Joined: 11 Jan 2014
|Posted: Tue May 02, 2017 21:23 Post subject: NAT based VLAN tagging
|I want my router (TP-Link WDR3600) to have a VLAN with a web server on my LAN. The idea is that the web server should not be able to reach any other host on the LAN, but should be able to accept port forwarded (NAT) traffic.
The router is connected with a single ethernet cable to a switch (which supports 802.1q).
This means I cannot use port based tagging, since only one ethernet port is in use on the router.
Is it possible to tag traffic based on port forwarding? E.g. that all incoming packets for port 80 on the router's WAN interface get tagged with e.g. VLAN ID 2?
If this cannot be done on Atheros, what hardware do I need?