What's new

sbnMerlin 1.2.6 - Network Isolation Tool based on Guest Networks, June 26 2024

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Hello thanks for working on this script. I may be a total noob but I am trying to just have 1 guest network for all my IoT devices, but allow my private main LAN one way access to it.

Your script automatically has br3 active with all others disabled. How would I be able to config this to? I am using a RT-AX86U and the guest LAN is using the 192.168.101.0 subnet.
@networkdown, I assume that you have enabled the 2.4GHz Guest Network 2.

The sbnMerlin will create the bridge(br3) to isolate that guest network.
Then you must change the following options of the configuration file:
br3_ipaddr="192.168.103.1" -> "192.168.101.1"
br3_dhcp_start="192.168.103.2" -> "192.168.101.2"
br3_dhcp_end="192.168.103.254" ->"192.168.101.254"
br3_allow_onewayaccess=0 -> 1.

For other options please check the FAQs.
 
Last edited:
@Rajjco, you can't run sbnMerlin script in AP mode devices, and also, sbnMerlin can't for now allow only dns requests.
I'm still developing a method to give more control to the custom firewall rules function, so stay tuned.

For your scenario, I would install the sbnMerlin script in the main device, activate the Guest Network 1 or 2 with AIMesh enabled to the AP mode device, and deny Internet access to that network.

Now I must ask you why you need to allow dns requests to pass through the main network?
I have Adguard Home on my main network which I would like it to filter dns requests coming out of the guest network.
 
I have Adguard Home on my main network which I would like it to filter dns requests coming out of the guest network.
Ok! I need to finish the development, and then I'll ask for your help to test it.
 
Ok! I need to finish the development, and then I'll ask for your help to test it.
Update:

Was able to achieve that by adding a static route for the guest network dns ip 192.168.101.1 to route traffic to Adguard Home ip all from the webui.

Also switched the second router from AP mode to Ai Mesh Node and from the main Router I broadcasted the Guest Network to the node using this option.
Untitled.png


Thanks for giving me the idea to setup Ai Mesh.

Edit:
no need to add a static route enabling dns director and setting it to router did the trick.

Edit2:
Actually 192.168.101.1 automatically sends dns requests to the address set on the DHCP server which in my case Is Aduard Home.
 
Last edited:
Update:

Was able to achieve that by adding a static route for the guest network dns ip 192.168.101.1 to route traffic to Adguard Home ip all from the webui.

Also switched the second router from AP mode to Ai Mesh Node and from the main Router I broadcasted the Guest Network to the node using this option.
View attachment 59225

Thanks for giving me the idea to setup Ai Mesh.

Edit:
no need to add a static route enabling dns director and setting it to router did the trick.

Edit2:
Actually 192.168.101.1 automatically sends dns requests to the address set on the DHCP server which in my case Is Aduard Home.
Thanks for the feedback.
 
I'm on it and, in advanced, I'm very noob with network topics :) I have enabled Guest Network index 1, because I need to use all the aimesh nodes; so reading all the thread, I understood I need to change the bridge3, right?
 
So, it won't extended to all the aimesh nodes? Because I don't see the option Guest network on AiMesh in Guest 2 or 3
 
Morning, I have disables Guest 1, and enabled 2. But now the script doesn't create the bridges

Code:
i5js@asus:/tmp/home/root# brctl show
bridge name    bridge id        STP enabled    interfaces
br0        8000.c87f54bf2584    no        bond0
                            eth10
                            eth3
                            eth4
                            eth5
                            eth6
                            eth7
                            eth8
                            eth9
                            wl3.2

For some reason, my router doesn't create wl0.2 even the guest 2 is enabled, but wl3.2
 
Last edited:
I have enabled Guest 1, just to test. I'm trying to assign statics IP, but I'm getting this error:

Code:
Jun 12 10:05:49 sbnMerlin[30344]: Configuration change detected on script(sbnMerlin) .config file.
Jun 12 10:05:49 sbnMerlin[30344]: Error: Invalid configuration gathered, using defaults(0).
Jun 12 10:05:49 sbnMerlin[30344]: Error: Invalid DHCPv4 address gathered from config, using defaults(192.168.101.2).
Jun 12 10:05:49 sbnMerlin[30344]: Error: Invalid DHCPv4 address gathered from config, using defaults(192.168.101.254).
Jun 12 10:05:50 sbnMerlin[30344]: Error: Invalid dns configuration gathered, using defaults(0.0.0.0).
Jun 12 10:05:50 sbnMerlin[30344]: Error: Invalid dns configuration gathered, using defaults(0.0.0.0).
Jun 12 10:05:50 sbnMerlin[30344]: Error: Invalid dns configuration gathered, using defaults(0.0.0.0).
Jun 12 10:05:50 sbnMerlin[30344]: Error: Invalid dns configuration gathered, using defaults(0.0.0.0).

