SpeedTouch 780WL DMZ
How to create a DMZ interface on SpeedTouch 780WL
The SpeedTouch 780WL have four ethernet ports, and normally the only available option is to use them as a switch/hub. But the modem is capable of a lot more using the telnet CLI interface. Here we will reconfigure port 4 to be a separate "DMZ" network port.
Split the bridge and create a separate ethernet interface:
:eth bridge ifdelete brname bridge intf ethport4 :eth ifadd intf=ethport4 :eth ifconfig intf=ethport4 dest=ethif4 :eth ifattach intf=ethport4 :ip ifadd intf=DMZ dest=ethport4 :ip ifconfig intf=DMZ group=dmz :ip ifattach intf=DMZ :ip ipadd intf=DMZ addr=192.168.0.254/24 addroute=enabled :ip ipconfig addr=192.168.0.254 preferred=enabled primary=enabled :nat ifconfig intf=DMZ translation=transparent :service system ifadd name=DNS-S group=dmz
Fix up the DHCP settings:
:dhcp server pool add name=DMZ_private :dhcp server pool config name=DMZ_private intf=DMZ \ poolstart=192.168.0.64 poolend=192.168.0.253 \ netmask=24 gateway=192.168.0.254 \ server=192.168.0.254 primdns=none\ secdns=none leasetime=604800 :dhcp relay ifconfig intf=DMZ relay=enabled :dhcp relay add name=DMZ_to_127.0.0.1 :dhcp relay modify name=DMZ_to_127.0.0.1 addr=127.0.0.1 intf=DMZ giaddr=192.168.0.254
Ethernet port 4 is now an isolated interface depending on your firewall level:
- Disabled
- Just a different broadcast network.
- Standard
- Can only accept incoming sessions via "game" services or from the LAN. All outgoing sessions blocked.
- Custom
- Whatever you define in the firewall