Menu
What's new
By:
Filters Better Search

Lan port Isolation via Command line - how to

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

jvande

jvande

New Around Here
This may be a stupid newbie question, perhaps answered somewhere before, but I've looked and can't find the right information in all of the wrong places...

On the WIFI page, when "Access Intranet" is disabled, these 2 ebtables rules come into being:

-i wl0.1 -o ! eth0 -j DROP
-i ! eth0 -o wl0.1 -j DROP

Is there a similar command to isolate the lan ports? Id like to keep wired clients from seeing each other. Ideally, I'd like to be able to turn "on/off" individual intranet access to each of the ports while retaining Internet access. Is this possible? What command should I be looking for? IPTABLES, VLAN commands, NAT or EBTABLES or something else altogether? I'm assuming I'll need access to telnet or ssh.

Thanks - currently using asuswrt-merlin 3.0.0.4.266.23 version on a RT-N66U.
 
I too would like to be able to isolate a LAN port in the same way as you can a guest wifi network.

If anyone knows how to do this I'd be extremely grateful!

Thanks in advance,
MrB.
 
Not really. That's talking about filtering IP addresses and gives an examples of filtering IP address access to entire networks (wired, wireless, WAN) if I'm reading it correctly.

What I (and the original OP) want to do is to be able to block individual wired LAN ports from communicating with other devices on the LAN (and, for the sake of completeness WLAN).

In theory a client plugging into one of the wired LAN ports may have any address - so trying to block by IP would be easy to circumvent / not offer isolation based on port.
 
MrB said:
Not really. That's talking about filtering IP addresses and gives an examples of filtering IP address access to entire networks (wired, wireless, WAN) if I'm reading it correctly.

What I (and the original OP) want to do is to be able to block individual wired LAN ports from communicating with other devices on the LAN (and, for the sake of completeness WLAN).

In theory a client plugging into one of the wired LAN ports may have any address - so trying to block by IP would be easy to circumvent / not offer isolation based on port.
Click to expand...

This would be a great idea...I've been wanting this for an eternity to stop kids plugging cables into the spare LAN ports...have lockable plugs keeping them out at the moment!
 
You must log in or register to reply here.

Similar threads

R
Script to detect backup wan and disable certain devices from internet access
Replies
0
Views
340
RandomUser777
R
R
One router, two segments desired.
Replies
4
Views
392
Rombo
R
S
How to block DHCP protocol over a TAP site-to-site VPN (useful if you host separate DHCP subnet ranges at each site as part of a superset subnet)
Replies
0
Views
860
seabass
S
bengalih
Guest Wifi changes pre/post 386.x FW
Replies
15
Views
959
L&LD
L&LD
E
RT-AC68U router mode and port isolation
Replies
4
Views
620
Enigmas
E
Similar threads
Thread starter Title Forum Replies Date
N Connecting an ax58u to a BT homehub 5, via a lan port, and not getting internet access. Asuswrt-Merlin 3
P Google TV on lan port drops connection Asuswrt-Merlin 5
G LAN/WAN port status info Asuswrt-Merlin 1
SA_booley Port forwarding only works on LAN Asuswrt-Merlin 10
M [WAN feature request] GT-AXE16000 use 2.5G port as LAN and use 2 1GB ports for dual wan Asuswrt-Merlin 14
S RT-AX56U - Define LAN port to the guest network? Asuswrt-Merlin 18
S Philips Hue - LAN Port to be part of YazFi Wireless Guest Network Subnet Asuswrt-Merlin 8
C LAN > DHCP List - Manually Assigned Name + Icon DONT SAVE Asuswrt-Merlin 4
M OpenVPN clients cannot connect to LAN computers. Asuswrt-Merlin 0
G RESOLVED: Lost access to WebUI from LAN, SSH is working Asuswrt-Merlin 1

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Total: 841 (members: 17, guests: 824)
Top