What's new

Isolate one ethernet port from my LAN

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Teddyz

Occasional Visitor
I wanted to isolate one LAN-port so the computer I attached to it could not reach my other computers. Searching this forum I found a link to this page that promised this functionality with a one-liner:
Bash:
# eth3 maps to LAN port 2 on AX88U
ebtables -A FORWARD -i eth3 -o br0 -j DROP

I logged into my router via SSH and ran the command. I then connected the possibly malignant computer to LAN2 (one of the eight yellow ports on my AX88) and started it.
The computer has access to Internet but unfortunately also my local network, even if I do not think it did anything harmful.
Did I miss to do something or was the advice to use the ebtables-command wrong?

My system: RT-AX88U Firmware Version:386.2_beta2.
AX88U is also AiMesh master with one "satellite" attached.
 
First, 386.2 Beta 2?

Why are you not running the latest 386.3 Beta 2 (or are you)?

At least flash to the 386.2_6 final firmware for the 386.2.xx branch.

Second, I'm not sure if 'full' Bash runs (natively) on an RT-AX88U.
 
Second, I'm not sure if 'full' Bash runs (natively) on an RT-AX88U.
"Bash:" is just the label of the box that the forum software puts there when you choose that formatting option, it doesn't mean anything.
C:
This is not C
 
I would be interested to know if there is a way to accomplish what the OP is trying to do.
 
Preferred way would be to use VLANs. Simple way would be to connect the computer via Wi-Fi to a guest network.
 
Preferred way would be to use VLANs. Simple way would be to connect the computer via Wi-Fi to a guest network.
Hi,
Have you got any links to tutorials on setting up a vlan and assigning specific (or ranges) of IPs to that vlan ? (RT-AC5300)
I've read through so many pages but haven't yet found what I need. This is one of many pages I have remaining to read but would appreciate if you could steer me in a direction of where I can find the instructions.

Cheers
Gav
 
Preferred way would be to use VLANs. Simple way would be to connect the computer via Wi-Fi to a guest network.
Sorry to resurrect the thread, but I am wanting to accomplish this too. But Wi-Fi is not an option. I have a IPCAM connected via PoE to a switch which I want to isolate from the LAN. I was wondering if the point OP was on does work.

Not wanting the IPCAM to see the LAN, but still being able to easily access it via VPN from the outside and from the LAN itself.
 
Last edited:

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top