h1

Configure VLANs on Tomato GUI

August 27, 2011

Router: Linksys WRT54G V2.2

Tomato Firmware v1.28.7624 -Toastman-ND ND VPN

http://www.4shared.com/file/nJPwNP6p/tomato-ND-1287624-Toastman-ND-.html?

First, create VLANs and assign ports to VLANs by logging on GUI: advanced>VLAN

Vlan1 is for WAN connection, so other 4 VLAN ports can connect user devices.

Second, create Vlan interfaces and assign IP address to them.

Here interface vlan2, 3, 4 are created by inputing the script on GUI: administration>scripts>Init.

sleep 10; ifconfig vlan2 192.168.22.1 netmask 255.255.255.0 up; sleep 10; ifconfig vlan3 192.168.33.1 netmask 255.255.255.0 up; sleep 10; ifconfig vlan4 192.168.44.1 netmask 255.255.255.0 up;

Third, configure firewall rules to block traffic between VLANs but permit traffic between WAN

and each VLAN by inputing the script on GUI: administration>scripts>Firewall.

iptables -I INPUT -i vlan2 -j ACCEPT;

iptables -I FORWARD -i vlan2 -o vlan1 -m state --state NEW -j ACCEPT;

iptables -I FORWARD -i vlan2 -o ppp0 -m state --state NEW -j ACCEPT;

iptables -I FORWARD -i vlan2 -o br0 -j DROP;

iptables -I INPUT -i vlan3 -j ACCEPT;

iptables -I FORWARD -i vlan3 -o vlan1 -m state --state NEW -j ACCEPT;

iptables -I FORWARD -i vlan3 -o ppp0 -m state --state NEW -j ACCEPT;

iptables -I FORWARD -i vlan3 -o br0 -j DROP;

iptables -I INPUT -i vlan4 -j ACCEPT;

iptables -I FORWARD -i vlan4 -o vlan1 -m state --state NEW -j ACCEPT;

iptables -I FORWARD -i vlan4 -o ppp0 -m state --state NEW -j ACCEPT;

iptables -I FORWARD -i vlan4 -o br0 -j DROP;

Finally, configure DHCP server for each VLAN.

Here DHCP server for VLAN2, 3, and 4 are configured by inputting the script on GUI: Advanced>DHCP/DNS> Dnsmasq Custom configuration.

interface=vlan2

dhcp-range=net:vlan2,192.168.22.100,192.168.22.149,255.255.255.0,1440m

dhcp-option=vlan2,3,192.168.22.1

interface=vlan3

dhcp-range=net:vlan3,192.168.33.100,192.168.33.149,255.255.255.0,1440m

dhcp-option=vlan3,3,192.168.33.1

interface=vlan4

dhcp-range=net:vlan4,192.168.44.100,192.168.44.149,255.255.255.0,1440m

dhcp-option=vlan4,3,192.168.44.1

Check “Use received DNS with user-entered DNS” and “Intercept DNS port (UDP 53)” as they are not checked in default.

DHCP server for VLAN 0 is enabled by logging to GUI: Basic>Network

Save in each step and reboot the router finally.

 

About these ads

One comment

  1. Hi, this is a comment.
    To delete a comment, just log in, and view the posts’ comments, there you will have the option to edit or delete them.



Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Follow

Get every new post delivered to your Inbox.

%d bloggers like this: