What's new
By:

separate one client from others

R

Rooby

Regular Contributor
Hi,

I want to disable the access from one client on the WLAN to the others.
This client shall only have internt access, nothing else. It shall not be possible that it has acces to the other clients connected to the router. I have configurd the DHCP that it gets always the same IP. Is this possible with the GUI e.g. static routes ?
Can someone help me?

Thanks
Stefan
 
You'll need to setup a guest wireless network for it.

You don't say what router model you have or which firmware version.
 
Rooby said:
Hi,

I want to disable the access from one client on the WLAN to the others.
This client shall only have internt access, nothing else. It shall not be possible that it has acces to the other clients connected to the router. I have configurd the DHCP that it gets always the same IP. Is this possible with the GUI e.g. static routes ?
Can someone help me?

Thanks
Stefan
Click to expand...
Enable "guest network"... Clients that connect via the guest network can only access the internet and nothing else.

Sent from my LG-H932 using Tapatalk
 
Hi all

thanks for the fast reply.
Ok the idea with guest nework is very good. I will giv a try.
The router is RT-AC88U with latest Merlin FW.
The reason for this quetion is that I have a small camera Robot (Appbot Riley) connected to to WLAN and I have not much information on how exactly it connects with an Andoid phone over the internet and what is happening with the video stream. I saw when I check with tcpdump and Wireshark that it connects to an amazon and a korean server to establish a connection using UDP packets but I'm not an expert to interpret all this packets. So I want to disconnect it totally from any local client on my router.
 
Rooby said:
Hi,

I want to disable the access from one client on the WLAN to the others.
This client shall only have internt access, nothing else. It shall not be possible that it has acces to the other clients connected to the router. I have configurd the DHCP that it gets always the same IP. Is this possible with the GUI e.g. static routes ?
Can someone help me?

Thanks
Stefan
Click to expand...
One straight forward option is to have this device connect to a guest network you setup on the router. Guest networks will restrict the connected device to Internet only.
 
Rooby said:
Hi,

I want to disable the access from one client on the WLAN to the others.
This client shall only have internt access, nothing else. It shall not be possible that it has acces to the other clients connected to the router. I have configurd the DHCP that it gets always the same IP. Is this possible with the GUI e.g. static routes ?
Click to expand...

