At first ... I'm not responsible, if you brick your router by using this documentation. If your fear it would be possible, stop HERE!
The following NVRAM-Settings need to take place:
#!/bin/sh #Port 0 into WAN, 5 Router themselv nvram set vlan1hwname=et0 nvram set vlan1ports="0 5" #Port 2, 3 and 4 into LAN, 5 Router themselv nvram set vlan0hwname=et0 nvram set vlan0ports="2 3 4 5*" # Port 1 into DMZ, 5 Router themselv nvram set vlan2hwname=et0 nvram set vlan2ports="1 5*" # Static IP-Address for DMZ-IF nvram set dmz_ifname=vlan2 nvram set dmz_proto=static nvram set dmz_ipaddr=172.18.20.5 nvram set dmz_netmask=255.255.255.0 # save all the stuff nvram commit
To bring automatically up the dmz-if, you need to add
ifup dmz with:
# sed "s/ifup lan/ifup lan@ ifup dmz/" \ /etc/init.d/S40network | tr '@' 'n' > /etc/init.d/S40network
To allow traffic forwarded by the new if, you will maybe add for example the following into
#!/bin/sh DMZ=$(nvram get dmz_ifname) #Allow Forward from DMZ into WAN iptables -A FORWARD -i $DMZ -o $WAN -j ACCEPT #Allow Forward from DMZ into LAN iptables -A FORWARD -i $DMZ -o $LAN -j ACCEPT #Allow Forward from LAN into DMZ iptables -A FORWARD -i $LAN -o $DMZ -j ACCEPT
But it will be better to specify exactly, what services are allowed from and into DMZ!