Asus RT-AC68U Bridging for IoT Management Question

Post new topic   Reply to topic    DD-WRT Forum Forum Index -> Broadcom SoC based Hardware
Author Message
YaddaMinski
DD-WRT User


Joined: 24 Oct 2010
Posts: 294

PostPosted: Fri Feb 28, 2020 18:05    Post subject: Asus RT-AC68U Bridging for IoT Management Question Reply with quote
I am setting up said router to isolate IoT. My trusted VLAN is vlan1, Untrusted is vlan2. I want to allow, for example, trusted smartphone on vlan1 to be able to connect to Iot device on vlan2 but not allow vlan2 devices to initiate connections to vlan1. Can I set up this restricted bridging in the GUI or do I have enter a set of commands to achieve this functionality? What would the commands be if so?
Sponsor
kernel-panic69
DD-WRT Guru


Joined: 08 May 2018
Posts: 7209
Location: Texas, USA

PostPosted: Fri Feb 28, 2020 18:13    Post subject: Reply with quote
First hurdle would be to use vlan numbers that are not being used by default in the firmware for WAN port and LAN bridge. Second, not sure if the GUI tab works on that router, so you may have to do it via command line over telnet/ssh:

https://wiki.dd-wrt.com/wiki/index.php/Switched_Ports

_________________
Official Forum Rules, Guidelines, and Helpful InformationFirmware FAQInstallation WikiWhere Do I Download Firmware?
DON'T use Chromium-based browsersRTFM/STFW - TL;DR is NOT an excuse. • Why Should I Care What Color the Bikeshed Is?
Please DO NOT PM me with questions; Ask in the forum.

---------------------------------------------------------

Linux User #377467 counter.li.org / linuxcounter.net
YaddaMinski
DD-WRT User


Joined: 24 Oct 2010
Posts: 294

PostPosted: Fri Feb 28, 2020 18:54    Post subject: Reply with quote
kernel-panic69 wrote:
First hurdle would be to use vlan numbers that are not being used by default in the firmware for WAN port and LAN bridge. Second, not sure if the GUI tab works on that router, so you may have to do it via command line over telnet/ssh:

https://wiki.dd-wrt.com/wiki/index.php/Switched_Ports


Thank you for pointing out that reference page!
YaddaMinski
DD-WRT User


Joined: 24 Oct 2010
Posts: 294

PostPosted: Tue Mar 03, 2020 17:15    Post subject: Reply with quote
To ban traffic originating from IoT VLAN would I use the DROP rule in iptables? My question is that with this rule will IoT traffic still be allowed to reply to TRUSTED VLAN traffic to IoT VLAN that is initiated from Trusted VLAN?
egc
DD-WRT Guru


Joined: 18 Mar 2014
Posts: 6228
Location: Netherlands

PostPosted: Tue Mar 03, 2020 17:30    Post subject: Reply with quote
GUEST_IF="br1" # <-- must match guest network interface (br1, wl0.1, etc.)

PORT_DHCP="67"
PORT_DNS="53"

# limit guests to essential router services (icmp, dns, dhcp)
iptables -I INPUT -i $GUEST_IF -j REJECT
iptables -I INPUT -p icmp -i $GUEST_IF -j ACCEPT
iptables -I INPUT -p udp -i $GUEST_IF --dport $PORT_DHCP -j ACCEPT
iptables -I INPUT -p tcp -i $GUEST_IF --dport $PORT_DNS -j ACCEPT
iptables -I INPUT -p udp -i $GUEST_IF --dport $PORT_DNS -j ACCEPT

# deny access to private network by guests (internet only)
iptables -I FORWARD -i $GUEST_IF -o br0 -m state --state NEW -j REJECT

state NEW will let you access your iot network from your main network (br0)

_________________
Routers:Netgear R7800, R6400v1, R6400v2, Linksys EA8500, EA6900 (XvortexCFE), E2000 (converted WRT320N), WRT54GS v1.
OpenVPN Policy Based Routing guide: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=321686
Install guide R6400v2:http://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
OpenVPN Server Setup:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=318795
Install guide R7800: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
Wireguard Server setup guide:https://forum.dd-wrt.com/phpBB2/viewtopic.php?p=1183135
Wireguard Client setup guide:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324624
Wireguard Advanced setup guide:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324787
Forum Guide Lines (important read):https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087
Display posts from previous:    Page 1 of 1
Post new topic   Reply to topic    DD-WRT Forum Forum Index -> Broadcom SoC based Hardware All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum