Force LAN port 4 to use the Guest network for Asus/merlin RT-AC68U

[silicon101]

@drinkingbird - AC66U is on jonh9527 Asus-Merlin 374 LTS fork and may be nearing the EOL in terms of firmware support but since it still works I'm resisting the temption to upgrade.

As I'm new to using Putty to send cmd, can you advise what steps I use to add commands to a startup script? I actually made a script based on those posted alltough wasn't sure how to load it with Putty or if was easier with Ubuntu

​

 

[silicon101]

FWIW, this is the script i'd like to load at startup. I used Winscp to copy the file to /jffs/scripts although haven't figured out how to instruct router to run script each time router boots up? This is all new for me so apologies for being of the start of the learning curve.

#!/bin/sh
# force LAN ports 3 and 4 to use the Guest Network for RT-AC66U
robocfg vlan 1 ports "1 2 8t"
robocfg vlan 10 ports "3 4 8t"
vconfig add eth0 10
ifconfig vlan10 up
brctl addif br0 vlan10
ebtables -t broute -I BROUTING -p IPv4 -i vlan10 --ip-dst 192.168.1.0/24 --ip-proto tcp -j DROP
ebtables -t filter -I FORWARD -i vlan10 -o ! eth0 -j DROP
ebtables -t filter -I FORWARD -i ! eth0 -o vlan10 -j DROP

 

[drinkingbird]

FWIW, this is the script i'd like to load at startup. I used Winscp to copy the file to /jffs/scripts although haven't figured out how to instruct router to run script each time router boots up? This is all new for me so apologies for being of the start of the learning curve.

#!/bin/sh
# force LAN ports 3 and 4 to use the Guest Network for RT-AC66U
robocfg vlan 1 ports "1 2 8t"
robocfg vlan 10 ports "3 4 8t"
vconfig add eth0 10
ifconfig vlan10 up
brctl addif br0 vlan10
ebtables -t broute -I BROUTING -p IPv4 -i vlan10 --ip-dst 192.168.1.0/24 --ip-proto tcp -j DROP
ebtables -t filter -I FORWARD -i vlan10 -o ! eth0 -j DROP
ebtables -t filter -I FORWARD -i ! eth0 -o vlan10 -j DROP

There are a bunch of threads here on scripting, how to name it (depending when you want it to run) etc. If you're using 384 code you won't have the VLAN 50x so you will have to create your own, however you'll also need to set up DHCP ranges etc if you want DHCP to work? Or are you just using the same subnet as your main LAN? If so you'll need to allow DHCP and DNS in your rules I believe.

I believe the AC66U supports the 386 code base, given the security issues with 384 it would be advisable to upgrade then you can just use one or both of the existing VLANs.

 

[silicon101]

Thanks. I copied script to /jffs/scripts and when I run it, "/jffs/scripts/vlan.sh", vlans up and working as they should. Just need to understand whats needs to be added to run script on router bootup.

 

[drinkingbird]

Thanks. I copied script to /jffs/scripts and when I run it, "/jffs/scripts/vlan.sh", vlans up and working as they should. Just need to understand whats needs to be added to run script on router bootup.

The name you give the script determines when it is run

User scripts

Third party firmware for Asus routers (newer codebase) - RMerl/asuswrt-merlin.ng

github.com

services-start is what I used I believe.

 

[silicon101]

The name you give the script determines when it is run

User scripts

Third party firmware for Asus routers (newer codebase) - RMerl/asuswrt-merlin.ng

github.com

services-start is what I used I believe.

Thank you! Now working perfectly

 

[berc123]

Hi,

I have similar issue. I am using two ASUS XT8 routers (firmware version 388) in Master/Node mode. I have on master XT8 router USB modem as exclusive internet connection. It works perfectly. My WAN 2.5Gb wired port is not used and that is the problem. I would like configure that wired WAN port as an additional LAN port so I could connect my two XT8 routers through 2.5Gbit ports. I assume what is needed to activate DHCP for that port and setup some proper routing.

I am not experienced in the routing scripts so if anybody could write here some script, I would be very thankfull.