SpeedTouch 780WL DMZ

How to create a DMZ interface on SpeedTouch 780WL

The SpeedTouch 780WL have four ethernet ports, and normally the only available option is to use them as a switch/hub. But the modem is capable of a lot more using the telnet CLI interface. Here we will reconfigure port 4 to be a separate "DMZ" network port.

Split the bridge and create a separate ethernet interface:

:eth bridge ifdelete brname bridge intf ethport4
:eth ifadd intf=ethport4
:eth ifconfig intf=ethport4 dest=ethif4
:eth ifattach intf=ethport4
:ip ifadd intf=DMZ dest=ethport4
:ip ifconfig intf=DMZ group=dmz
:ip ifattach intf=DMZ
:ip ipadd intf=DMZ addr= addroute=enabled
:ip ipconfig addr= preferred=enabled primary=enabled
:nat ifconfig intf=DMZ translation=transparent
:service system ifadd name=DNS-S group=dmz

Fix up the DHCP settings:

:dhcp server pool add name=DMZ_private
:dhcp server pool config name=DMZ_private intf=DMZ \
	poolstart= poolend= \
	netmask=24 gateway= \
	server= primdns=none\
	secdns=none leasetime=604800
:dhcp relay ifconfig intf=DMZ relay=enabled
:dhcp relay add name=DMZ_to_127.0.0.1
:dhcp relay modify name=DMZ_to_127.0.0.1 addr= intf=DMZ giaddr=

Ethernet port 4 is now an isolated interface depending on your firewall level:

Just a different broadcast network.
Can only accept incoming sessions via "game" services or from the LAN. All outgoing sessions blocked.
Whatever you define in the firewall