路由器固件是DD的,在网上查到了如下方法:
Setup desired:VLAN1 = 10.0.0.0 – Ports 1,2,3 and WiFi – DHCP enabled + access to WAN onlyVLAN2 = 10.10.10.0 – Port 4 – DHCP enabled + access to WAN onlySteps used to achieve desired setup:1. Basic working setup with PPPoE for WAN, Wireless with security in place and DHCP running for 10.0.0.0 initially.2. Altered Setup VLAN page so that VLAN0 has ports 1, 2 and 3 checked. VLAN2 has port 4 checked. VLAN1 has WAN checked.3. Telnet to device on 10.0.0.1. Enter User Name: root and password. Enter the following commands at the console. (These are the only ones you should have to enter in the console.)nvram set vlan0ports= 3 2 1 5* nvram set vlan2hwname=et0nvram set vlan2ports= 0 5 Don’t forget the following two commands to make the nvram changes permanent.nvram commitrebootNOTE: The port numbers I use are not the same as the physical ports.==========================================================vlan.ports numbers reference0 = Physical port 41 = Physical port 32 = Physical port 23 = Physical port 14 = WAN5 = CPU internal5* = CPU internal defaultport.vlans referenceport5vlan = CPUport4vlan = Physical port 4port3vlan = Physical port 3port2vlan = Physical port 2port1vlan = Physical port 1port0vlan = WAN port==========================================================3. Added the following on the Administration Commands page.Startup (enter the line in the command window and click Save Startup )ifconfig vlan2 10.10.10.1 netmask 255.255.255.0 broadcast 10.10.10.255Firewall (enter the line in the command window and click Save Firewall )iptables -t nat -I PREROUTING -i vlan2 -d 10.0.0.0/24 -j DROPiptables -t nat -I PREROUTING -i br0 -d 10.10.10.0/24 -j DROPiptables -I FORWARD -i ppp0 -o vlan2 -j ACCEPTiptables -I FORWARD -i vlan2 -o ppp0 -j ACCEPT4. In the Setup Networking page, in the Ports section, select Unbridged for VLAN2 and supply the following settings: IP Address – 10.10.10.1, Subnet Mask – 255.255.255.0.5. In the Setup Networking page, in the DHCPD section, under Multiple DHCP Server, click Add and select VLAN2 as the interface. (Once the page refreshes, it should also show the IP address of the interface. i.e. – Interface vlan2: IP 10.10.10.1/255.255.255.0 What this achieves:VLAN1 gets it’s default DHCP assignments and can reach the internet with the firewall in place.
VLAN2 gets it’s default DHCP assignments and can reach the internet with the firewall in place.
VLAN1 and VLAN2 can not communicate directly, thus isolating the two VLANs from each other while still allowing each
to access the WAN.
以上方法可以实现端口4(vlan2)单独分配另一个网段的IP,但存在一个问题,有些网站变得无法访问了,ping得通,很是奇怪,比如这个论坛通过端口4就是访问不了,换其他3个端口(vlan0)都可以访问。有高手帮忙看下,问题出在哪儿了?