Wrong World
New Around Here
Hello,
This is my first post in this forum. It is now three weeks that I am reading many posts here on how to better tailor my RT-AC66U_B1 router (running Asuswrt-Merlin 380.69_2) to my needs. So, piece by piece, I've assembled a quite lenghty firewall-start script and a much smaller nat-script where I do all my business. I would like to thank the many contributors of this forums for the hints I've learnt during this time.
I will not talk about nat-script, as it just contains few rules to port forward connections to my VOIP ATA. Indeed, it's firewall-start which contains all my logic: VLAN / bridges creation, IP addresses, iptables rules, and a code fragment where the guest Wi-Fi networks are moved out of br0 and added to br1, br2, ... according to my VLAN scheme and the required isolation from my main LAN.
For now I have only two guest networks defined: wl0.1 and wl0.2. wl0.2 is actually a network dedicated to isolate Smart TVs, and it has no time limit. wl0.1 is switched on only when I need it, and here lies my problem: changing the status of the guest network from on to off, or vice-versa, puts back wl0.1 and wl0.2 into the br0 bridge. I understand the firmware cannot be aware of my changes, however the firewall-start (nor nat-start) is not fired after any change to a guest network, and the result is that the guest networks are left associated to the "wrong" bridge, loosing their isolation.
Until now, I've solved the annoyance by manually enabling and disabling the firewall logging using the GUI. Each of these actions will trigger nat-start/firewall-start and the guest networks end up in the proper place, but I am asking if there isn't a more elegant solution, of if there is another supported script which is triggered by guest network changes.
Thanks a lot in advance.
This is my first post in this forum. It is now three weeks that I am reading many posts here on how to better tailor my RT-AC66U_B1 router (running Asuswrt-Merlin 380.69_2) to my needs. So, piece by piece, I've assembled a quite lenghty firewall-start script and a much smaller nat-script where I do all my business. I would like to thank the many contributors of this forums for the hints I've learnt during this time.
I will not talk about nat-script, as it just contains few rules to port forward connections to my VOIP ATA. Indeed, it's firewall-start which contains all my logic: VLAN / bridges creation, IP addresses, iptables rules, and a code fragment where the guest Wi-Fi networks are moved out of br0 and added to br1, br2, ... according to my VLAN scheme and the required isolation from my main LAN.
For now I have only two guest networks defined: wl0.1 and wl0.2. wl0.2 is actually a network dedicated to isolate Smart TVs, and it has no time limit. wl0.1 is switched on only when I need it, and here lies my problem: changing the status of the guest network from on to off, or vice-versa, puts back wl0.1 and wl0.2 into the br0 bridge. I understand the firmware cannot be aware of my changes, however the firewall-start (nor nat-start) is not fired after any change to a guest network, and the result is that the guest networks are left associated to the "wrong" bridge, loosing their isolation.
Until now, I've solved the annoyance by manually enabling and disabling the firewall logging using the GUI. Each of these actions will trigger nat-start/firewall-start and the guest networks end up in the proper place, but I am asking if there isn't a more elegant solution, of if there is another supported script which is triggered by guest network changes.
Thanks a lot in advance.
