How to enable separated Guest Networks with DD-WRT on TP-Link TL-WR1043N

I’ve recently setup a new and shiny TP-Link TL-WR1043N Gigabit Router with DD-WRT and wanted to document how I set it up as access point with opening an additional guest network.

First, you need to flash DD-WRT to the Router. As I was using a brand new device, I’ve chosen the „factory-to-ddwrt.bin“ from the DD-WRT Router Database. Just type in „TP-Link TL-WR1043N“ and you will see three image files. If you are uncertain, which firmware is the right to choose, try these instructions. If you already used DD-WRT, you should know how to make updates to your router. I will not cover this cases in my documentation.

After flashing, you need to configure it as Wireless Access Point.

When you are ready, open these instructions on how to create „Multiple WLANs“. The TP-Link is Atheros based hardware, which means that all wireless network interfaces will start with „ath“ in their names. Follow the guide, until you come to the part where it describes the „Command Method for DHCP“. Add to the configuration the IP of your local DNS server:


# Enables DHCP on br1
interface=br1
# Set the default gateway for br1 clients
dhcp-option=br1,3,192.168.2.1
# Set the DHCP range and default lease time of 24 hours for br1 clients
dhcp-range=br1,192.168.2.100,192.168.2.150,255.255.255.0,24h
dhcp-option=br1,6,[DNS IP 1],[DNS IP 2]

Continue with the instructions of the wiki page until you reach the chapter „Restricting Access“. This is the configuration which I used to separate the Guest network from your main network:


iptables -t nat -I POSTROUTING -o get_wanface -j SNAT --to nvram get wan_ipaddr
iptables -I FORWARD -i br1 -m state --state NEW -j ACCEPT
iptables -I FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
iptables -I FORWARD -i br0 -o br1 -m state --state NEW -j DROP
iptables -I FORWARD -i br1 -d nvram get lan_ipaddr/nvram get lan_netmask -m state --state NEW -j DROP
iptables -t nat -I POSTROUTING -o br0 -j SNAT --to nvram get lan_ipaddr
iptables -I INPUT -i br1 -p udp --dport 67 -j ACCEPT
iptables -I INPUT -i br1 -p udp --dport 53 -j ACCEPT
iptables -I INPUT -i br1 -p tcp --dport 53 -j ACCEPT

With this configuration I was able to create a separated Guest WLAN.

How to configure Apple Airport Express 1st Generation on Mountain Lion

This is a tip which should be also available for my international readers, therefore it is in english 🙂 If you prefer a german version, please click on this Macwelt article.

My father uses my old Apple Airport Express 1st Generation. He uses Mountain Lion aka. Mac OS X 10.8 on his Macbook Pro and wanted to reconfigure the Airport. However, Apple decided to drop support for older generations of the Airport Express. Therefore, the current version 6.1 of the Airport Utilities is unable to find his Airport Express model.

This is where this handy tool come into play. With unpkg, you can extract the content of the pkg installers supplied by Apple, as older Versions are not runnable on Mountain Lion. You need to extract the tool and start it.

a Mac OS X .[m]pkg unarchiver - version 4.5
a Mac OS X .[m]pkg unarchiver – version 4.5
Now you can download the older Airport Utilitiy in version 5.61 which is the last version with support for his type of Airport Express. You can download it directly from Apple. Mount the downloaded dmg file and drag the Airport Utility Installer onto the unpkg window. unpgk will now decompress the pkg file to your desktop.

AirPortUtility FolderYou can now move the App from the Applications/Utilities folder to your Application folder. Double click on it and you will get the older version of the utility. Be sure to skip the update, as it will try to download the newer version of the Airport Utility 6.1 which you definitively don’t want to use as it will stop working with your kind of Airport Express.

 

iTunes 10.7 and Remote 2.4 on iOS 6 – How to reconnect

I recently tried to use my iPhone 4S with iOS 6 to control my iTunes 10.7 on my Macbook Pro. This used to work but the official Apple Remote App did not successfully connect to iTunes anymore.

I followed the knowledge base article and tried to reset all remote settings in iTunes, as well as controlling my wireless network settings. After several unsuccessful tries to pair both machines, I tried to switch my Macbook to LAN connectivity instead of WLAN. And this was the first clue, that the problems must have something to do with my network settings, as I could not pair my iPhone with iTunes anymore.

The key to success was to restart my WLAN router (AVM Fritz!Box 3270). Devices from AVM are known for their problems with Bonjour’s UDP Multicast packets. They are sometimes blocked when the router is running for too long without reboot. So restarting helped me a lot, because after this I could pair iPhone and iTunes again and could start controlling my Macbook’s iTunes again 🙂

TMR Kabelab im Bermudadreieck

Gestern habe ich die letzten warmen Sonnenstrahlen des Jahres genossen und habe dabei die Möglichkeit genutzt, das TMR Kabelab Wlan im Bermudadreieck mal zu testen.

Das Ganze funktioniert prima und ist kostenlos. Einziges „Problem“ ist, das man vorher in den TMR Shop am Massenberg Boulevard vorbeigehen muss oder zum Rechenzentrum Service Zentrum der Ruhr-Uni gehen muss. Da bekommt man eine kleine Plastikkarte, auf der eine CardID und eine einmalige Pin Nummer steht.

Zusammen mit diesen Daten kann man sich mit den üblichen Standardeinstellungen in das Wlan von TMR einwählen und kann dann auf www.kabelab.de gehen. Dort gibt es dann einen kleinen Registrierungsassistenten, wo man seine Handynummer angeben muss zusammen mit den Informationen auf der Plastikkarte.

Anschließend bekommt man von TMR eine SMS mit dem Password. Zusammen mit CardID und Passwort kann man sich in Zukunft anmelden. Anschließend hat man eine schöne kostenlose Wlan Verbindung, die allerdings ungesichert ist. Hier sollte man z.B. den VPN Tunnel der Ruhr-Uni noch bemühen, damit die Kommunikation innerhalb des TMR Netzes etwas gesichert ist und nicht alles Klartext über die Luft fliegt.

Im Großen und Ganzen kann man also zusammenfassen: kostenloses flächendeckendes Wlan im Bermudadreieck ist toll 🙂

iPod touch/iPhone als Fernsteuerung für Hubschrauber verwenden

Aus der Reihe der genialen iPhone Programme stelle ich hier noch eines vor: Eine Fernsteuerung via Wlan und Accelerometer für ferngesteuerte Hubschrauber!

Und tatsächlich, das funktioniert?! Die Idee ist ziemlich abgedreht und es wird sicherlich auch nicht mehr lange dauern, bis jemand das für Quadrocopter nachbaut, oder was meint ihr?