So, what you are saying, if I've got this right, is set-up the second router in router mode, not AP, and then use firewall rules?
iptables -I FORWARD -d $(nvram get wan0_ipaddr)/$(nvram get wan0_netmask) -j REJECT
iptables -I INPUT -i br0 -j $REJECT
iptables -I INPUT -i br0 -p udp --dport 67 -j ACCEPT # dhcp
iptables -I INPUT -i br0 -p udp --dport 53 -j ACCEPT # dns
iptables -I INPUT -i br0 -p tcp --dport 53 -j ACCEPT # dns
iptables -I INPUT -i br0 -p icmp -j ACCEPT # ping (optional)
Welcome To SNBForums
SNBForums is a community for anyone who wants to learn about or discuss the latest in wireless routers, network storage and the ins and outs of building and maintaining a small network.
If you'd like to post a question, simply register and have at it!
While you're at it, please check out SmallNetBuilder for product reviews and our famous Router Charts, Ranker and plenty more!