At first … I’m not responsible, if you brick your router by using this documention. If your fear it would be possible, stop HERE!
The following NVRAM-Settings need to take place:
#!/bin/sh
#Port 0 into WAN, 5 Router themselv
nvram set vlan1hwname=et0
nvram set vlan1ports="0 5"
#Port 2, 3 and 4 into LAN, 5 Router themselv
nvram set vlan0hwname=et0
nvram set vlan0ports="2 3 4 5*"
# Port 1 into DMZ, 5 Router themselv
nvram set vlan2hwname=et0
nvram set vlan2ports="1 5*"
# Static IP-Address for DMZ-IF
nvram set dmz_ifname=vlan2
nvram set dmz_proto=static
nvram set dmz_ipaddr=172.18.20.5
nvram set dmz_netmask=255.255.255.0
# save all the stuff
nvram commit
To bring automaticaly up the dmz-if, you need to add “ifup dmz” with:
# sed “s/ifup lan/ifup lan@ ifup dmz/” \
/etc/init.d/S40network | tr ‘@’ ‘n’ > /etc/init.d/S40network
To allow traffic forwarded by the new if, you will maybe add for example the following into “/etc/firewall.users”:
#!/bin/sh
DMZ=$(nvram get dmz_ifname)
#Allow Forward from DMZ into WAN
iptables -A FORWARD -i $DMZ -o $WAN -j ACCEPT
#Allow Forward from DMZ into LAN
iptables -A FORWARD -i $DMZ -o $LAN -j ACCEPT
#Allow Forward from LAN into DMZ
iptables -A FORWARD -i $LAN -o $DMZ -j ACCEPT
But it will be better to specify exactly, what services are allowed from and into DMZ!
00:00.0 RAM memory: Broadcom Corporation: Unknown device 0803
00:01.0 Ethernet controller: Broadcom Corporation: Unknown device 4711
00:02.0 Ethernet controller: Broadcom Corporation: Unknown device 4713
00:03.0 Modem: Broadcom Corporation: Unknown device 4712
00:04.0 USB Controller: Broadcom Corporation: Unknown device 4715
00:05.0 PCI bridge: Broadcom Corporation: Unknown device 0804
00:06.0 MIPS: Broadcom Corporation: Unknown device 0805
00:07.0 FLASH memory: Broadcom Corporation: Unknown device 0811
00:08.0 Ethernet controller: Broadcom Corporation: Unknown device 4713
01:00.0 Host bridge: Broadcom Corporation: Unknown device 4710 (rev 01)
01:08.0 Network controller: Broadcom Corporation BCM94306 802.11g (rev 02)
CPU revision is: 00024000
Loading BCM4710 MMU routines.
Primary instruction cache 8kb, linesize 16 bytes (2 ways)
Primary data cache 4kb, linesize 16 bytes (2 ways)
Linux version 2.4.20 (bdferris@localhost.localdomain) (gcc version 3.0 20010422 (prerelease) with bcm4710a0 modifications) #55 Sat Nov 15 12:23:00 EST 2003
Determined physical RAM map:
memory: 01000000 @ 00000000 (usable)
On node 0 totalpages: 4096
zone(0): 4096 pages.
zone(1): 0 pages.
zone(2): 0 pages.
Kernel command line: root=/dev/mtdblock2 noinitrd console=ttyS0,115200
CPU: BCM4710 rev 0 at 125 MHz
!unable to setup serial console!
Calibrating delay loop... 82.94 BogoMIPS
Memory: 14540k/16384k available (1239k kernel code, 1844k reserved, 108k data, 64k init, 0k highmem)
Dentry cache hash table entries: 2048 (order: 2, 16384 bytes)
Inode cache hash table entries: 1024 (order: 1, 8192 bytes)
Mount-cache hash table entries: 512 (order: 0, 4096 bytes)
Buffer-cache hash table entries: 1024 (order: 0, 4096 bytes)
Page-cache hash table entries: 4096 (order: 2, 16384 bytes)
Checking for 'wait' instruction... unavailable.
POSIX conformance testing by UNIFIX
PCI: Fixing up bus 0
PCI: Fixing up bridge
PCI: Fixing up bus 1
Linux NET4.0 for Linux 2.4
Based upon Swansea University Computer Society NET3.039
Initializing RT netlink socket
Starting kswapd
devfs: v1.12c (20020818) Richard Gooch (rgooch@atnf.csiro.au)
devfs: boot_options: 0x1
pty: 256 Unix98 ptys configured
Serial driver version 5.05c (2001-07-08) with MANY_PORTS SHARE_IRQ SERIAL_PCI enabled
PPP generic driver version 2.4.2
Amd/Fujitsu Extended Query Table v1.1 at 0x0040
number of CFI chips: 1
flash device: 400000 at 1fc00000
Physically mapped flash: cramfs filesystem found at block 863
Creating 4 MTD partitions on "Physically mapped flash":
0x00000000-0x00040000 : "pmon"
0x00040000-0x003f0000 : "linux"
0x000d7e24-0x003f0000 : "rootfs"
mtd: partition "rootfs" doesn't start on an erase block boundary -- force read-only
0x003f0000-0x00400000 : "nvram"
sflash: chipcommon not found
NET4: Linux TCP/IP 1.0 for NET4.0
IP Protocols: ICMP, UDP, TCP
IP: routing cache hash table of 512 buckets, 4Kbytes
TCP: Hash tables configured (established 1024 bind 2048)
ip_conntrack version 2.1 (128 buckets, 1024 max) - 344 bytes per conntrack
ip_tables: (C) 2000-2002 Netfilter core team
ipt_time loading
NET4: Unix domain sockets 1.0/SMP for Linux NET4.0.
NET4: Ethernet Bridge 008 for NET4.0
VFS: Mounted root (cramfs filesystem) readonly.
Mounted devfs on /dev
Freeing unused kernel memory: 64k freed
Warning: unable to open an initial console.
eth0: Broadcom BCM47xx 10/100 Mbps Ethernet Controller 3.31.16.0
eth1: Broadcom BCM47xx 10/100 Mbps Ethernet Controller 3.31.16.0
PCI: Enabling device 01:08.0 (0004 -> 0006)
eth2: Broadcom BCM43XX 802.11 Wireless Controller 3.31.16.0 (Compiled in . at 18:49:17 on Aug 6 2003)
flag=[get_flash] offset=[0] string=[ULL>]
Write mac init
mac_init()
location = [1]
The mac[1] is available, address=[2012]!
cmd(90,ffffffff)
^Iflashutl_cmd->need_unlock=[1]
flash_reset
^Iflashutl_cmd->clear_csr=[0] flashutl_cmd->read_array=[f0]
scmd(f0,0)
Set flash_type=AMD 29lv320DB 2Mx16 BotB
exit
Algorithmics/MIPS FPU Emulator v1.5
bug: kernel timer added twice at c0017d40.
device eth0 entered promiscuous mode
device eth2 entered promiscuous mode
br0: port 2(eth2) entering learning state
br0: port 1(eth0) entering learning state
br0: port 2(eth2) entering forwarding state
br0: topology change detected, propagating
br0: port 1(eth0) entering forwarding state
br0: topology change detected, propagating
diag_loop: Reset LED.
bug: kernel timer added twice at c0017d40.
Brunner Bäcker
Aldi
Städtischer Kinderspielplatz
Kindergarten Am Storchennest
Volksfestplatz Bayreuth
