jbschirtz
New Around Here
Hey guys. I've got some Ubiquiti access points that I want to isolate for guest access only. I have everything I want isolated plugged in on port 4 on an AC5300 running merlin firmware version 384.15.
I've read the following links:
https://www.snbforums.com/threads/f...network-for-asus-merlin-rt-ac68u.18969/page-3
https://www.snbforums.com/threads/connecting-2-vlans-for-2-guest-wifi.60126/page-2#post-526228
In light of those links, I've tried the following script:
For the sake of testing, I commented out the ebtables rules assuming I should be able to get to vlan100 from a computer plugged into vlan1. Ultimately, I am seeking to eliminate web interface access to the 192.168.1.0 network router. When I try to access vlan100 from the computer on vlan1, I cannot reach it. Clearly, either my assumption is wrong, or the code I am using is somehow wrong. Anyone know of anything I am missing?
I've read the following links:
https://www.snbforums.com/threads/f...network-for-asus-merlin-rt-ac68u.18969/page-3
https://www.snbforums.com/threads/connecting-2-vlans-for-2-guest-wifi.60126/page-2#post-526228
In light of those links, I've tried the following script:
Code:
#! /bin/sh
# force LAN port 4 to use the Guest Network
robocfg vlan 1 ports "1 2 3 5 7 8t"
robocfg vlan 2 ports "0 8u"
robocfg vlan 100 ports "4 8t"
vconfig add eth0 brctl addif br0 vlan100
ebtables -t broute -I BROUTING -p IPv4 -i vlan100 --ip-dst 192.168.1.0/24 --ip-proto tcp -j DROP
ebtables -t filter -I FORWARD -i vlan100 -o ! vlan2 -j DROP
ebtables -t filter -I FORWARD -i ! vlan2 -o vlan100 -j DROPFor the sake of testing, I commented out the ebtables rules assuming I should be able to get to vlan100 from a computer plugged into vlan1. Ultimately, I am seeking to eliminate web interface access to the 192.168.1.0 network router. When I try to access vlan100 from the computer on vlan1, I cannot reach it. Clearly, either my assumption is wrong, or the code I am using is somehow wrong. Anyone know of anything I am missing?
