Isolated guest network setup for Padavan firmware

guest_network.sh

# DHCP Setting
# LAN > DHCP Server > Custom Configuration File "dnsmasq.conf"
interface=br-guest
listen-address=192.168.3.1
dhcp-range=set:guest,192.168.3.100,192.168.3.200,255.255.255.0,1h
# Router address
dhcp-option=tag:guest,3,192.168.3.1
# DNS V4
dhcp-option=tag:guest,6,8.8.8.8,8.8.4.4
# Domain
dhcp-option=tag:guest,15,guest.lan

# Detach guest wifi interface to isolated network
# Customization > Scripts > Run After Router Started
brctl addbr br-guest
brctl delif br0 ra1
brctl addif br-guest ra1
ifconfig br-guest up
ifconfig br-guest 192.168.3.1

# Allow guest network access internet
# Customization > Scripts > Run After WAN Up/Down Events
if [ "$1" = "up" ]; then
	iptables -t nat -A POSTROUTING -s 192.168.3.0/24 -o $2 -j SNAT --to-source $3
else
	iptables -t nat -D POSTROUTING -s 192.168.3.0/24 -o $2 -j SNAT --to-source $3
fi

# Allow guest network request IP address & common rule for guest network
# Customization > Scripts > Run After Firewall Rules Restarted
iptables -A FORWARD -i br-guest -o ppp0 -j ACCEPT
iptables -A FORWARD -i br-guest -o br-guest -j ACCEPT
iptables -A INPUT -i br-guest -p udp --dport 67:68 --sport 67:68 -j ACCEPT

ra1 is wifi guest network
br-guest isolated bridge for guest network

# Allow guest network request IP address & common rule for guest network
# Customization > Scripts > Run After Firewall Rules Restarted
iptables -A FORWARD -i br-guest -o ppp0 -j ACCEPT
iptables -A FORWARD -i br-guest -o br-guest -j ACCEPT
iptables -A INPUT -i br-guest -p udp --dport 67:68 --sport 67:68 -j ACCEPT
iptables -A POSTROUTING -s 192.168.3.0/24 -d 192.168.3.0/24 -o br-guest -j SNAT --to-source 192.168.3.1
ip_wan=$(iptables -t nat -S | grep '192.168.2.0/24 -o ppp0' | awk '{print $10}')
iptables -t nat -A POSTROUTING -s 192.168.3.0/24 -o ppp0 -j SNAT --to-source $ip_wan

Update for WAN PPPoE