Menu
What's new
By:
Filters Better Search

sbnMerlin 1.2.4 - Network Isolation Tool based on Guest Networks, May 11 2024

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

networkdown said:
Hello thanks for working on this script. I may be a total noob but I am trying to just have 1 guest network for all my IoT devices, but allow my private main LAN one way access to it.

Your script automatically has br3 active with all others disabled. How would I be able to config this to? I am using a RT-AX86U and the guest LAN is using the 192.168.101.0 subnet.
Click to expand...
@networkdown, I assume that you have enabled the 2.4GHz Guest Network 2.

The sbnMerlin will create the bridge(br3) to isolate that guest network.
Then you must change the following options of the configuration file:
br3_ipaddr="192.168.103.1" -> "192.168.101.1"
br3_dhcp_start="192.168.103.2" -> "192.168.101.2"
br3_dhcp_end="192.168.103.254" ->"192.168.101.254"
br3_allow_onewayaccess=0 -> 1.

For other options please check the FAQs.
 
Last edited:
janico82 said:
@Rajjco, you can't run sbnMerlin script in AP mode devices, and also, sbnMerlin can't for now allow only dns requests.
I'm still developing a method to give more control to the custom firewall rules function, so stay tuned.

For your scenario, I would install the sbnMerlin script in the main device, activate the Guest Network 1 or 2 with AIMesh enabled to the AP mode device, and deny Internet access to that network.

Now I must ask you why you need to allow dns requests to pass through the main network?
Click to expand...
I have Adguard Home on my main network which I would like it to filter dns requests coming out of the guest network.
 
Rajjco said:
I have Adguard Home on my main network which I would like it to filter dns requests coming out of the guest network.
Click to expand...
Ok! I need to finish the development, and then I'll ask for your help to test it.
 
janico82 said:
Ok! I need to finish the development, and then I'll ask for your help to test it.
Click to expand...
Update:

Was able to achieve that by adding a static route for the guest network dns ip 192.168.101.1 to route traffic to Adguard Home ip all from the webui.

Also switched the second router from AP mode to Ai Mesh Node and from the main Router I broadcasted the Guest Network to the node using this option.
Untitled.png


Thanks for giving me the idea to setup Ai Mesh.

Edit:
no need to add a static route enabling dns director and setting it to router did the trick.

Edit2:
Actually 192.168.101.1 automatically sends dns requests to the address set on the DHCP server which in my case Is Aduard Home.
 
Last edited:
Rajjco said:
Update:

Was able to achieve that by adding a static route for the guest network dns ip 192.168.101.1 to route traffic to Adguard Home ip all from the webui.

Also switched the second router from AP mode to Ai Mesh Node and from the main Router I broadcasted the Guest Network to the node using this option.
View attachment 59225

Thanks for giving me the idea to setup Ai Mesh.

Edit:
no need to add a static route enabling dns director and setting it to router did the trick.

Edit2:
Actually 192.168.101.1 automatically sends dns requests to the address set on the DHCP server which in my case Is Aduard Home.
Click to expand...
Thanks for the feedback.
 
You must log in or register to reply here.

Similar threads

K
Double NAT?
Replies
1
Views
547
krl69
K
A
ASUS Dual WAN Failover, Then Failback, Leaves Secondary LAN in "Hot Standby"
Replies
4
Views
884
Kingp1n
K
B
ASUS 89X - Slow WiFi
Replies
7
Views
842
ben29
B
PaulA
Port isolation on RT-AX88U-Pro (router) w/ Merlin w/ Tagged internet ISP
Replies
1
Views
549
PaulA
PaulA
Spc
RT-AX86U - Jumbo frames for 2.5GbE port.
2
Replies
38
Views
7K
Spc
Spc
Similar threads
Thread starter Title Forum Replies Date
Viktor Jaep RTRMON RTRMON v2.0.16 -June 3, 2024- Monitor your Router's Health (New: AMTM, Network Conn/Bandwidth/Diag + Port Scanner + Speedtest) (Now BE9x Compatible!) Asuswrt-Merlin AddOns 129
P Make sure "git clone" does not go through WireGuard VPN when it is applied to whole network Asuswrt-Merlin AddOns 0
B YazFi YazFi Guest Network unable to access Pi-Hole DNS server Asuswrt-Merlin AddOns 22
B Yazfi: VPN Server for guest network access only Asuswrt-Merlin AddOns 10
Gary_Dexter YazFi Allow client in isolated network to speak to main network Asuswrt-Merlin AddOns 5
P YazFi hostname and ip address UNKNOWN for all guest network devices Asuswrt-Merlin AddOns 29
lluke YazFi, ntpMerlin and guest network isolation Asuswrt-Merlin AddOns 1
TheLyppardMan YazDHCP Does YazDHCP back up all known network clients or just those with a static IP? Asuswrt-Merlin AddOns 2

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Total: 667 (members: 36, guests: 631)
Top