The settings:

Code:
#### Settings for Bridge 3 ####           
br3_enabled=1                 
br3_ifnames=""                 
br3_ipaddr="192.168.101.1"     
br3_netmask="255.255.255.0"   
br3_dhcp_start="192.168.101.2"
br3_dhcp_end="192.168.101.254"
br3_dns1_x="1.1.1.1"           
br3_dns2_x="1.0.0.1"           
br3_staticlist="<mac>192.168.101.2>echoshow" (it doesn't work either br3_staticlist="<mac>192.168.101.2>>echoshow" or without ""
br3_ap_isolate=1                                         
br3_allow_internet=1                                     
br3_allow_onewayaccess=1                                 
br3_allow_routeraccess=0
 
I'm on it and, in advanced, I'm very noob with network topics :) I have enabled Guest Network index 1, because I need to use all the aimesh nodes; so reading all the thread, I understood I need to change the bridge3, right?
Thanks for the feedback @i5Js!

sbnMerlin works with AiMesh Guest Wireless networks but with limited options.

The 2.4GHz Guest Network index 1 in RT-AX86U is bridge(br1), that by default is disabled, so you need to change the br1_enabled option to 1.

I suppose that the 2.4GHz Guest Network index 1 in AXE16000 is the same. For testing proposes disable all Guest Wireless Networks and enable just the index 1. Then run the following command, and check the "wl" interface:
Bash:
brctl show
 
Last edited:
Hello @janico82 Thanks for your answer.

So, is it recomended to enable Guest1? Because with the 2 and next, I can't see the extend option to the aimesh nodes.

If works with Guest 2, I can enable it, so, which br should I enable?

Thanks again.
 
@i5Js, it depends on your needs! If you have extended wireless networks with AiMesh you must use the Guest index 1.

Remember that you must enable the Guest Network with intranet access disabled.
 
Ok, I will do then.
I suppose that the 2.4GHz Guest Network index 1 in AXE16000 is the same. For testing proposes disable all Guest Wireless Networks and enable just the index 1. Then run the following command, and check the "wl" interface:

it is wl3.1
 
The 2.4GHz Guest Network index 1 in RT-AX86U is bridge(br1), that by default is disabled, so you need to change the br1_enabled option to 1.
Those are the settings for br1:

Code:
#### Settings for Bridge 1 ####                           
br1_enabled=0                                             
br1_ifnames=""                                             
br1_dns1_x=""                                             
br1_dns2_x=""                                             
br1_staticlist=""                                         
br1_ap_isolate=1                                           
br1_allow_internet=1                                       
br1_allow_onewayaccess=0                                   
br1_allow_routeraccess=0

May I add ipaddr, netmask, and dhcp like the other br?
 
Ok, I will do then.


it is wl3.1

Sorry @i5Js I was looking for information about the router AXE16000, and I've found that it is a tri-band router with the following frequencies 2.4 GHz / 5 GHz / 6 GHz. Could you send me privately, a print screen of the Guest Network management webpage?

Thanks.
 
@i5Js it seams that you have the following frequencies/options 2.4 GHz, 5 GHz-1, 5 GHz-2, 6 GHz.

sbnMerlin was created with the frequencies/options 2.4 GHz and 5 GHz, so I must develop the order frequencies/options.

If you enable the 2.4 GHz Guest Network index 1 with intranet access disable, sbnMerlin will create bridge(br1).
If you enable the 5 GHz-1 Guest Network index 1 with intranet access disable, sbnMerlin will create bridge(br2).

Then run the following command
Bash:
brctl show
 
Done!

Code:
i5Js@asus:/tmp/home/root# brctl show
bridge name    bridge id        STP enabled    interfaces
br0        8000.c87f54bf2584    no        bond0
                            eth10
                            eth3
                            eth4
                            eth5
                            eth6
                            eth7
                            eth8
                            eth9
br1        8000.c27f54bf2585    yes        eth1.501
                            eth10.501
                            eth2.501
                            eth3.501
                            eth4.501
                            eth5.501
                            eth6.501
                            eth7.501
                            eth8.501
                            eth9.501
                            wl3.1
 

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top