Not possible in the GUI, but if you are willing to try a script that I wrote?
Code: 
#======================================================================================================= © 2016-2017 Martineau, v1.01
#
# Allow blocking of standard Wifi devices (non-Guest) from accessing LAN/WAN resources.
#
#     BlockWiFiClient   [help | -h] | [status [full] | ['from_ip' ['to_ip' | lan | wan] ] [accept] [del]
#                                     [ {'config_file'} [del] ]
#     BlockWiFiClient   10.88.8.155 10.88.8.197
#                       Wifi Client 10.88.8.155 will be BLOCKED from accessing 10.88.8.197
#     BlockWiFiClient   10.88.8.155 del
#                       All blocking rules for WIfi Client 10.88.8.155 will be deleted
#     BlockWiFiClient   10.88.8.155 lan
#                       Wifi Client 10.88.8.155 will be BLOCKED from accessing LAN (10.88.8.0/24)
#     BlockWiFiClient   10.88.8.155 wan
#                       Wifi Client 10.88.8.155 will be BLOCKED from accessing the (Internet) WAN
#     BlockWiFiClient   Nexus-7 DS-416
#                       WiFI Nexus-7 Client (10.88.8.155) will be BLOCKED from accessing DS-416 (NAS 10.88.8.197) - LAN or WiFI
#     BlockWiFiClient   Nexus-7 DS-416 accept
#                       WiFI Nexus-7 Client (10.88.8.155) ALL LAN access will be BLOCKED except for access to DS-416 (NAS 10.88.8.197)
#                            i.e. ALL previous BLOCK rules for this WiFi Client are deleted
#     BlockWiFiClient   Nexus-7 DS-416 accept del
#                       WiFI Nexus-7 Client (10.88.8.155) will be allowed access to DS-416 (NAS 10.88.8.197) unless the LAN BLOCK rule still exists.
#     BlockWiFiClient   Nexus-7 lan
#                       WiFI Nexus-7 Client (10.88.8.155) will be BLOCKED from accessing anything on the LAN
#     BlockWiFiClient   Nexus-7 del
#                       WiFI Nexus-7 Client (10.88.8.155) will be allowed access to LAN/WAN (all rules deleted for this WiFI Client)
#     BlockWiFiClient
#                       will show status of the 'logical' rules
#     BlockWiFiClient   status
#                       will show status of the relevant ebtables rules (use 'status full' for full ebtable -t broute BROUTING chain)
#     BlockWiFiClient /jffs/config/Nexus-7
#                       All Peer to Peer DROP/ACCEPT rules are to be read from the file and applied to WiFi Client Nexus-7
#     BlockWiFiClient /jffs/config/Nexus-7 del
#                       All blocking rules for WiFI Nexus-7 Client (10.88.8.155) will be deleted.
#
#                       NOTE: The name of the file is assumed to be the HOSTNAME of the WiFi Client.
#
#                             Format of config directives: (DROP/ACCEPT cannnot be used concurrently - comment either out with #)
#
#                             e.g.  # Peer rules
#                                   DROP         DS-416
#                                   DROP         10.88.8.120-10.88.8.125,RaspberryPiB
#
#                                   or
#
#                                   ACCEPT       CAMERAS
#
#                             For the ACCEPT rule, a LAN subnet BLOCKING (DROP) rule is automatically added and the exception ACCEPT rules are then inserted,
#                                 and ALL BLOCK rules below the LAN Blocking rule are deleted!
#                             Custom IP Groups may be defined/referenced in '/jffs/configs/IPGroups'
#                                    e.g. 'CAMERAS' entry (Uppercase text!)
#                                         CAMERAS  10.88.8.10,10.88.8.15-10.88.8.20,10.88.8.50:10.88.8.55
 
Hi Martineauhttps://www.snbforums.com/members/martineau.13215/

thanks for reply. I would be interested in the script you mentioned.
The seperation with the guest network is working but I additionally want to disable the internet for this client except shortly before I want to connect to it. Therefor your script would be helpful to enable and disable the internet cnnection for this client.
 
