Menu
What's new
By:
Filters Better Search

separate one client from others

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

R

Rooby

Regular Contributor
Hi,

I want to disable the access from one client on the WLAN to the others.
This client shall only have internt access, nothing else. It shall not be possible that it has acces to the other clients connected to the router. I have configurd the DHCP that it gets always the same IP. Is this possible with the GUI e.g. static routes ?
Can someone help me?

Thanks
Stefan
 
You'll need to setup a guest wireless network for it.

You don't say what router model you have or which firmware version.
 
Rooby said:
Hi,

I want to disable the access from one client on the WLAN to the others.
This client shall only have internt access, nothing else. It shall not be possible that it has acces to the other clients connected to the router. I have configurd the DHCP that it gets always the same IP. Is this possible with the GUI e.g. static routes ?
Can someone help me?

Thanks
Stefan
Click to expand...
Enable "guest network"... Clients that connect via the guest network can only access the internet and nothing else.

Sent from my LG-H932 using Tapatalk
 
Hi all

thanks for the fast reply.
Ok the idea with guest nework is very good. I will giv a try.
The router is RT-AC88U with latest Merlin FW.
The reason for this quetion is that I have a small camera Robot (Appbot Riley) connected to to WLAN and I have not much information on how exactly it connects with an Andoid phone over the internet and what is happening with the video stream. I saw when I check with tcpdump and Wireshark that it connects to an amazon and a korean server to establish a connection using UDP packets but I'm not an expert to interpret all this packets. So I want to disconnect it totally from any local client on my router.
 
Rooby said:
Hi,

I want to disable the access from one client on the WLAN to the others.
This client shall only have internt access, nothing else. It shall not be possible that it has acces to the other clients connected to the router. I have configurd the DHCP that it gets always the same IP. Is this possible with the GUI e.g. static routes ?
Can someone help me?

Thanks
Stefan
Click to expand...
One straight forward option is to have this device connect to a guest network you setup on the router. Guest networks will restrict the connected device to Internet only.
 
Rooby said:
Hi,

I want to disable the access from one client on the WLAN to the others.
This client shall only have internt access, nothing else. It shall not be possible that it has acces to the other clients connected to the router. I have configurd the DHCP that it gets always the same IP. Is this possible with the GUI e.g. static routes ?
Click to expand...

