janico82
Occasional Visitor
Hello Guys,
I'm writing this post to share the update version of the script I made that automatically creates ethernet bridge instances {bridge} for network isolation, based on the active Guest Networks. An ethernet bridge is a device commonly used to aggregate other individual ethernets (like: eth1, eth2, wl0.1, …) into one bigger ('logical') ethernet, this bigger ethernet corresponds to the bridge network interface. So it’s possible to create automatic separated networks allowing to isolate Guest Network traffic from the main network (lan).
The script was based on Renjie Wu’s blog post about "LAN port isolation" and the well-known script: YazFi from @Jack Yaz
This script is able to work with Wireless guest networks (wl0.2, wl0.3, wl1.2 and wl1.3) on AsusWRT-Merlin, and allows to:
* Automatic creation of ethernet bridge instances, based on active guest wireless networks and settings.
* Manage wireless interface isolation, for the interfaces mapped in the bridge instance.
* Map other ethernet interfaces to the bridge instance.
* Manage Internet and one-way access for the bridge instance.
* Custom DHCP(ip range, default gateway and static list) and DNS settings for the bridge instance.
* Custom ethernet bridge and packet filtering rules for the bridge instance.
For ethernet bridge instances created by AsusWRT-Merlin (br1 and br2), the script allows to:
* Manage wireless interface isolation, for the interfaces mapped in the bridge instance.
* Map other ethernet interfaces to the bridge instance.
* Manage Internet and one-way access for the bridge instance.
* Custom DHCP(static list) and DNS settings for the bridge instance.
* Custom ethernet bridge and packet filtering rules for the bridge instance.
** ChangeLog **
v.1.2.4
* Bugfix: enable Spanning Tree Protocol for the default bridge(br0) when using sbnMerlin.
* Bugfix: regex formula problem applied to the custom iptables nat table. [Thanks to @arne123 ]
* Bugfix: internet access iptables rule optimization, and problem in iptables with dual wan failover or load balance. [Thanks to @arne123 and @Mikey Dread ]
v.1.2.1
* New feature: ability to configure bridge-specific DNS servers. [Thanks to @visortgw ]
* Bugfix: dnsmasq and hosts files miss configuration with multiple bridges caused by wrong sed pattern. [Thanks to @arne123 ]
* Bugfix: problem with the removal of bridge(br9) when the SSID of wl0.3 and wl1.3 are changed to a different name. [Thanks to @visortgw ]
**ATTENTION**: This script is not compatible with other network isolation scripts.
Running configuration example:
This project is hosted on GitHub
Is free to use under the GNU General Public License version 3 (GPL 3.0).
It has been tested extensively on the following devices:
Supported firmware versions
You must be running firmware no older than:
Using your preferred SSH client/terminal, copy and paste the following command, then press Enter:
Please then follow instructions shown on-screen.
Usage
Command Line
To launch the sbnMerlin menu after installation, use:
For more details on the sbnMerlin configuration items, please check the FAQ's section on GitHub.
The configuration file is located at:
It's possible to use sbnMerlin default editor for managing configuration items, or your prefered editor. sbnMerlin checks every 10 minutes for changes in the configuration file. If you need to apply a configuration immediately, use the sbnMerlin menu.
I'm writing this post to share the update version of the script I made that automatically creates ethernet bridge instances {bridge} for network isolation, based on the active Guest Networks. An ethernet bridge is a device commonly used to aggregate other individual ethernets (like: eth1, eth2, wl0.1, …) into one bigger ('logical') ethernet, this bigger ethernet corresponds to the bridge network interface. So it’s possible to create automatic separated networks allowing to isolate Guest Network traffic from the main network (lan).
The script was based on Renjie Wu’s blog post about "LAN port isolation" and the well-known script: YazFi from @Jack Yaz
This script is able to work with Wireless guest networks (wl0.2, wl0.3, wl1.2 and wl1.3) on AsusWRT-Merlin, and allows to:
* Automatic creation of ethernet bridge instances, based on active guest wireless networks and settings.
* Manage wireless interface isolation, for the interfaces mapped in the bridge instance.
* Map other ethernet interfaces to the bridge instance.
* Manage Internet and one-way access for the bridge instance.
* Custom DHCP(ip range, default gateway and static list) and DNS settings for the bridge instance.
* Custom ethernet bridge and packet filtering rules for the bridge instance.
For ethernet bridge instances created by AsusWRT-Merlin (br1 and br2), the script allows to:
* Manage wireless interface isolation, for the interfaces mapped in the bridge instance.
* Map other ethernet interfaces to the bridge instance.
* Manage Internet and one-way access for the bridge instance.
* Custom DHCP(static list) and DNS settings for the bridge instance.
* Custom ethernet bridge and packet filtering rules for the bridge instance.
** ChangeLog **
v.1.2.4
* Bugfix: enable Spanning Tree Protocol for the default bridge(br0) when using sbnMerlin.
