You are here

Prevent LAN devices from accessing WAN

5 posts / 0 new
Last post
AC0WN
AC0WN's picture
Prevent LAN devices from accessing WAN

The goal is to create a wireless interface to a local AREDN node which does not offer internet access while at the same time allowing internet access on a different access point.  We are using a hAP router and a AirRouter HP connected DtD, running the latest nightly build, and using both AP's for access with 5 G on the hAP and 2.4 G on the AirRouter HP.  "Prevent LAN devices from accessing WAN" is enabled on the AirRouter HP.

This arrangement seems to meet the goal and works great for windows and android devices.  However .... OSX and iOS devices do not seem to get DNS service from the AirRouter HP, and can only find devices on the network by IP.  Am I doing something stupid?  Is there a way to make this work?

Any and all assistance greatly appreciated.

73,
julie /ac0wn

AE6XE
AE6XE's picture
to confirm, the OSX and iOS
to confirm, the OSX and iOS devices are able to browse the mesh network by hostname when connected to the 5GHz hap ac lite LAN AP, but can not browse the network when connected to the AirRouter HP 2GHz LAN AP?     

This would be very odd as the program, 'dnsmasq' that is the DHCP server is the same program on both devices and above the physical or wireless device layer that the device is connected to the mesh node.   A support dump on both the mesh nodes would help (while an apple product is connected). 

Joe AE6XE
AC0WN
AC0WN's picture
Support dumps attached

Thank you very much for your response, Joe.

Yes ... I'm confirming that the symptoms are as reported.  The MacBook Pro is running macOS Mohave Version 10.14.2 Beta (18C52a) and the IPad Pro 2018 is on Version 12.1 (16B92).

Both support dumps were taken by a MacBook Pro connected via the hAP AP.  At the time of the dumps an IPad Pro was connected to the AirRouter HP AP.  I'll do further testing today and hopefully gain a better picture of the problem.

Many thanks,
julie /ac0wn

Support File Attachments: 
AE6XE
AE6XE's picture
"local AREDN node which does
"local AREDN node which does not offer internet access while at the same time allowing internet access on a different access point. "

Just in case,  when the box is checked to "Prevent LAN devices from accessing WAN", this includes WAN access on the local node as well as over the mesh to remote nodes.  

Joe AE6XE
 
AC0WN
AC0WN's picture
My apologies, Joe.

That line was poorly worded.  I meant to say "a local AREDN station .... etc".   The intent was to have two access points at the EOC, one with access to our satellite internet feed and one without access to that feed.  As a point of clarification I can do this without using the "Prevent LAN devices from accessing WAN" since I have the two routers, but I bumped into this little problem while trying different configurations for this setup.

To be clear the problem exists on either type of router (hAP or AirRouter HP) when utilizing "Prevent LAN devices from accessing WAN" and connecting to the router LAN (either direct or wireless) with an OSX or iOS device.  I am now attempting some tests with earlier apple OS versions and will let you know the results.

Many thanks,
julie /ac0wn

Theme by Danetsoft and Danang Probo Sayekti inspired by Maksimer