Isolate one ethernet port from my LAN

  • ATTENTION! As of November 1, 2020, you are not able to reply to threads 6 months after the thread is opened if there are more than 500 posts in the thread.
    Threads will not be locked, so posts may still be edited by their authors.
    Just start a new thread on the topic to post if you get an error message when trying to reply to a thread.

Teddyz

Occasional Visitor
I wanted to isolate one LAN-port so the computer I attached to it could not reach my other computers. Searching this forum I found a link to this page that promised this functionality with a one-liner:
Bash:
# eth3 maps to LAN port 2 on AX88U
ebtables -A FORWARD -i eth3 -o br0 -j DROP

I logged into my router via SSH and ran the command. I then connected the possibly malignant computer to LAN2 (one of the eight yellow ports on my AX88) and started it.
The computer has access to Internet but unfortunately also my local network, even if I do not think it did anything harmful.
Did I miss to do something or was the advice to use the ebtables-command wrong?

My system: RT-AX88U Firmware Version:386.2_beta2.
AX88U is also AiMesh master with one "satellite" attached.
 

L&LD

Part of the Furniture
First, 386.2 Beta 2?

Why are you not running the latest 386.3 Beta 2 (or are you)?

At least flash to the 386.2_6 final firmware for the 386.2.xx branch.

Second, I'm not sure if 'full' Bash runs (natively) on an RT-AX88U.
 

ColinTaylor

Part of the Furniture
Second, I'm not sure if 'full' Bash runs (natively) on an RT-AX88U.
"Bash:" is just the label of the box that the forum software puts there when you choose that formatting option, it doesn't mean anything.
C:
This is not C
 

thiggins

Mr. Easy
Staff member
Preferred way would be to use VLANs. Simple way would be to connect the computer via Wi-Fi to a guest network.
 

gavcol

New Around Here
Preferred way would be to use VLANs. Simple way would be to connect the computer via Wi-Fi to a guest network.
Hi,
Have you got any links to tutorials on setting up a vlan and assigning specific (or ranges) of IPs to that vlan ? (RT-AC5300)
I've read through so many pages but haven't yet found what I need. This is one of many pages I have remaining to read but would appreciate if you could steer me in a direction of where I can find the instructions.

Cheers
Gav
 

Geo92

Occasional Visitor
Preferred way would be to use VLANs. Simple way would be to connect the computer via Wi-Fi to a guest network.
Sorry to resurrect the thread, but I am wanting to accomplish this too. But Wi-Fi is not an option. I have a IPCAM connected via PoE to a switch which I want to isolate from the LAN. I was wondering if the point OP was on does work.

Not wanting the IPCAM to see the LAN, but still being able to easily access it via VPN from the outside and from the LAN itself.
 
Last edited:

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top