Martineau said:
Not possible in the GUI, but if you are willing to try a script that I wrote?
Code: 
#======================================================================================================= © 2016-2017 Martineau, v1.01
#
# Allow blocking of standard Wifi devices (non-Guest) from accessing LAN/WAN resources.
#
#     BlockWiFiClient   [help | -h] | [status [full] | ['from_ip' ['to_ip' | lan | wan] ] [accept] [del]
#                                     [ {'config_file'} [del] ]
#     BlockWiFiClient   10.88.8.155 10.88.8.197
#                       Wifi Client 10.88.8.155 will be BLOCKED from accessing 10.88.8.197
#     BlockWiFiClient   10.88.8.155 del
#                       All blocking rules for WIfi Client 10.88.8.155 will be deleted
#     BlockWiFiClient   10.88.8.155 lan
#                       Wifi Client 10.88.8.155 will be BLOCKED from accessing LAN (10.88.8.0/24)
#     BlockWiFiClient   10.88.8.155 wan
#                       Wifi Client 10.88.8.155 will be BLOCKED from accessing the (Internet) WAN
#     BlockWiFiClient   Nexus-7 DS-416
#                       WiFI Nexus-7 Client (10.88.8.155) will be BLOCKED from accessing DS-416 (NAS 10.88.8.197) - LAN or WiFI
#     BlockWiFiClient   Nexus-7 DS-416 accept
#                       WiFI Nexus-7 Client (10.88.8.155) ALL LAN access will be BLOCKED except for access to DS-416 (NAS 10.88.8.197)
#                            i.e. ALL previous BLOCK rules for this WiFi Client are deleted
#     BlockWiFiClient   Nexus-7 DS-416 accept del
#                       WiFI Nexus-7 Client (10.88.8.155) will be allowed access to DS-416 (NAS 10.88.8.197) unless the LAN BLOCK rule still exists.
#     BlockWiFiClient   Nexus-7 lan
#                       WiFI Nexus-7 Client (10.88.8.155) will be BLOCKED from accessing anything on the LAN
#     BlockWiFiClient   Nexus-7 del
#                       WiFI Nexus-7 Client (10.88.8.155) will be allowed access to LAN/WAN (all rules deleted for this WiFI Client)
#     BlockWiFiClient
#                       will show status of the 'logical' rules
#     BlockWiFiClient   status
#                       will show status of the relevant ebtables rules (use 'status full' for full ebtable -t broute BROUTING chain)
#     BlockWiFiClient /jffs/config/Nexus-7
#                       All Peer to Peer DROP/ACCEPT rules are to be read from the file and applied to WiFi Client Nexus-7
#     BlockWiFiClient /jffs/config/Nexus-7 del
#                       All blocking rules for WiFI Nexus-7 Client (10.88.8.155) will be deleted.
#
#                       NOTE: The name of the file is assumed to be the HOSTNAME of the WiFi Client.
#
#                             Format of config directives: (DROP/ACCEPT cannnot be used concurrently - comment either out with #)
#
#                             e.g.  # Peer rules
#                                   DROP         DS-416
#                                   DROP         10.88.8.120-10.88.8.125,RaspberryPiB
#
#                                   or
#
#                                   ACCEPT       CAMERAS
#
#                             For the ACCEPT rule, a LAN subnet BLOCKING (DROP) rule is automatically added and the exception ACCEPT rules are then inserted,
#                                 and ALL BLOCK rules below the LAN Blocking rule are deleted!
#                             Custom IP Groups may be defined/referenced in '/jffs/configs/IPGroups'
#                                    e.g. 'CAMERAS' entry (Uppercase text!)
#                                         CAMERAS  10.88.8.10,10.88.8.15-10.88.8.20,10.88.8.50:10.88.8.55
Click to expand...




I would like to try your script out if you dont mind thanks Martineau
 
You must log in or register to reply here.

Similar threads

P
Preexisting devices renamed "New Device" in DHCP server
Replies
6
Views
156
OzarkEdge
OzarkEdge
A
Can I "embed" my current wireless router as a separate subnetwork in existing network?
Replies
5
Views
499
Tech9
Tech9
R
BQ16 Latest Firmware & Consistent disconnections from the internet after a week or 2?
Replies
9
Views
622
Reinforcer
R
J
Cannot connect to the Guest Network Wifi, Will not Connect to the Guest Network Wifi
Replies
3
Views
850
dave14305
dave14305
r80xcore
Tutorial Asus ZenWiFi XT8 VLAN/SSID Bridge Script (Merlin/Gnuton)
Replies
7
Views
3K
r80xcore
r80xcore
Similar threads
Thread starter Title Forum Replies Date
I Need Help, setting up separate WIFI MAC Filters for Main and Guest Networks Asuswrt-Merlin 16
G wlceventd: _add_wlc_event_tbl(1040): client table was full Asuswrt-Merlin 0
M Site-to-site OVPN - block specific IP range on server side from reaching client side? Asuswrt-Merlin 6
Zakalwe Why doesn't the OpenVPN client support adding a shadowsocks proxy to it by default? Asuswrt-Merlin 1
N Client list showing hundreds of extra clients. Asuswrt-Merlin 9
outlaw78 "Allow Client <-> Client" Help Asuswrt-Merlin 2
F Unable to set a fixed dns entry for a particular client because router IPV6 address is always added as first dns choice Asuswrt-Merlin 6
C Aimesh Sticky Client Issue Asuswrt-Merlin 45
J Shelly IoT Devices (Switches) Drop off Network with kernel 'not mesh client, can't delete it' messages Asuswrt-Merlin 11
S Solved [Terminal/Bash] retrieve vpn client's external ip? Asuswrt-Merlin 6

Similar threads

Latest threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Total: 1,981 (members: 6, guests: 1,975)
Back
Top