Dismiss Notice

Welcome To SNBForums

SNBForums is a community for anyone who wants to learn about or discuss the latest in wireless routers, network storage and the ins and outs of building and maintaining a small network.

If you'd like to post a question, simply register and have at it!

While you're at it, please check out SmallNetBuilder for product reviews and our famous Router Charts, Ranker and plenty more!

static DHCP and auto assign together

Discussion in 'Asuswrt-Merlin' started by TheBlindKind, Aug 13, 2017.

  1. TheBlindKind

    TheBlindKind New Around Here

    Joined:
    May 3, 2015
    Messages:
    9
    Hi everyone,

    If I enable manual IP assignment on my RT AC56R and only assign an IP to one MAC address, letting the router assign addresses to all other devices, will firewall rules I apply to the one manually assigned device work? I made a network services filter rule in the firewall for that one manually assigned IP that didn't work, and I want to be sure it isn't that I'm using this automatic and manual DHCP assignment combination that is the problem. I'm trying to block steam content on only one device by blocking source ports 27015:27030, but that doesn't stop the device from eating up every bit of bandwidth available for days on end. Thoughts?
     
  2. ColinTaylor

    ColinTaylor Part of the Furniture

    Joined:
    Mar 31, 2014
    Messages:
    4,007
    Location:
    UK
    The manual IP assignment will have no bearing on your NSF problem. In fact it's recommended because it stops the client's IP address from changing.
     
  3. TheBlindKind

    TheBlindKind New Around Here

    Joined:
    May 3, 2015
    Messages:
    9
    Thank you, Colin.
     
  4. ColinTaylor

    ColinTaylor Part of the Furniture

    Joined:
    Mar 31, 2014
    Messages:
    4,007
    Location:
    UK
    You should be blocking the destination ports not the source.

    What sort of content are you trying to block? In my experience Steam will download games over port 80/443 in which case your only choice might be to block the destination IP's rather than ports. https://support.steampowered.com/kb_article.php?ref=8571-GLVN-8711
     
  5. TheBlindKind

    TheBlindKind New Around Here

    Joined:
    May 3, 2015
    Messages:
    9
    Thanks again, Colin. I'm trying to keep the machine from automatically downloading updates, which for some reason are always enormous. Our internet connection is 1.5 down, and even with QOS and file transfers set to lowest priority the machine hogs up so much of that that nothing else is really possible, not even streaming low quality audio, which I enjoy being able to do. I don't even want to block it all the time,just from 6 a.m. to midnight.
     
  6. ColinTaylor

    ColinTaylor Part of the Furniture

    Joined:
    Mar 31, 2014
    Messages:
    4,007
    Location:
    UK
    I downloaded something the other day and it used port 80 or 443 (I didn't pay attention to which one). So you either block those which means no web browsing for that client, or you block the destination IP's referred to in that article.

    What country are you in? USA? Then you could try blocking these destinations:

    162.254.192.0/21
    192.69.96.0/23
    205.185.194.0/24
    205.196.6.0/24
    208.64.200.0/22
    208.78.164.0/22
     
  7. TheBlindKind

    TheBlindKind New Around Here

    Joined:
    May 3, 2015
    Messages:
    9
    Wow, thanks yet again. I didn't know the NSF supported bitwise notation. I'll try this when I get off work and report back as soon as I know anything.
     

Share This Page