[Ewrt-devel] Blocking inter-user traffic.

Fri Nov 5 09:36:29 PST 2004

Thanks Michael, yes, thats what I tried (at the end of initialize.sh) 
but with no luck so far.

To give some more bones to this, let me explain why I want this. I have 
Mac users on a wired LAN which has its own off the shelf Netgear router 
providing access to the outside world. If an Apple Mac on this wired LAN 
simultaneously connects to the wireless network provided by the EWRT box 
it is reportedly sharing their Internet access from the wired side via 
the EWRT connection. I've not seen this happening myself but it would 
explain why a box I recently tested as working fine appeared at first to 
never show the splash page. The thinking is that wireless users are 
connected to the EWRT box but are getting Internet access by traffic 
going back out to another wireless user who has a seperate wired 
connection giving Internet access. Sounds mad I know but it does fit the 
behaviour. Other than burning all Macs at the stake I wonder if anyone 
has any other suggestions on how to get around this?

Cheers.

Darren.

Michael Rasmussen wrote:

>Darren Hudson wrote:
>  
>
>>Has anyone tried this or does anyone know that its not possible? I'm 
>>trying to add rules to iptables which will completely block traffic 
>>between wireless clients (I'm not having much luck as yet!). The problem 
>>as I see it is that the clients are all on the same subnet so routing 
>>can't block traffic between them. Any thoughts or experiences?
>>    
>>
>
>  Please pardon my thinking out loud here.
>
>iptables doesn't operate at the routing level.
>
>The WRT54G is operating as a switch.
>
>A final rule, after allowing management traffic to the WRT54G, with
>
>  iptables -A FORWARD -s 192.168.1.0/255.255.255.0 -d 192.168.1.0/255.255.255.0 -j DROP
>
>should work.  
>
>Is that what you tried?
>
>  
>