Not possible in the GUI, but if you are willing to try a script that I wrote?
Code: 
#======================================================================================================= © 2016-2017 Martineau, v1.01
#
# Allow blocking of standard Wifi devices (non-Guest) from accessing LAN/WAN resources.
#
#     BlockWiFiClient   [help | -h] | [status [full] | ['from_ip' ['to_ip' | lan | wan] ] [accept] [del]
#                                     [ {'config_file'} [del] ]
#     BlockWiFiClient   10.88.8.155 10.88.8.197
#                       Wifi Client 10.88.8.155 will be BLOCKED from accessing 10.88.8.197
#     BlockWiFiClient   10.88.8.155 del
#                       All blocking rules for WIfi Client 10.88.8.155 will be deleted
#     BlockWiFiClient   10.88.8.155 lan
#                       Wifi Client 10.88.8.155 will be BLOCKED from accessing LAN (10.88.8.0/24)
#     BlockWiFiClient   10.88.8.155 wan
#                       Wifi Client 10.88.8.155 will be BLOCKED from accessing the (Internet) WAN
#     BlockWiFiClient   Nexus-7 DS-416
#                       WiFI Nexus-7 Client (10.88.8.155) will be BLOCKED from accessing DS-416 (NAS 10.88.8.197) - LAN or WiFI
#     BlockWiFiClient   Nexus-7 DS-416 accept
#                       WiFI Nexus-7 Client (10.88.8.155) ALL LAN access will be BLOCKED except for access to DS-416 (NAS 10.88.8.197)
#                            i.e. ALL previous BLOCK rules for this WiFi Client are deleted
#     BlockWiFiClient   Nexus-7 DS-416 accept del
#                       WiFI Nexus-7 Client (10.88.8.155) will be allowed access to DS-416 (NAS 10.88.8.197) unless the LAN BLOCK rule still exists.
#     BlockWiFiClient   Nexus-7 lan
#                       WiFI Nexus-7 Client (10.88.8.155) will be BLOCKED from accessing anything on the LAN
#     BlockWiFiClient   Nexus-7 del
#                       WiFI Nexus-7 Client (10.88.8.155) will be allowed access to LAN/WAN (all rules deleted for this WiFI Client)
#     BlockWiFiClient
#                       will show status of the 'logical' rules
#     BlockWiFiClient   status
#                       will show status of the relevant ebtables rules (use 'status full' for full ebtable -t broute BROUTING chain)
#     BlockWiFiClient /jffs/config/Nexus-7
#                       All Peer to Peer DROP/ACCEPT rules are to be read from the file and applied to WiFi Client Nexus-7
#     BlockWiFiClient /jffs/config/Nexus-7 del
#                       All blocking rules for WiFI Nexus-7 Client (10.88.8.155) will be deleted.
#
#                       NOTE: The name of the file is assumed to be the HOSTNAME of the WiFi Client.
#
#                             Format of config directives: (DROP/ACCEPT cannnot be used concurrently - comment either out with #)
#
#                             e.g.  # Peer rules
#                                   DROP         DS-416
#                                   DROP         10.88.8.120-10.88.8.125,RaspberryPiB
#
#                                   or
#
#                                   ACCEPT       CAMERAS
#
#                             For the ACCEPT rule, a LAN subnet BLOCKING (DROP) rule is automatically added and the exception ACCEPT rules are then inserted,
#                                 and ALL BLOCK rules below the LAN Blocking rule are deleted!
#                             Custom IP Groups may be defined/referenced in '/jffs/configs/IPGroups'
#                                    e.g. 'CAMERAS' entry (Uppercase text!)
#                                         CAMERAS  10.88.8.10,10.88.8.15-10.88.8.20,10.88.8.50:10.88.8.55
 
Hi Martineauhttps://www.snbforums.com/members/martineau.13215/

thanks for reply. I would be interested in the script you mentioned.
The seperation with the guest network is working but I additionally want to disable the internet for this client except shortly before I want to connect to it. Therefor your script would be helpful to enable and disable the internet cnnection for this client.
 
