Menu
What's new
By:
Filters Better Search

Parental Controls Bypassed When Client Uses Static IP Address

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

A

asammar

New Around Here
I am using an RT-AC68U with Merlin 384.15. All clients have an assigned IP address under LAN/DHCP Server.

I have a few PC rules (time scheduling as well as full block) on a number of clients. Under normal DHCP conditions everything works as expected. Yesterday, I found out that if I set a static IP address on any of the devices under PC (different from the assigned one), then the device gets full internet access and the PC rules are bypassed. It's as if the PC rules are applied to the IP address and not to the MAC address. Surprisingly, in the client list view, the icon for the client in question has the red mark that says it is blocked but it is not!

Is this an expected behavior? If yes, is there a way to apply PC rules to the MAC address instead? Any other possible solutions assuming the MAC addresses do not change?

Thank you.
 
asammar said:
I am using an RT-AC68U with Merlin 384.15. All clients have an assigned IP address under LAN/DHCP Server.

I have a few PC rules (time scheduling as well as full block) on a number of clients. Under normal DHCP conditions everything works as expected. Yesterday, I found out that if I set a static IP address on any of the devices under PC (different from the assigned one), then the device gets full internet access and the PC rules are bypassed. It's as if the PC rules are applied to the IP address and not to the MAC address. Surprisingly, in the client list view, the icon for the client in question has the red mark that says it is blocked but it is not!

Is this an expected behavior? If yes, is there a way to apply PC rules to the MAC address instead? Any other possible solutions assuming the MAC addresses do not change?

Thank you.
Click to expand...
Same issue. I recall a post saying the PC and NAT Acceleration do not work well together.
 
Parental Controls are based on MAC addresses. But as @ChatmanR says it's possible hardware acceleration is having an effect, particularly with connections that were already established when time-based blocking starts.
 
Thanks for the quick replies.
NAT acceleration is OFF all along. Also, the behavior is present for new connections not only old ones.
 
The only way to debug this is if you were to upload the output of "iptables-save" to somewhere like pastebin for us to look at.
 
ColinTaylor said:
The only way to debug this is if you were to upload the output of "iptables-save" to somewhere like pastebin for us to look at.
Click to expand...

I've never used pastebin before but I will take a look.
Is it OK to mask the MAC addresses that show up in the output or you need that for debugging?

Thank you.
 
asammar said:
I've never used pastebin before but I will take a look.
Is it OK to mask the MAC addresses that show up in the output or you need that for debugging?
Click to expand...
Changing the MAC addresses could make debugging more difficult. I suggest you just mask your WAN IP address.

BTW You can set an expiration time on your pastebin upload, for example 1 day.
 
You must log in or register to reply here.

Similar threads

A
Inconsistencies and broken behavior with client status and DHCP leases - AX86UP 388.6_2
Replies
17
Views
645
ColinTaylor
C
R
Interface Shown As 5G Wifi When Connected To 2.5G Ethernet
Replies
7
Views
423
routeraround
R
J
Solved OpenVPN clients can't resolve custom domains defined in dnsmasq config
Replies
2
Views
588
jkbach
J
J
Manually assigning Main Network IP address to Device connected to Guest Network?
Replies
4
Views
764
jksmurf
J
L
Static DHCP leases held by VPN interfaces
Replies
0
Views
392
lggomez
L

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Total: 853 (members: 24, guests: 829)
Top