I'm trying to setup a media server (movies) for about 30 devices. Originally I was going to just do an FTP server on a new Linksys EA6350 but I've gone ahead, loaded OpenWRT, and begun learning it.
Of the two radios, I'd like the 2.4Ghz radio to not have internet access (all users) but it should have access to the external HDD plugged into the USB 3.0 port on the router.
I'd like the 5Ghz radio to have internet access and, ideally, access to the HDD on the USB port if possible, but the internet access is a must.
Essentially, the idea is that anyone that is given the password to the 2.4GHz radio is going to get access to the movies but won't be able to use the internet and kill the already very limited bandwidth. Only those that have been given the SSID and password to the hidden 5GHz radio get internet.
Can this be done? The devices on the 2.4Ghz band are constantly changing, so restricting access by MAC address would not be ideal.
Create a bridge for your “restricted” SSID (only, no other interfaces). Assign it an IP on its own subnet and set it up for DHCP. Put it on its own firewall zone. Set the rules as you desire on that zone.
Probably no forwarding allowed. You probably want to block all input except for DHCP, DNS, and whatever you use for file sharing as well.
Ok. So in interfaces- I have a DHCP client protocol in place on an interface called "movieserver" (just for ease of knowing why it's there...for the naming), firewall has a new zone called "movieserver" with input rejected, output accepted, forward rejected. Wireless for 2.4ghz is
not saving "network" has movieserver. Always goes back to unspecified.
What are the different modes in the wireless here? I haven't seen some in a router before (like adhoc- I always remember that for just computers or other devices).
Since it's going to provide connectivity to other devices, it needs a fixed address in a subnet of your choice (that is different than the other attached subnets) and it needs to serve DHCP (and likely DNS and NTP).
If you're providing an AP, that is likely the mode shown in the GUI.
FTP, along with telnet, rcp, rlogin, and a lot of the early and mid-era Internet protocols (remember gopher?) were obsolete around 20 years ago. They have been replaced by more secure, robust protocols like SSH, SCP, rsync, HTTP-S and the like.
It isn't that there are "negative things" with OpenWrt and FTP -- FTP is a problem no matter where used. There are vanishingly few reasons to run an FTP server these days, even fewer for a home user.
Now THAT made a heck of a lot more sense. Ok. Thank you very very much. So I guess if I followed all of those directions but changed the WAN connection piece, guests would only have network access, not internet access, agreed?
So for ease of use by average users, would you run a store-bought Linksys software or openwrt? I’m still leaning store-bought because I now how to setup the internet the way I want.
Well being that I have limited internet connectivity, some pretty hefty commercial firewalls upstream of the Linksys, and filtered streams above that from the ISP directly, I’m not too worried about the security front. This point of this- I have an “open” port in an otherwise closed network that I’m using for the router. This is going to 1. Allow a cellphone to get internet service where it otherwise wouldn’t. And 2. The primary purpose is to allow up to 25 users to access the external HDD plugged into the router for offline content (movies). Recommendations on setup? I would have stayed with the Linksys software off the bat if I could have easily regulated the users to not have internet (and only give it to the one cellphone).
Step 3 - place interface in a new firewall zone that does not permit forwarding to WAN
Step 4 - install and configure a file sharing server
Simple.
You could also edit LAN so that it doesn't forward to WAN - and only allow the IP of the cellphone - although, you may have to configure a static address in the cellphone's network/WiFi settings.
Thanks to you all, I have two networks running thus far. Of the two, I blocked internet on the 2.4Ghz by rejecting input, output, and forwarding. Now I have Samba downloaded, the Luci app for Samba running, and I am going to start playing with that!
Now I’m stuck again- I can’t seem to mount the NTFS drive. I’ve been trying- manually through CLI, and I can’t download most of the Usb drivers either- most kick a 255 error or similar. Drive has more than 2tb if movies.
Oh- and when I do get code that seems like it might poke through- I get a permission denied
If your initial problem (Restricting internet on one radio and not the other) is solved, please consider marking this topic as [Solved]. See How to mark a topic as [Solved] for a short how-to.