Martineau said:
Not possible in the GUI, but if you are willing to try a script that I wrote?
Code: 
#======================================================================================================= © 2016-2017 Martineau, v1.01
#
# Allow blocking of standard Wifi devices (non-Guest) from accessing LAN/WAN resources.
#
#     BlockWiFiClient   [help | -h] | [status [full] | ['from_ip' ['to_ip' | lan | wan] ] [accept] [del]
#                                     [ {'config_file'} [del] ]
#     BlockWiFiClient   10.88.8.155 10.88.8.197
#                       Wifi Client 10.88.8.155 will be BLOCKED from accessing 10.88.8.197
#     BlockWiFiClient   10.88.8.155 del
#                       All blocking rules for WIfi Client 10.88.8.155 will be deleted
#     BlockWiFiClient   10.88.8.155 lan
#                       Wifi Client 10.88.8.155 will be BLOCKED from accessing LAN (10.88.8.0/24)
#     BlockWiFiClient   10.88.8.155 wan
#                       Wifi Client 10.88.8.155 will be BLOCKED from accessing the (Internet) WAN
#     BlockWiFiClient   Nexus-7 DS-416
#                       WiFI Nexus-7 Client (10.88.8.155) will be BLOCKED from accessing DS-416 (NAS 10.88.8.197) - LAN or WiFI
#     BlockWiFiClient   Nexus-7 DS-416 accept
#                       WiFI Nexus-7 Client (10.88.8.155) ALL LAN access will be BLOCKED except for access to DS-416 (NAS 10.88.8.197)
#                            i.e. ALL previous BLOCK rules for this WiFi Client are deleted
#     BlockWiFiClient   Nexus-7 DS-416 accept del
#                       WiFI Nexus-7 Client (10.88.8.155) will be allowed access to DS-416 (NAS 10.88.8.197) unless the LAN BLOCK rule still exists.
#     BlockWiFiClient   Nexus-7 lan
#                       WiFI Nexus-7 Client (10.88.8.155) will be BLOCKED from accessing anything on the LAN
#     BlockWiFiClient   Nexus-7 del
#                       WiFI Nexus-7 Client (10.88.8.155) will be allowed access to LAN/WAN (all rules deleted for this WiFI Client)
#     BlockWiFiClient
#                       will show status of the 'logical' rules
#     BlockWiFiClient   status
#                       will show status of the relevant ebtables rules (use 'status full' for full ebtable -t broute BROUTING chain)
#     BlockWiFiClient /jffs/config/Nexus-7
#                       All Peer to Peer DROP/ACCEPT rules are to be read from the file and applied to WiFi Client Nexus-7
#     BlockWiFiClient /jffs/config/Nexus-7 del
#                       All blocking rules for WiFI Nexus-7 Client (10.88.8.155) will be deleted.
#
#                       NOTE: The name of the file is assumed to be the HOSTNAME of the WiFi Client.
#
#                             Format of config directives: (DROP/ACCEPT cannnot be used concurrently - comment either out with #)
#
#                             e.g.  # Peer rules
#                                   DROP         DS-416
#                                   DROP         10.88.8.120-10.88.8.125,RaspberryPiB
#
#                                   or
#
#                                   ACCEPT       CAMERAS
#
#                             For the ACCEPT rule, a LAN subnet BLOCKING (DROP) rule is automatically added and the exception ACCEPT rules are then inserted,
#                                 and ALL BLOCK rules below the LAN Blocking rule are deleted!
#                             Custom IP Groups may be defined/referenced in '/jffs/configs/IPGroups'
#                                    e.g. 'CAMERAS' entry (Uppercase text!)
#                                         CAMERAS  10.88.8.10,10.88.8.15-10.88.8.20,10.88.8.50:10.88.8.55
Click to expand...




I would like to try your script out if you dont mind thanks Martineau
 
You must log in or register to reply here.

Similar threads

johndoe85
VPN site to site with additional VPN client to hide IP
Replies
14
Views
679
johndoe85
johndoe85
R
Solved AiMesh Node client connection issue
Replies
7
Views
606
glens
G
TheLyppardMan
A question about WireGuard security
2
Replies
25
Views
877
Viktor Jaep
Viktor Jaep
R
GT-AX6000 Merlin 388.2_2_rog client list capped
Replies
8
Views
622
MNoisy
M
A
Inconsistencies and broken behavior with client status and DHCP leases - AX86UP 388.6_2
Replies
17
Views
667
ColinTaylor
C
Similar threads
Thread starter Title Forum Replies Date
RMerlin Current plans regarding separate version branches Asuswrt-Merlin 87
D Disable Separate IP Addressing For Guest Wi-Fi Using Merlin 386.11 Asuswrt-Merlin 5
S Prevent client from connecting to router but allow connection to internet via access point Asuswrt-Merlin 4
H add_wlc_event_tbl(1040): client table was full Asuswrt-Merlin 0
A Restart WireGuard client when fails Asuswrt-Merlin 5
A Inconsistencies and broken behavior with client status and DHCP leases - AX86UP 388.6_2 Asuswrt-Merlin 17
B Solved Client list in Network Map is empty and changing the System Log verbosity in the web GUI does nothing Asuswrt-Merlin 7
R Solved AiMesh Node client connection issue Asuswrt-Merlin 7
C How can I do this.. Router VPN Client to Server 2 Asuswrt-Merlin 3
G VPN Client with Public IP, split tunnel web server over VPN and other traffic not on the VPN Asuswrt-Merlin 4

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Total: 962 (members: 21, guests: 941)
Top