How to enable separated Guest Networks with DD-WRT on TP-Link TL-WR1043N

I’ve recently setup a new and shiny TP-Link TL-WR1043N Gigabit Router with DD-WRT and wanted to document how I set it up as access point with opening an additional guest network.

First, you need to flash DD-WRT to the Router. As I was using a brand new device, I’ve chosen the “factory-to-ddwrt.bin” from the DD-WRT Router Database. Just type in “TP-Link TL-WR1043N” and you will see three image files. If you are uncertain, which firmware is the right to choose, try these instructions. If you already used DD-WRT, you should know how to make updates to your router. I will not cover this cases in my documentation.

After flashing, you need to configure it as Wireless Access Point.

When you are ready, open these instructions on how to create “Multiple WLANs”. The TP-Link is Atheros based hardware, which means that all wireless network interfaces will start with “ath” in their names. Follow the guide, until you come to the part where it describes the “Command Method for DHCP”. Add to the configuration the IP of your local DNS server:

# Enables DHCP on br1
# Set the default gateway for br1 clients
# Set the DHCP range and default lease time of 24 hours for br1 clients
dhcp-option=br1,6,[DNS IP 1],[DNS IP 2]

Continue with the instructions of the wiki page until you reach the chapter “Restricting Access”. This is the configuration which I used to separate the Guest network from your main network:

iptables -t nat -I POSTROUTING -o `get_wanface` -j SNAT --to `nvram get wan_ipaddr`
iptables -I FORWARD -i br1 -m state --state NEW -j ACCEPT
iptables -I FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
iptables -I FORWARD -i br0 -o br1 -m state --state NEW -j DROP
iptables -I FORWARD -i br1 -d `nvram get lan_ipaddr`/`nvram get lan_netmask` -m state --state NEW -j DROP
iptables -t nat -I POSTROUTING -o br0 -j SNAT --to `nvram get lan_ipaddr`
iptables -I INPUT -i br1 -p udp --dport 67 -j ACCEPT
iptables -I INPUT -i br1 -p udp --dport 53 -j ACCEPT
iptables -I INPUT -i br1 -p tcp --dport 53 -j ACCEPT

With this configuration I was able to create a separated Guest WLAN.

iTunes 10.7 and Remote 2.4 on iOS 6 – How to reconnect

I recently tried to use my iPhone 4S with iOS 6 to control my iTunes 10.7 on my Macbook Pro. This used to work but the official Apple Remote App did not successfully connect to iTunes anymore.

I followed the knowledge base article and tried to reset all remote settings in iTunes, as well as controlling my wireless network settings. After several unsuccessful tries to pair both machines, I tried to switch my Macbook to LAN connectivity instead of WLAN. And this was the first clue, that the problems must have something to do with my network settings, as I could not pair my iPhone with iTunes anymore.

The key to success was to restart my WLAN router (AVM Fritz!Box 3270). Devices from AVM are known for their problems with Bonjour’s UDP Multicast packets. They are sometimes blocked when the router is running for too long without reboot. So restarting helped me a lot, because after this I could pair iPhone and iTunes again and could start controlling my Macbook’s iTunes again 🙂