I'm really trying hard but I'm a noob when it comes to shell scripts. I'm trying to create just basic isolation from the LAN on my guest network when my router is in AP mode. I followed this go by in this thread.
My script for services-start.sh is as follows with my LAN MAC address for the upstream router inserted for xx:xx:xx... :
I don't know if the script is executing or not on a reboot but if I execute is manually I get the following:
A couple of noob questions:
1) The services-start script does need the ".sh" on the end of it, correct?
2) Is there a way to tell if my 2.4GHz first guest network is really wl0.1 or is that just default
3) I don't really understand what the numbers are after the FORWARD command
Any help is appreciated. I don't care if my LAN clients see my guests at this point, I just don't want my guests to see anyone on the LAN but still have access to the internet.
My script for services-start.sh is as follows with my LAN MAC address for the upstream router inserted for xx:xx:xx... :
Code:
#!\bin\sh
#enable wifi guest isolation (for wifi clients only, not lan)
wl -i wl0.1 ap_isolate 1
#block lan access to/from wifi guests
ebtables -I FORWARD 1 -d Broadcast -j ACCEPT
ebtables -I FORWARD 1 -s xx:xx:xx:xx:xx:xx -j ACCEPT
ebtables -I FORWARD 1 -d xx:xx:xx:xx:xx:xx -j ACCEPT
ebtables -I FORWARD 4 -i wl0.1 -j DROP
ebtables -I FORWARD 4 -o wl0.1 -j DROP
I don't know if the script is executing or not on a reboot but if I execute is manually I get the following:
Code:
fuelrod@RT-AC88U:/jffs/scripts# sh services-start.sh
: not foundart.sh: line 2:
: not foundart.sh: line 5:
'.legal target name 'ACCEPT
'.legal target name 'ACCEPT
'.legal target name 'ACCEPT
'.legal target name 'DROP
The specified rule number is incorrect.
A couple of noob questions:
1) The services-start script does need the ".sh" on the end of it, correct?
2) Is there a way to tell if my 2.4GHz first guest network is really wl0.1 or is that just default
3) I don't really understand what the numbers are after the FORWARD command
Any help is appreciated. I don't care if my LAN clients see my guests at this point, I just don't want my guests to see anyone on the LAN but still have access to the internet.