hardtotell
Regular Contributor
I needed to restrict LAN port#4 for Internet only use, just like the Wireless Guest Network access.  Then I plug an 8-port Ethernet switch into LAN port 4 of the RT-AC68U router, to expand the number of Internet-only wired connections.  It is for attaching wired network devices that have no business on my local area network, but need to access the Internet.
After a couple hours of research I got it working. Here it is. It should restrict LAN port#4 to the Internet only, exactly like the Wireless Guest Network access built into the router. Anyone see a hole? Suggestions? Thank you.
/jffs/scripts/services-start
	
	
	
		
				
			After a couple hours of research I got it working. Here it is. It should restrict LAN port#4 to the Internet only, exactly like the Wireless Guest Network access built into the router. Anyone see a hole? Suggestions? Thank you.
/jffs/scripts/services-start
		Code:
	
	#!/bin/sh
# force LAN port 4 to use the Guest network
robocfg vlan 1 ports "1 2 3 5t"
robocfg vlan 10 ports "4 5t"
vconfig add eth0 10
ifconfig vlan10 up
brctl addif br0 vlan10
ebtables -t broute -I BROUTING -p IPv4 -i vlan10 --ip-dst 192.168.1.0/24 --ip-proto tcp -j DROP
ebtables -t filter -I FORWARD  -i vlan10 -o ! vlan2 -j DROP
ebtables -t filter -I FORWARD  -i ! vlan2 -o vlan10 -j DROP 
	
 
 
		 
 
		
 
 
		 
 
		 
 
		 
 
		 
 
		