* Bugfix: regex formula problem applied to the custom iptables nat table. [Thanks to @arne123 ]
* Bugfix: internet access iptables rule optimization, and problem in iptables with dual wan failover or load balance. [Thanks to @arne123 and @Mikey Dread ]
v.1.2.1
* New feature: ability to configure bridge-specific DNS servers. [Thanks to @visortgw ]
* Bugfix: dnsmasq and hosts files miss configuration with multiple bridges caused by wrong sed pattern. [Thanks to @arne123 ]
* Bugfix: problem with the removal of bridge(br9) when the SSID of wl0.3 and wl1.3 are changed to a different name. [Thanks to @visortgw ]
**ATTENTION**: This script is not compatible with other network isolation scripts.
Running configuration example:
Code:
root:/tmp/home/root# brctl show
bridge name bridge id STP enabled interfaces
br0 8000.04421xxxxxxx no eth1
eth5
eth6
eth6.0
eth7
eth7.0
br1 8000.04421xxxxxxx yes eth1.501
eth3
eth3.501
eth5.501
eth6.501
eth7.501
wl0.1
br8 8000.04421xxxxxxx yes eth2
eth4
wl0.2
wl1.2
root:/tmp/home/root# ifconfig br0
br0 Link encap:Ethernet HWaddr ab:cb:ef:01:23:45
inet addr:192.168.50.1 Bcast:192.168.50.255 Mask:255.255.255.0
UP BROADCAST RUNNING ALLMULTI MULTICAST MTU:1500 Metric:1
RX packets:379423 errors:0 dropped:8 overruns:0 frame:0
TX packets:770385 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:92423595 (88.1 MiB) TX bytes:375266405 (357.8 MiB)
root:/tmp/home/root# ifconfig br1
br1 Link encap:Ethernet HWaddr ab:cb:ef:01:23:45
inet addr:192.168.101.1 Bcast:192.168.101.255 Mask:255.255.255.0
UP BROADCAST RUNNING ALLMULTI MULTICAST MTU:1500 Metric:1
RX packets:444 errors:0 dropped:444 overruns:0 frame:0
TX packets:63605 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:26640 (26.0 KiB) TX bytes:9386700 (8.9 MiB)
root:/tmp/home/root# ifconfig br8
br8 Link encap:Ethernet HWaddr ab:cb:ef:01:23:45
inet addr:192.168.108.1 Bcast:192.168.108.255 Mask:255.255.255.0
UP BROADCAST RUNNING ALLMULTI MULTICAST MTU:1500 Metric:1
RX packets:16764544 errors:0 dropped:25196 overruns:0 frame:0
TX packets:84869956 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:5262801805 (4.9 GiB) TX bytes:116707141040 (108.6 GiB)
This project is hosted on GitHub
Is free to use under the GNU General Public License version 3 (GPL 3.0).
It has been tested extensively on the following devices:
- RT-AX86U (Tested)
Supported firmware versions
You must be running firmware no older than:
- Asuswrt-Merlin 384.5
- john9527 fork 374.43_32D6j9527
Using your preferred SSH client/terminal, copy and paste the following command, then press Enter:
Code:
/usr/sbin/curl -fsL --retry 3 "https://janico82.gateway.scarf.sh/asuswrt-merlin/sbnMerlin/master/sbnMerlin.sh" -o /jffs/scripts/sbnMerlin && chmod 0755 /jffs/scripts/sbnMerlin && /jffs/scripts/sbnMerlin install
Please then follow instructions shown on-screen.
Usage
Command Line
To launch the sbnMerlin menu after installation, use:
Code:
sh /jffs/scripts/sbnMerlin
Code:
#############################################################
## _ __ __ _ _ ##
## ___| |__ _ __ | \/ | ___ _ __| (_)_ __ ##
## / __| '_ \| '_ \| |\/| |/ _ \ '__| | | '_ \ ##
## \__ \ |_) | | | | | | | __/ | | | | | | | ##
## |___/_.__/|_| |_|_| |_|\___|_| |_|_|_| |_| ##
## ##
## https://github.com/janico82/sbnMerlin ##
## ##
#############################################################
sbnMerlin Main menu
1n. Edit configuration (editor: nano)
1v. Edit configuration (editor: vi)
2. Run configuration
3. List clients
d. Diagnostics menu
u. Update check
e. Exit
z. Uninstall
#############################################################
Choose an option:
For more details on the sbnMerlin configuration items, please check the FAQ's section on GitHub.
The configuration file is located at:
Code:
/jffs/addons/sbnMerlin.d/sbnMerlin.conf
It's possible to use sbnMerlin default editor for managing configuration items, or your prefered editor. sbnMerlin checks every 10 minutes for changes in the configuration file. If you need to apply a configuration immediately, use the sbnMerlin menu.
Last edited: