gargoyle icon indicating copy to clipboard operation
gargoyle copied to clipboard

Published 20 hours ago verified publisher icon ericpaulbishop

No DHCP for Guest Wi-Fi

Open n3vu0r opened this issue 4 years ago • 4 comments

In master branch DHCP doesn't work when connecting to guest Wi-Fi. Setting up IP address, gateway, and so on manually on client side still doesn't allow connections.

n3vu0r avatar Jul 03 '21 18:07 n3vu0r

If Gargoyle is not the DHCP provider, this is currently "not a bug" and more of a feature request.

Guest wifi blocks all access to the network except for port 67 (DHCP) ans 53 (DNS) to Gargoyle ONLY. The guest network is treated as hostile.

lantis1008 avatar Jul 03 '21 23:07 lantis1008

Ah, I see. Yes, that is the case, Gargoyle is not the DHCP provider. I assume DNS is still working then as long as Gargoyle knows about DNS servers.

So, for DHCP and DHCPv6, two form inputs for an IPv4 and IPv6 address would be needed to allow discovery broadcasts of potentially hostile clients to be received only by these two whitelisted addresses? I assume ARP and NDP is not a good idea then and probably already blocked by not allowing ICMP and ICMPv6?

n3vu0r avatar Jul 04 '21 09:07 n3vu0r

Yes something like that. Its controlled by the function here: https://github.com/ericpaulbishop/gargoyle/blob/master/package/gargoyle-firewall-util/files/gargoyle_firewall_util.sh#L662 In particular L681 drops all forwarded traffic. You could add some ACCEPT rules (and make sure they are in the right order so the DROP is last).

If you wanted to try that and let me know how you go, i can look at whether it can be included as a feature.

lantis1008 avatar Jul 04 '21 10:07 lantis1008

Thanks, I think I understand how it works. Maybe this weekend I can try some rules.

n3vu0r avatar Jul 05 '21 16:07 n3vu0r