page and change the wireless mode to Client Bridge (Routed).

  17. How To Configure a DD-WRT VLAN Setup (Router FAQ)

    Go to https://192.168.1.1/ (or your router management IP address) in your web browser. Select Setup -> VLANs. Uncheck ports 1, 2, 3, and 4. Place port 1 into VLAN1, port 2 into VLAN2, and port 3 into VLAN3, port 4 into VLAN4. Set the WAN port to VLAN0.

  18. How to access DD-WRT web interface when in bridge mode

    2. My Internet comes from a single port router my ISP installs (ISP.ca). Network setup: ISP->Router->DD-WRT router->Computer. The DD-WRT router does my wireless as well, so it is necessary. To get it to work the DD-WRT router is in some sort of bridge mode. I have had this setup for years, and it is a huge pain.

  19. router

    WAN port security assessment (DD-WRT) I am running an Ethernet cable around my house to connect a cable modem in one room with the WAN port of the Netgear 6700 router (ddwrt) in another room. I am wondering if this poses a security risk. Especially if an intruder could gain access to my LAN via that Ethernet cable that's connected to the WAN ...