At first ... I'm not responsible, if you brick your router by using this documentation. If your fear it would be possible, stop HERE!
The following NVRAM-Settings need to take place:
Port 0 into WAN, 5 Router themselv
nvram set vlan1hwname=et0
nvram set vlan1ports="0 5"
Port 2, 3 and 4 into LAN, 5 Router themselv
nvram set vlan0hwname=et0
nvram set vlan0ports="2 3 4 5*"
Port 1 into DMZ, 5 Router themselv
nvram set vlan2hwname=et0
nvram set vlan2ports="1 5*"
Static IP-Address for DMZ-IF
nvram set dmz_ifname=vlan2
nvram set dmz_proto=static
nvram set dmz_ipaddr=172.18.20.5
nvram set dmz_netmask=255.255.255.0
save all the stuff
To bring automatically up the dmz-if, you need to add
ifup dmz with:
# sed "s/ifup lan/ifup lan@ ifup dmz/" \ /etc/init.d/S40network | tr '@' 'n' > /etc/init.d/S40network
To allow traffic forwarded by the new if, you will maybe add for example the following into
DMZ=$(nvram get dmz_ifname)
Allow Forward from DMZ into WAN
iptables -A FORWARD -i $DMZ -o $WAN -j ACCEPT
Allow Forward from DMZ into LAN
iptables -A FORWARD -i $DMZ -o $LAN -j ACCEPT
Allow Forward from LAN into DMZ
iptables -A FORWARD -i $LAN -o $DMZ -j ACCEPT
But it will be better to specify exactly, what services are allowed from and into DMZ!